| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dave at immunitysec.com (Dave Aitel) Subject: LLSSRV Redux Excitement With regards to the LLSSRV advisory Immunity published yesterday, we would like to issue a clarification. There are two ways to get SP4 onto a Windows 2000 Advanced Server machine, as follows: 1. Download SP4 from microsoft.com via networked or express install 2. Obtain and install a Windows 2000 Advanced Server CD or CD image that includes SP4. This is available from the MSDN CD packages or online download site. You may also have obtained such a CD from a vendor or retailer. The second way is vulnerable; the first way is not. I.E. This advisory does not apply to Windows 2000 Advanced Server cases where Service Pack 4 was installed separately. We apologize for any confusion and thank those who pointed out that installing SP4 manually will remove the registry key that allows for anonymous remote access. Reference Image: http://www.immunitysec.com/downloads/win2kadvsrv_withSP4.jpg Thanks, Dave Aitel VP Figureheads and Verbage Immunity, Inc. >
Powered by blists - more mailing lists