lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4239D387.206@immunitysec.com>
From: dave at immunitysec.com (Dave Aitel)
Subject: LLSSRV Redux Excitement


With regards to the LLSSRV advisory Immunity published yesterday, we 
would like to issue a clarification. There are two ways to get SP4 onto 
a Windows 2000 Advanced Server machine, as follows:
1. Download SP4 from microsoft.com via networked or express install
2. Obtain and install a Windows 2000 Advanced Server CD or CD image that 
includes SP4. This is available from the MSDN CD packages or online 
download site. You may also have obtained such a CD from a vendor or 
retailer.

The second way is vulnerable; the first way is not.

I.E. This advisory does not apply to Windows 2000 Advanced Server cases 
where Service Pack 4 was installed separately.

We apologize for any confusion and thank those who pointed out that 
installing SP4 manually will remove the registry key that allows for 
anonymous remote access.

Reference Image: 
http://www.immunitysec.com/downloads/win2kadvsrv_withSP4.jpg

Thanks,
Dave Aitel
VP Figureheads and Verbage
Immunity, Inc.

>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ