Home page logo
/

bugtraq logo Bugtraq mailing list archives

Invalid URL vulnerability & SP4 > (Additional Information)
From: "Givens, Mike" <MGivens () AEGONUSA COM>
Date: Fri, 8 Sep 2000 09:10:11 -0500

Here is something I received from the "other" bugtraq list I belong to.
Thought anyone
working on NT should/would like to know this !

Mike

******************************
Post From: Karl Knibbs

Just a quick note regarding MS00-063 (invalid URL vulnerability) and Service
Pack 4. It don't work!

Having obtained the fix from product support I went through my usual round
of testing on my development servers before updating production servers. On
both of my servers still on SP4 the replaced kernel caused a STOP on boot.
On contacting PSS it was confirmed (eventually) that this is a post SP6a
fix. This however is not noted in the security bulletin.

Recovery of these machines was quite a simply affair of replacing the
kernel32.dll in system32 with the back-up placed in the
winnt\$NtUninstallQ271652$ dir.

I have not as of yet tested with SP5 although I have applied to several SP6a
machines without problems.


  By Date           By Thread  

Current thread:
  • Invalid URL vulnerability & SP4 > (Additional Information) Givens, Mike (Sep 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]