Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: FYI: MS06-049 patch (920958) corrupts NTFS compression files

FYI: MS06-049 patch (920958) corrupts NTFS compression files

From: KOJIMA Hajime <kjm_at_rins.ryukoku.ac.jp>
Date: Mon, 11 Sep 2006 12:19:03 +0900

  just FYI...

  MS06-049 patch (920958) corrupts NTFS compression files.

Affected sytem
--------------

  Windows 2000 SP4 + MS06-049 patch (920958)

Discussion
----------

* Discussion in english:
  http://www.microsoft.com/technet/community/newsgroups/dgbrowser/en-us/default.mspx?&query=920958&lang=en&cr=US&guid=&sloc=en-us&dg=microsoft.public.win2000.file_system&p=1&tid=d826afe9-2ab1-4b2f-ae11-cc27702f574a
* Discussion in japanese:
  http://slashdot.jp/~oops/journal/
  http://pc8.2ch.net/test/read.cgi/win/1151414872/47-
  http://slashdot.jp/security/article.pl?sid=06/09/10/068243

How to demonstrate
------------------

  1. Creat folder on NTFS partition.
  2. Enable NTFS compression to that folder.
  3. Insert Windows 2000 Installation disk to your CD-ROM drive.
  4. Copy all files from Windows 2000 Installation disk to that
     folder.
  5. Compare.

How to prevent
--------------

  Uninstall MS06-049 patch (920958).

How to find corrupted files
---------------------------

  Try findcorr tool (by 147-win/1151414872):
  http://211.2.20.24/pub/findcorr.lzh

  C:\> findcorr.exe
  Usage: findcorr [-a] [-d] [-e] path

  Options:
           -a Scan all files including uncompressed files.
           -d Report compression directories.
           -e Exact mode.

How to fix corrupted files
--------------------------

  Restore them from backups.

Patch and NTFS compression
--------------------------

  If you install patch, patch installer create backup folder for
  uninstall, such as C:\WINNT\$NtUninstallKB920958$, and copy old
  files to it.

  This folder is NTFS compression enabled automatically. You
  cannot turn off this feature.

Official information from Microsoft
-----------------------------------

  Not yet, but they are working to fix problem.

- kjm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Sep 10 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]