March 26, 2003 at 2:56 pm
Windows 2000 Flaw More Serious Than Initially Thought
http://www.informationweek.com/story/IWK20030325S0007
Interestingly enough servers using NT2K SP1 and the base install are not affected.
Tim C.
//Will write code for food
Tim C //Will code for food
March 26, 2003 at 3:20 pm
Please also note the warning on Microsoft's website regarding this patch. Certain Ntoskrnl.exe versions are not compatible with the patch as it was released on the web. Precautions should be taken before patching your system.
http://support.microsoft.com/default.aspx?scid=kb;en-us;815021
Tim C.
//Will write code for food
Tim C //Will code for food
March 26, 2003 at 3:21 pm
It's a buffer overflow error in a function within NTDLL.DLL. Something probably got patched in SP2 and carried forth from there.
MS 03-007 covers the vulnerability, but only points to IIS as a possible attack vector. Since there are a lot of other DLLs that use the particular function with the vulnerability, IIS is *NOT* the only attack vector.
Before indiscriminately applying the patch if you're on SP2, check the version of NTOSKRNL.EXE in the %systemroot%\system32 directory. There is a range of versions that will BSOD. Microsoft's solution is to upgrade those versions to SP3. I believe the TechNet article used to have the versions, now they are just referring to dates. Makes it a bit harder.
Microsoft Bulletin:
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-007.asp
NGSSoftware Paper on Vulnerability:
http://www.nextgenss.com/papers/ms03-007-ntdll.pdf
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply