ntoskrnl.exe versions 5.0.2195.4797 to 5.0.2195.4928 are not compatible
with versions of ntdll.dll that are greater than 5.0.2195.4797.
If a you apply a hotfix that only updates to one of those binaries, the
two binaries will now be in a 'mismatched' state and the machine will
blue screen after rebooting for the first time.
If you are running Win2K SP2 and the ntoskrnl.exe file version is
between is 5.0.2195.4797 and 5.0.2195.4928 you can get a STOP 0x00000071
on the first reboot after applying the patch.
Ensure that the ntoskrnl.exe file version is greater than or equal to
5.0.2195.4929 or apply Win2k SP3 before applying MS03-007.
MS also just released this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;815021
Cheers,
Tim
-----Original Message-----
From: Chris Gallimore [mailto:ChrisG (at) concur (dot) com [email concealed]]
Sent: Monday, March 24, 2003 9:06 AM
To: Dozal, Tim; Marc Fossi; Focus-MS
Subject: RE: MS03-007 Round-up
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That's not always the case; my company has over 200 sp2 web servers that
are all running this patch and not a single one had an issue with it.
- -----Original Message-----
From: Dozal, Tim [mailto:tdozal (at) cisco (dot) com [email concealed]]
Sent: Friday, March 21, 2003 4:38 PM
To: Marc Fossi; Focus-MS
Subject: RE: MS03-007 Round-up
As far as our groups have been able to tell, the problems caused by this
patch are related to the dependencies of 4 .dll files and this patch
replaces ONE of those .dll files. In order to avoid the blue screens
you need to first patch your system with Win2k SP3 since the updated
.dll file in the MS03-007 patch was designed to work with the other .dll
files from W2k SP3. If you do not have SP3 as I understand it you WILL
get a blue screen on reboot.
Hope that helps.
- -Tim
- -----Original Message-----
From: Marc Fossi [mailto:mfossi (at) securityfocus (dot) com [email concealed]]
Sent: Wednesday, March 19, 2003 12:55 PM
To: Focus-MS
Subject: MS03-007 Round-up
Hey folks,
I think that we've pretty much established that this patch does cause
problems on some systems and not on others. Seems to be about 50/50
judging from the posts.
At this point I'm not going to approve any more posts about it unless
someone offers conclusive evidence as to what the problem is or a
remedy. I know that there are MS people subscribed to the list and their
silence on this says to me that they are aware that there is a problem
(though it would be nice to actually hear it from them).
On a side note, the bulletin has been updated with some info about a
possible conflict with a prior hotfix released by PSS. Check out the
FAQ in the bulletin. Not sure if this covers everyone who reported
problems with the patch or if there are additional issues there.
Marc Fossi
Symantec Corp.
www.symantec.com
- ----------------------------------------------------------------------
ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data! It's as
simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!
http://www.spidynamics.com/mktg/sqlinjection33
- ----------------------------------------------------------------------
ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data! It's as
simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!
http://www.spidynamics.com/mktg/sqlinjection33
----------------------------------------------------------------------
Get serious about enterprise anti-spam management.
SurfControl E-mail Filter for SMTP & Exchange
leverages multiple layers of technology to defeat
spam with accuracy. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfmsl1
ntoskrnl.exe versions 5.0.2195.4797 to 5.0.2195.4928 are not compatible
with versions of ntdll.dll that are greater than 5.0.2195.4797.
If a you apply a hotfix that only updates to one of those binaries, the
two binaries will now be in a 'mismatched' state and the machine will
blue screen after rebooting for the first time.
If you are running Win2K SP2 and the ntoskrnl.exe file version is
between is 5.0.2195.4797 and 5.0.2195.4928 you can get a STOP 0x00000071
on the first reboot after applying the patch.
Ensure that the ntoskrnl.exe file version is greater than or equal to
5.0.2195.4929 or apply Win2k SP3 before applying MS03-007.
MS also just released this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;815021
Cheers,
Tim
-----Original Message-----
From: Chris Gallimore [mailto:ChrisG (at) concur (dot) com [email concealed]]
Sent: Monday, March 24, 2003 9:06 AM
To: Dozal, Tim; Marc Fossi; Focus-MS
Subject: RE: MS03-007 Round-up
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That's not always the case; my company has over 200 sp2 web servers that
are all running this patch and not a single one had an issue with it.
- -----Original Message-----
From: Dozal, Tim [mailto:tdozal (at) cisco (dot) com [email concealed]]
Sent: Friday, March 21, 2003 4:38 PM
To: Marc Fossi; Focus-MS
Subject: RE: MS03-007 Round-up
As far as our groups have been able to tell, the problems caused by this
patch are related to the dependencies of 4 .dll files and this patch
replaces ONE of those .dll files. In order to avoid the blue screens
you need to first patch your system with Win2k SP3 since the updated
.dll file in the MS03-007 patch was designed to work with the other .dll
files from W2k SP3. If you do not have SP3 as I understand it you WILL
get a blue screen on reboot.
Hope that helps.
- -Tim
- -----Original Message-----
From: Marc Fossi [mailto:mfossi (at) securityfocus (dot) com [email concealed]]
Sent: Wednesday, March 19, 2003 12:55 PM
To: Focus-MS
Subject: MS03-007 Round-up
Hey folks,
I think that we've pretty much established that this patch does cause
problems on some systems and not on others. Seems to be about 50/50
judging from the posts.
At this point I'm not going to approve any more posts about it unless
someone offers conclusive evidence as to what the problem is or a
remedy. I know that there are MS people subscribed to the list and their
silence on this says to me that they are aware that there is a problem
(though it would be nice to actually hear it from them).
On a side note, the bulletin has been updated with some info about a
possible conflict with a prior hotfix released by PSS. Check out the
FAQ in the bulletin. Not sure if this covers everyone who reported
problems with the patch or if there are additional issues there.
Marc Fossi
Symantec Corp.
www.symantec.com
- ----------------------------------------------------------------------
ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data! It's as
simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!
http://www.spidynamics.com/mktg/sqlinjection33
- ----------------------------------------------------------------------
ALERT: How a Hacker Uses SQL Injection to Steal Your SQL Data! It's as
simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!
http://www.spidynamics.com/mktg/sqlinjection33
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.1
iQA/AwUBPn86yfX/3fXjg2cjEQL8LgCgkOA2hgcr71jZMj3Rc9ggK8gB+a8AoK23
Q87BiCBJKblZMclCMCK2Oaha
=/8OV
-----END PGP SIGNATURE-----
----------------------------------------------------------------------
Get serious about enterprise anti-spam management.
SurfControl E-mail Filter for SMTP & Exchange
leverages multiple layers of technology to defeat
spam with accuracy. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfmsl1
[ reply ]