> I'm confused by Windows Update ( not suprising ). According to Windows
> Update I need to install Q815021 however, Q811114 is installed. Should the
> latter, being a "Cumulative Patch", already include Q815021? I would think
> so. Anyone else notice this - Windows NT Server 4.0 only.
Q811114 does not contain the updated ntdll.dll patch found in
Q815021.
The WebDAV/ntdll.dll patch (815021) was not built for NT back in
March... Even though the original attack vector for the
vulnerability, WebDAV, which prompted the patch, is not
available for NT, the core vulnerability in ntdll.dll still
exists in NT and as they found out also in XP.
The revised 815021 which came out a little later than the
811114 cumulative IIS patch addresses these issues.
> I'm confused by Windows Update ( not suprising ). According to Windows
> Update I need to install Q815021 however, Q811114 is installed. Should the
> latter, being a "Cumulative Patch", already include Q815021? I would think
> so. Anyone else notice this - Windows NT Server 4.0 only.
Q811114 does not contain the updated ntdll.dll patch found in
Q815021.
The WebDAV/ntdll.dll patch (815021) was not built for NT back in
March... Even though the original attack vector for the
vulnerability, WebDAV, which prompted the patch, is not
available for NT, the core vulnerability in ntdll.dll still
exists in NT and as they found out also in XP.
The revised 815021 which came out a little later than the
811114 cumulative IIS patch addresses these issues.
http://support.microsoft.com/?kbid=815021
------------------------------------------------------------------------
-----
------------------------------------------------------------------------
------
[ reply ]