• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows ntdll.dll Buffer Overflow Vulnerability

Solution:
Some reports indicate that the Microsoft patches for this issue may cause problems. It is not known if this is the result of the patches conflicting with certain configurations. Administrators are advised to apply workaround procedures if problems are experienced after applying the patch.

Microsoft has updated the bulletin with information regarding possible sources of conflicts with this patch. For precise details, see the Caveats section under Additional information about this patch in the Microsoft Security Bulletin.

Microsoft has revised its advisory to state that this vulnerability affects Windows NT systems. As Windows NT does not support WebDAV, exploits using WebDAV as the attack vector will not be effective against Windows NT systems.

Microsoft has released a new revision of the advisory which contains patches for Windows XP.

Microsoft has released fixes:


Microsoft Windows 2000 Server SP2

• Microsoft Q815021
  Windows 2000 except Japanese NEC.
  http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-484 4-B62E-C69D32AC929B&displaylang=en


• Microsoft Q815021
  Japanese NEC version.
  http://microsoft.com/downloads/details.aspx?FamilyId=FBCF9847-D3D6-449 3-8DCF-9BA29263C49F&displaylang=ja

Microsoft Windows 2000 Advanced Server SP1

• Microsoft Q815021
  Windows 2000 except Japanese NEC.
  http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-484 4-B62E-C69D32AC929B&displaylang=en


• Microsoft Q815021
  Japanese NEC version.
  http://microsoft.com/downloads/details.aspx?FamilyId=FBCF9847-D3D6-449 3-8DCF-9BA29263C49F&displaylang=ja

Microsoft Windows 2000 Advanced Server SP2

• Microsoft Q815021
  Windows 2000 except Japanese NEC.
  http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-484 4-B62E-C69D32AC929B&displaylang=en


• Microsoft Q815021
  Japanese NEC version.
  http://microsoft.com/downloads/details.aspx?FamilyId=FBCF9847-D3D6-449 3-8DCF-9BA29263C49F&displaylang=ja

Microsoft Windows NT Server 4.0 SP6a

• Microsoft Q815021
  Chinese - Hong Kong
  http://microsoft.com/downloads/details.aspx?FamilyId=55483A84-A8C7-48A F-BD83-9EC4B99F87CD&displaylang=zh-tw


• Microsoft Q815021
  All except NEC and Chinese - Hong Kong
  http://microsoft.com/downloads/details.aspx?FamilyId=9A64851A-05AE-491 2-9967-3AA3B4D5A76F&displaylang=en


• Microsoft Q815021
  Japanese NEC
  http://microsoft.com/downloads/details.aspx?FamilyId=E20A695D-977D-424 7-AF3B-4B58850B1795&displaylang=ja

Cisco Internet Service Node

• Cisco win-OS-Upgrade-k9.2000-2-4sr5.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des

Microsoft Windows 2000 Server SP1

• Microsoft Q815021
  Windows 2000 except Japanese NEC.
  http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-484 4-B62E-C69D32AC929B&displaylang=en


• Microsoft Q815021
  Japanese NEC version.
  http://microsoft.com/downloads/details.aspx?FamilyId=FBCF9847-D3D6-449 3-8DCF-9BA29263C49F&displaylang=ja

Microsoft Windows 2000 Advanced Server

• Microsoft Q815021
  Windows 2000 except Japanese NEC.
  http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-484 4-B62E-C69D32AC929B&displaylang=en


• Microsoft Q815021
  Japanese NEC version.
  http://microsoft.com/downloads/details.aspx?FamilyId=FBCF9847-D3D6-449 3-8DCF-9BA29263C49F&displaylang=ja

Cisco Emergency Responder

• Cisco win-OS-Upgrade-k9.2000-2-4sr5.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des

Microsoft Windows 2000 Server

• Microsoft Q815021
  Windows 2000 except Japanese NEC.
  http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-484 4-B62E-C69D32AC929B&displaylang=en


• Microsoft Q815021
  Japanese NEC version.
  http://microsoft.com/downloads/details.aspx?FamilyId=FBCF9847-D3D6-449 3-8DCF-9BA29263C49F&displaylang=ja

Cisco Conference Connection

• Cisco win-OS-Upgrade-k9.2000-2-4sr5.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des

Microsoft Windows NT Workstation 4.0 SP6a

• Microsoft Q815021
  Chinese - Hong Kong
  http://microsoft.com/downloads/details.aspx?FamilyId=55483A84-A8C7-48A F-BD83-9EC4B99F87CD&displaylang=zh-tw


• Microsoft Q815021
  All except NEC and Chinese - Hong Kong
  http://microsoft.com/downloads/details.aspx?FamilyId=9A64851A-05AE-491 2-9967-3AA3B4D5A76F&displaylang=en


• Microsoft Q815021
  Japanese NEC
  http://microsoft.com/downloads/details.aspx?FamilyId=E20A695D-977D-424 7-AF3B-4B58850B1795&displaylang=ja

Microsoft Windows XP 64-bit Edition SP1

• Microsoft Q815021
  http://microsoft.com/downloads/details.aspx?FamilyId=97945A5D-DB0B-40F 8-9A2E-DE93CBB5CB3A&displaylang=en

Cisco Personal Assistant

• Cisco win-OS-Upgrade-k9.2000-2-4sr5.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des

Microsoft Windows 2000 Professional SP3

• Microsoft Q815021
  Windows 2000 except Japanese NEC.
  http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-484 4-B62E-C69D32AC929B&displaylang=en


• Microsoft Q815021
  Japanese NEC version.
  http://microsoft.com/downloads/details.aspx?FamilyId=FBCF9847-D3D6-449 3-8DCF-9BA29263C49F&displaylang=ja

Microsoft Windows 2000 Professional SP2

• Microsoft Q815021
  Windows 2000 except Japanese NEC.
  http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-484 4-B62E-C69D32AC929B&displaylang=en


• Microsoft Q815021
  Japanese NEC version.
  http://microsoft.com/downloads/details.aspx?FamilyId=FBCF9847-D3D6-449 3-8DCF-9BA29263C49F&displaylang=ja

Microsoft Windows 2000 Professional

• Microsoft Q815021
  Windows 2000 except Japanese NEC.
  http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-484 4-B62E-C69D32AC929B&displaylang=en


• Microsoft Q815021
  Japanese NEC version.
  http://microsoft.com/downloads/details.aspx?FamilyId=FBCF9847-D3D6-449 3-8DCF-9BA29263C49F&displaylang=ja

Cisco Customer Response Application Server

• Cisco win-OS-Upgrade-k9.2000-2-4sr5.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des

Cisco Building BroadBand Services Manager Hotspot 1.0

• Cisco PatchMS03007.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsmhs10


• Cisco RPCBufferOverrun.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsmhs10

Cisco Call Manager 1.0

• Cisco win-OS-Upgrade-k9.2000-2-4sr5.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des

Cisco Call Manager 2.0

• Cisco win-OS-Upgrade-k9.2000-2-4sr5.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des

Cisco Call Manager 3.0

• Cisco win-OS-Upgrade-k9.2000-2-4sr5.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des

Cisco Call Manager 3.1

• Cisco win-OS-Upgrade-k9.2000-2-4sr5.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des

Cisco Call Manager 3.1 (3a)

• Cisco win-OS-Upgrade-k9.2000-2-4sr5.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des

Cisco Call Manager 3.2

• Cisco win-OS-Upgrade-k9.2000-2-4sr5.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des

Cisco Call Manager 3.3 (3)

• Cisco win-OS-Upgrade-k9.2000-2-4sr5.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des

Cisco Building Broadband Service Manager 5.1

• Cisco Patch51MS03007.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsm51


• Cisco RPCBufferOverrun.exe
  http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsm51