Bugtraq mailing list archives
GetAdmin - Hotfix silent release ?
From: Olivier.Gerschel () ogerschel fr (Olivier Gerschel)
Date: Thu, 17 Jul 1997 05:25:21 +0200
Hi There - Just a note to advise you that I found significant differences between the 7/8 getadmini hotfix and the more recent 7/15 one. The differences : - First, Microsoft seems to inform system-aware and security-concerned people <g> more transparently in its PSS notes, see upgraded Q146695. New practices ? - Second : Content. * The hotfix dated 7/8 (1313 KB compressed ftp.microsoft.com distribution archive) contains : hotfix.exe - dated 2/6/97 12:33 - size 83KB hotfix.inf - dated 7/7/97 15:03 - size 8KB ntoskrnl.exe - dated 7/7/97 14:26 - size 895 KB ntoskrnl.dbg - dated 7/7/97 14:26 - size 1051 KB ntkrnlmp.exe - dated 7/7/97 14:26 - size 914KB ntkrnlmp.dbg - dated 7/7/97 14:26 - size 1062KB * The hotfix dated 7/15 (1344 KB compressed ftp.microsoft.com distribution archive) contains : hotfix.exe - dated 2/6/97 12:33 - size 83KB hotfix.inf - dated 7/15/97 10:39 - size 8KB ntoskrnl.exe - dated 7/11/97 11:27 - size 895 KB ntkrnlmp.exe - dated 7/11/97 11:28 - size 914KB user32.dll - dated 7/11/97 22:18 - size 316KB win32k.sys - dated 7/12/97 17:34 - size 1205KB To be short, no more debug info, but new user32 and win32k in the same package, as it seems ! Since the first version protected against the initial getadmin "release", I think it's safe to assume that some more thorough bug-fixing has occurred, but only MS can know for sure (and say ?), of course ... I applied the second version after the first one on a stable < I mean it is production-class, but often rebooted for setups, SPs, hotfixes ... g> lab machine without a glitch, but have not tested yet the symbols status ... I mean the development_stuff, ... which happens to be the same as what's used by PSS BSOD post-mortem diagnostic helpers, but I don't think I'll go voluntarily this way ;-). Cheers, Olivier.
Current thread:
- Re: Vulnerability in Glimpse HTTP, (continued)
- Re: Vulnerability in Glimpse HTTP Jean-Christophe Touvet (Jul 03)
- Re: Vulnerability in Glimpse HTTP Paul Phillips (Jul 08)
- Re: Vulnerability in Glimpse HTTP Oliver Friedrichs (Jul 09)
- CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Nicolas Dubee (Jan 01)
- Re: Vulnerability in Glimpse HTTP Martin Pool (Jul 10)
- It's not over yet. Aleph One (Jul 11)
- It's not over yet. Manley, Jim W (Jul 11)
- More information about JavaScript bug Dominick Matthias PN OIL 6 (Jul 11)
- new post SP3 hotfix: lm-fix Alex Libenson (Jul 12)
- Minor PGP vulnerability Harald Weidner (Jul 15)
- GetAdmin - Hotfix silent release ? Olivier Gerschel (Jul 16)
- Re: Minor PGP vulnerability Lucky Green (Jul 16)
- CERT Advisory CA-97.21 - SGI Buffer Overflow Vulnerabilities Aleph One (Jul 17)
- slight misinformation in CA-97.21 Dave Kormann (Jul 17)
- msg00234.html brush () SEARCH POL PL (Jul 17)
- CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Aleph One (Jul 16)
- Sun Security Bulletin #00146 Aleph One (Jul 16)
- Sun CDE 1.0.1: login bug Isaac (Jul 28)
- Re: Sun CDE 1.0.1: login bug Doug Hughes (Jul 29)
- CERT Vendor-Initiated Bulletin VB-97.06 - Vul in Lynx Downloading Aleph One (Jul 16)