MS03-029 / Q823803 and RRAS Problems [im]

["Microsoft Security Response Center" <secure () microsoft com>]

Microsoft is aware of a problem with the recently released security
patch MS03-029
(http://www.microsoft.com/technet/security/bulletin/MS03-029.asp) This
patch corrects a Moderate rated Denial of Service security vulnerability
in Microsoft Windows NT 4.0 Server.

Specifically there is a problem with the patch when installed on systems
that are also running RRAS (Routing and Remote Access Service) that
causes the RRAS Service to fail when the system is rebooted after
applying the patch. It is important to note that the security fix itself
is unaffected and the patch is still effective in correcting the DOS
flaw.

Microsoft is investigating this problem and will shortly issue a fix to
correct it once that fix has been thoroughly tested. The security
bulletin has been updated to reflect this. In the meantime customers
affected by the problem may take one of the following actions.

1. Contact Microsoft Product Support Services for a hot fix that
corrects the problem. This fix has not yet been extensively tested and
should therefore only be applied by customers who are directly affected
by the RRAS problem. 
2. Install the patch if you do not need the RRAS service. The RRAS
Service will fail to start however this will not impact normal
operations other than those that use the RRAS Service. 
3. Review the security bulletin and assess whether your enviroment
requires the security patch. 
4. Wait until a fix for the RRAS problem has been fully tested and
released. The security bulletin will be updated when this happens.

Regards,

Microsoft Security Response Center