Full Disclosure mailing list archives

RE: Anyone running SUS see the content update today?

From: "Jerry Heidtke" <jheidtke () fmlh edu>
Date: Wed, 22 Oct 2003 22:09:20 -0500


There were a variety of "issues" with last weeks patches.

MS03-045 installation failed on some language version of Windows 2000 SP4. Since this patch replaces the entire core of 
the OS, it often left the computer in a completely unusable state. This patch has also been repackaged so that a single 
download can be used to patch Windows 2000 SP2, SP3, and SP4. Previously, SP2 had a separate package.

All the original 10/15 OS patches included a new version of update.exe that contained a critical bug. In an attempt to 
reduce the number of reboots, MS tested to see if the user installing the patch had the debug privilege. This privilege 
allows system files that are in-use to be replaced on a running system. Normally only Local System and Administrators 
have this right. The intention was that if the user had the debug right, the files would be replaced and no reboot 
would be needed. The check to see if the current user had this right would sometimes enter an infinite loop, and 
sometimes system files would be damaged, putting the computer into an endless reboot cycle. Sometimes recovery was 
possible by booting into safe mode or using the recovery console and uninstalling the patches or manually copying the 
old files.

The updated bulletins so far make no mention of this. I would bet that when the updated patches are actually available 
on the the download site (they're not there yet) they will have a new version of update.exe.

I believe that in every case, the patches themselves contain the same system files. It is only the patch installer that 
is being replaced. We should know for sure by tomorrow.

Jerry

-----Original Message-----
From: Joshua Levitsky [mailto:jlevitsk () joshie com]
Sent: Wednesday, October 22, 2003 9:12 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Anyone running SUS see the content update today?


Seems like tonight Microsoft re-released all the updates from last week. Anyone else see this? Anyone know why all the 
updates from last week got re-released and some of them show up as new rather than updated even though the KB articles 
in the description are last weeks patches. 

-Josh

Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information.  Any unauthorized review, use,
disclosure or distribution is prohibited.  If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Anyone running SUS see the content update today? Joshua Levitsky (Oct 22)
- <Possible follow-ups>
- RE: Anyone running SUS see the content update today? Jerry Heidtke (Oct 22)
  - Re: Anyone running SUS see the content update today? Joshua Levitsky (Oct 22)