August 22nd, 2003, 01:40 AM
True or False: SP4 Breaks MS03-026 Patch?
We have been diligently going around to tens and hundreds of thousands of servers and workstations applying the patch for MS03-026 to make sure we are not susceptible to MSBlaster and all its derivatives.
Rumor on the street now is that if you apply the MS03-026 patch to a Windows 2000 SP3 system and THEN apply SP4 it will undo the patch and make the system vulnerable to the RPC vulnerability again.
Can anyone confirm or deny this? Is anyone aware of a response from Microsoft on the subject? Can you just re-apply the MS03-026 patch after SP4 or are there other mitigation steps you can take?
August 22nd, 2003, 01:46 AM
I had also read a bunch of people coming across this on bugtraq.
Originally posted here by thehorse13
I'm not sure if anyone has run across this yet but even if they have, I think it is worth repeating:
* If you apply SP4 or any other SP to a box, you must re-install the RPC patch afterwards and then reboot even though the damn thing doesn't tell you to do so (the RPC patch that is).
What we have seen is people trying to be diligent by applying service packs and afterwards, they have shown up as vulnerable again. Yes, we reported this to MS but hae heard nothing back yet.
Anyway, just an FYI for those who are in the trenches trying to remediate this garbage.
August 22nd, 2003, 02:01 AM
Yes, we have seen this and we have reported it to MS but to date, no response. The funny thing is that a few machines were patched and then a service pack had been added and the box was fine. We saw more machines with the issue than without.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden