[21059] in bugtraq
Re: Windows 2k SP2 breaks security fix should reapply
daemon@ATHENA.MIT.EDU (Eric)
Sat Jun 16 13:32:51 2001
Message-Id: <4.3.2.7.1.20010615115417.01d40640@216.182.1.1>
Date: Fri, 15 Jun 2001 12:01:20 -0700
To: "Colby Rice" <crice@180096hotel.com>,
"Bugtraq (E-mail)" <bugtraq@securityfocus.com>
From: Eric <ews@tellurian.net>
In-Reply-To: <FA3D3A0F5774BE4487D8529DA9F1503D7B96DD@hrn-mail03>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Hmmm.. I took a Win2K Gold (no SP) machine, installed all hotfixes for the
OS and IIS5 (including the 01-026 patch). I then installed SP2 and tested
for the double decode bug - the machine was not vulnerable.
I then compared all the files that came with MS01-026 (IIS5) to the files
that were on the system (after the SP2 install and a reboot). I compared
fileversion and checksum of each file from the hotfix to the files on the
system and found that all the MS01-026 files are still on the box - both
before and after SP2 install.
SP2 will delete the registry key that is installed by MS01-026
(HKLM\Software\Microsoft\Updates\Windows 2000\SP2\Q293826) - maybe causing
hfcheck.exe to report that the hotfix has not been applied, however, all
the relevant files are on the system.
As far as I can tell, SP2 does not break the patch - and there is no need
to re-install the patch if you installed it prior to SP2.
--eric
At 04:56 PM 6/13/2001 -0500, Colby Rice wrote:
>SP2 allows the decoding bug to work
>SP2 breaks the following patch and it should be reinstalled.
>
>http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
