[21739] in bugtraq
Code Red / Microsoft Patch Q300972i / NT Service Packs
daemon@ATHENA.MIT.EDU (Boyce, Nick)
Fri Jul 20 16:47:42 2001
Message-ID: <C1B2296C5D3ED11182DB00805F9A097E015068EC@GBHBM001>
From: "Boyce, Nick" <nick.boyce@eds.com>
To: BUGTRAQ <BUGTRAQ@securityfocus.com>
Date: Fri, 20 Jul 2001 21:39:02 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Microsoft's Security Bulletin MS01-033 (the one announcing the vulnerability
being used by Code Red, and the patch availability) states :
"The Windows NT 4.0 patch can be installed on systems
Windows NT 4.0 Service Pack 6a."
(See
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/
bulletin/ms01-033.asp, and click "Additional information about this patch".)
And the relevant KB article
http://support.microsoft.com/support/kb/articles/Q300/9/72.ASP says
"NOTE: Due to file dependencies, this hotfix requires
Microsoft Windows NT 4.0 Service Pack 6a."
Can anyone provide any experience of successfully using the patch
("Q300972i.exe") on an NT4 Server running *earlier* service packs ? A
statement from Microsoft would be nice (like: What is the impact of applying
the patch to a server running an earlier SP ? What would be broken ?)
[ We have a couple of NT4 servers stuck with earlier SPs (one with SP4, and
one with SP5) due to alleged non-certification of their major application
with any later service pack. I've set up a test NT4/SP5/IIS4 server, and
installed Q300972i, and IIS is back up & running without apparent sickness
...]
Thanks for any light anyone can shed.
Nick Boyce
EDS, Bristol, UK
