[34791] in bugtraq
RE: After Ms patches last Wed ...
daemon@ATHENA.MIT.EDU (Nick FitzGerald)
Tue May 4 16:03:34 2004
Date: Tue, 04 May 2004 11:32:50 +1200
From: Nick FitzGerald <nick@virus-l.demon.co.uk>
In-reply-to:
<OF6CB1254D.22B27464-ON85256E89.004FB436-85256E89.0050E58D@seba.com>
To: bugtraq@securityfocus.com
Reply-To: nick@virus-l.demon.co.uk
Message-id: <40977F62.26900.C3B10F2B@localhost>
MIME-version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
InfoSec@seba.com wrote:
> I read in a article on this patch that the instability is only present if
> the "Nortel Networks VPN client is installed and the IPSec Policy Agent is
> set to manual or automatic startup type", does anyone have any further
> input on MS04-011? Stable on a standard Win2k server install or not?
I suspect you mis-read, or the article was badly written/edited. That
combination _is_ specifically mentioned by Microsoft as a configuration
known to exhibit problems post-MS04-011:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841382
However, my reading of that KB article is not that that is the only
configuration that may cause trouble. In particular:
Note This problem may occur if other drivers or services do not
load successfully. This workaround is specific to the Nortel
Networks VPN client drivers.
Also, as the hotfix that is now available to address this issue
replaces these core files:
Mountmgr.sys
Ntkrnlmp.exe
Ntkrnlpa.exe
Ntkrpamp.exe
Ntoskrnl.exe
it seems quite unlikely that this problem would be specific to just one
common VPN client configuration...
Regards,
Nick FitzGerald
