[16659] in bugtraq
Invalid URL vulnerability & SP4 > (Additional Information)
daemon@ATHENA.MIT.EDU (Givens, Mike)
Fri Sep 8 11:59:37 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <C15FD15B6FE7D21196DE0000F8C9918207969342@CC-EXCH3>
Date: Fri, 8 Sep 2000 09:10:11 -0500
Reply-To: "Givens, Mike" <MGivens@AEGONUSA.COM>
From: "Givens, Mike" <MGivens@AEGONUSA.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Here is something I received from the "other" bugtraq list I belong to.
Thought anyone
working on NT should/would like to know this !
Mike
******************************
Post From: Karl Knibbs
Just a quick note regarding MS00-063 (invalid URL vulnerability) and Service
Pack 4. It don't work!
Having obtained the fix from product support I went through my usual round
of testing on my development servers before updating production servers. On
both of my servers still on SP4 the replaced kernel caused a STOP on boot.
On contacting PSS it was confirmed (eventually) that this is a post SP6a
fix. This however is not noted in the security bulletin.
Recovery of these machines was quite a simply affair of replacing the
kernel32.dll in system32 with the back-up placed in the
winnt\$NtUninstallQ271652$ dir.
I have not as of yet tested with SP5 although I have applied to several SP6a
machines without problems.
