dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3246

Cudni
@193.130.x.x

Cudni

Anon

Buffer Overrun in Windows Kernel Message

»www.microsoft.com/techne ··· -013.asp

"..Summary
Who should read this bulletin: Administrators of Microsoft® Windows NT® 4.0, Windows® 2000 and Windows® XP systems.

Impact of vulnerability: Local Elevation of Privilege

Maximum Severity Rating: Important

Recommendation: Customers should install the patch at the earliest opportunity.

Affected Software:

Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP ...."

Cudni

Lucky5
Premium Member
join:2002-07-24
Desert Floor

Lucky5

Premium Member

Thanks for the heads up Cudni.

Link for more info: »microsoft.com/technet/tr ··· -013.asp
dave
Premium Member
join:2000-05-04
not in ohio

dave to Cudni

Premium Member

to Cudni
Note that the bug requires that someone log in interactively before they can exploit this bug; i.e., they have to be sitting at your PC console, or you have to be running Terminal Server and they're using that to log in.

i.e., no real panic for home users.

[text was edited by author 2003-04-16 15:41:30]

jansson_mark
Markus Jansson
Premium Member
join:2001-08-05
Finland

jansson_mark

Premium Member

said by dave:
Note that the bug requires that someone log in interactively before they can exploit this bug; i.e., they have to be sitting at your PC console, or you have to be running Terminal Server and they're using that to log in.
i.e., no real panic for home users.
On the contrary...concidering the totally insecure default settings and generan stupidit...I mean ignorance...of the Windows operating system and security, home users should really panic. But then again, I bet the insecure default settings and the lack of knowledge is the real reason to panic, not this particular vulnerability...

Besides, most users of WindowsXP always logon as admins so...

bcool
Premium Member
join:2000-08-25

bcool to Lucky5

Premium Member

to Lucky5
Q811493.zip
1,416 bytes
(Q811493.log)
too soon to make any blank statements here, but I just installed this patch and my system seems very sluggish now. It's not my imagination. I won't panic yet. Maybe this will work itself out.
dave
Premium Member
join:2000-05-04
not in ohio

dave to Cudni

Premium Member

to Cudni
That log doesn't appear to say anything more than "we replaced the OS kernel".
dave

2 recommendations

dave to jansson_mark

Premium Member

to jansson_mark
said by jansson_mark:
concidering the totally insecure default settings and generan stupidit...
Why on earth do you use Windows? You don't seem to do anything else but complain about it.
mrbrimi
join:2000-02-15
Woodstock, ON

mrbrimi to bcool

Member

to bcool
Same problem here (Windows XP Home Edition) had to remove. Have seen similar complaints in Microsoft newsgroups. Looks like there is a definite problem with this update.

bcool
Premium Member
join:2000-08-25

bcool to dave

Premium Member

to dave
said by dave:
That log doesn't appear to say anything more than "we replaced the OS kernel".
the failed items did not catch your attention or are nothing of interest? Which?
bcool

bcool to mrbrimi

Premium Member

to mrbrimi
said by mrbrimi:
Same problem here (Windows XP Home Edition) had to remove. Have seen similar complaints in Microsoft newsgroups. Looks like there is a definite problem with this update.
well that is at least some relief. I'll check the MSNG
and see what's up. Thanks!
[text was edited by author 2003-04-16 23:08:33]
dave
Premium Member
join:2000-05-04
not in ohio

dave to bcool

Premium Member

to bcool
said by bcool:
the failed items did not catch your attention or are nothing of interest?
I rather skipped over them, thinking that they were irrelevant, since I was assuming that ONLY the kernel was involed anyway. Maybe that was a bad assumption; I'm downloading a copy of the patch to see what's in it. Stay tuned...

Oh, damn, it's an .EXE file. I don't want to install it. Can I get to look at the contents before installation?

[text was edited by author 2003-04-16 23:26:07]

bcool
Premium Member
join:2000-08-25

bcool

Premium Member

Thank you Dave. I've looked over at the XP News GRP and there a couple of others popping up indicating problems.
Windows XP H.E. here.

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

jaykaykay to Cudni

MVM

to Cudni
I will definitely stay tuned to this thread. I d/l the patch this afternoon but haven't installed it yet. i usually wait a while to see if there is a problem, and from the sound of it, there is with this one. If anyone finds out what the problem is or hears anything more, I do presume that it will be posted here for all of us to see too. I am sorry that you had a problem, bcool and mrbrimi, but I guess bringing it to the attention of this forum has also alerted others to potential difficulties. Thumbs up to you for that, although that seems a horrible thing to give a thumbs up toward.

bcool
Premium Member
join:2000-08-25

bcool to dave

Premium Member

to dave
Dave, I guess you know that Winzip will extract the contents for you. I usually can do it with these MS patches using Winzip.
dave
Premium Member
join:2000-05-04
not in ohio

dave to Cudni

Premium Member

to Cudni
I don't have WinZip on the machine though (never needed it on XP until now) and it's bed time...
LowWaterMark
Premium Member
join:2002-05-16
Wallingford, CT

LowWaterMark to jaykaykay

Premium Member

to jaykaykay
said by jaykaykay:
...I usually wait a while to see if there is a problem, and from the sound of it, there is with this one...
I agree with this approach, especially given the several Windows Update issues recently. In fact, it's been about a week now since that MicrosoftVM update, which, appears to have been okay. So, I'll be heading over to get that one and waiting on this one.

bcool
Premium Member
join:2000-08-25

bcool to dave

Premium Member

to dave
update_inf_SP1.zip
6,327 bytes
(update_inf_SP1.txt)
update_inf_SP2.zip
1,336 bytes
(update_inf_SP2.txt)
said by dave:
I don't have WinZip on the machine though (never needed it on XP until now) and it's bed time...
Patched Kernel Files: ntoskrnl.exe,ntkrpamp.exe,ntkrnlpa.exe,ntkrnlmp.exe
well then for tomorrow. Here are two .inf files one from folder marked SP1 and one SP2. Each of the set of kernel files has a different version number. I made note of the version number in the attached .inf files. You may see something I don't. It's almost Greek to me
Sleep well.
[text was edited by author 2003-04-17 00:49:45]
bcool

bcool to LowWaterMark

Premium Member

to LowWaterMark
note to self: do not be the first to install anything just because it's located on microsoft.com

oh well, the uninstall appears to have worked well.

Skipdawg
The Original

join:2001-04-19
Mount Vernon, WA

Skipdawg to Cudni

to Cudni
Do a defrag after this one. It seems to shuffle things some. After defrag I was good to go again.

catseyenu
Ack Pfft
Premium Member
join:2001-11-17
Fix East

catseyenu

Premium Member

Skip, you're running 2k, right?

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude to bcool

Premium Member

to bcool
said by bcool:
too soon to make any blank statements here, but I just installed this patch and my system seems very sluggish now. It's not my imagination. I won't panic yet. Maybe this will work itself out.
--
"in flagrante delicto"

EDIT: I uninstalled this patch and my system returned to normal. Does anyone care to review the attached log and venture a guess???? Please.
On msnews.microsoft.com news server, I read a lot of people are having this slowdown problem. See »www.google.com/groups?nu ··· e+Search and »www.google.com/groups?as ··· 00&hl=en for some threads.

I have no problems though on my production and test machines. Maybe the special hot fix (Q815411) to fix the slow down problem, in SP1, doesn't show the slow down: »slashdot.org/article.pl? ··· &tid=201 ...
[text was edited by author 2003-04-17 04:22:10]

[text was edited by author 2003-04-17 04:22:54]

Khaine
join:2003-03-03
Australia

Khaine to Cudni

Member

to Cudni
Thanks,

Downloading Now ...

I hope it doesn't affect win2k

Hutchy
Premium Member
join:2000-10-14
australia430

Hutchy

Premium Member

Thanks...

Downloaded and Installed, rebooted no side effects here at all.

bcool
Premium Member
join:2000-08-25

bcool to antdude

Premium Member

to antdude
I already had Q815411 installed before I applied the 811493 patch. Hmmm... let me read the articles and see what's up. (Anyway, thanks for the resources.)

EDIT: Would be interesting to see if the common denominator in this problem security patch (811493) is Q815411, ntdll.dll, ver. 5.1.2600.1177, 2-28-03
The revised bulletin for Q815411 makes it much clearer that the patch is not needed by the majority of users. Wonder if 811493 creates a conflict with Q815411? Hmmmmm?
[text was edited by author 2003-04-17 06:44:21]

Lucky5
Premium Member
join:2002-07-24
Desert Floor

Lucky5 to Khaine

Premium Member

to Khaine
said by Khaine:
I hope it doesn't affect win2k
Ran fine on my W2k test machine, and all three "work" machines, seems to only be a problem with XP.

Will wait to update my XP.

Hutchy
Premium Member
join:2000-10-14
australia430

Hutchy

Premium Member

said by Hutchy:
Thanks...

Downloaded and Installed, rebooted no side effects here at all.
I forgot to tell you all My OS is WinXP Pro.

Lucky5
Premium Member
join:2002-07-24
Desert Floor

Lucky5

Premium Member

said by Hutchy:
I forgot to tell you all My OS is WinXP Pro.
Could it be just a problem with XP Home?

dib22
join:2002-01-27
Kansas City, MO

dib22 to Cudni

Member

to Cudni
nope im on xp pro and it dogged me down...

a system restore had me fixed back up...

wonder if its cpu specific... im on Athlon XP 1.47gig

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude to Lucky5

Premium Member

to Lucky5
said by Lucky5:
said by Hutchy:
I forgot to tell you all My OS is WinXP Pro.
Could it be just a problem with XP Home?
I have XP Home at work. I don't notice a slow down, but then it's a P4 3 Ghz!
mrbrimi
join:2000-02-15
Woodstock, ON

mrbrimi

Member

Mine was Windows XP Home on a Dell Dimension XPS T550 (Pentium 3 at 550 MHz). Believe me it was S-L-O-W.