New KB835732 weirdness

[Branden Wolner]

I got KB835732 installed ok. I had to remove Nortel Extranet client. No
problem. But now there is weirdness. IE won't save URLs in the history
folder and it erases the history everytime I quit the app. Anyone know why?
how?

 

[Enkidu]

I got KB835732 installed ok. I had to remove Nortel Extranet client. No
problem. But now there is weirdness. IE won't save URLs in the history
folder and it erases the history everytime I quit the app. Anyone know why?
how?

Really? I wish I could get mine to do that! <grin>

Seriously, this appears to be a known problem and you'll probably have
to wait for the patch.

Cheers,

Cliff

 

[George Hester]

http://support.microsoft.com/?scid=kb;en-us;835732

Well I don't. And is ANOTHER good reason to protect ourselves with the smallest least intrusive easily fixable more than iffy fix.

This security fix already has supported hotfixes made and coming. I see we have another to look forward to. If http://www.microsoft.com/technet/Security/alerts/sasser.mspx avoids the problem why not use it?

Does it or doesn't it?

 

[Enkidu]

http://support.microsoft.com/?scid=kb;en-us;835732

Well I don't. And is ANOTHER good reason to protect
ourselves with the smallest least intrusive easily fixable
more than iffy fix.

This security fix already has supported hotfixes made
and coming. I see we have another to look forward to.
If http://www.microsoft.com/technet/Security/alerts/sasser.mspx avoids the problem why not use it?

Does it or doesn't it?

You mean the dcpromo.log thing? No, all it does it mitigate the
problem once you have got it, so that you can fix it.

"If you are running Windows 2000, you must use the following
work-around to prevent LSASS.EXE from crashing.

This workaround involves creating a read-only file named 'dcpromo.log'
in the "%systemroot%\debug" directory. Creating this read-only file
will prevent the vulnerability used by this worm from crashing the
LSASS.EXE process."

Cheers,

Cliff

{MVP - Directory Services}

 

[George Hester]

Alright alright I am not going to quibble about this. But lets see. I get a virus. Fine. Then I do something so that the virus no longer does its stuff. Fine. I still have the virus. Big deal. It's inert. I can live with that. In fact I can live with that until the security fix is fixed so that I don't have to fix the thing this fix breaks. Make sense?

 

[Torgeir Bakken \(MVP\)]

You mean the dcpromo.log thing? No, all it does it mitigate the
problem once you have got it, so that you can fix it.

Hi

Actually, the dcpromo.log thing will make your computer immune to
the Sasser worm, so you can use it as a workaround to avoid being
infected by Sasser if you are not able to have the security update
MS04-011/KB835732 installed.


The dcpromo.log trick that was added to the MS04-011 security bulletin
some days ago, as a workaround to close the LSASS vulnerability.

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

From the revision list in the link above:

<quote>
V1.3 May 4, 2004: Added new information in the Workarounds section
for the LSASS Vulnerability.
</quote>


Note that 835732 in addition closes 13 other vulnerabilities,
the dcpromo.log trick does not add any protection for those.

 

[robin]

now it says there
The security update that is described in Microsoft Security Bulletin
MS04-011 contains an issue that causes Microsoft Windows 2000 to try
repeatedly to load drivers that do not load successfully. Microsoft has
confirmed that this problem occurs if any one of the following drivers is
installed:
a.. Ipsecw2k.sys
b.. Imcide.sys
c.. Dlttape.sys
For example, Microsoft has confirmed that this problem occurs if you have
the Nortel Networks VPN client installed and if the IPSec Policy Agent is
set to Manual or Automatic for the startup type.


I only have the dltape.sys and I do not have nortel networks vpn installed
so how is this fix going to work?

robin

 

[George Hester]

dangerously. Wait a bit on this Sasser fix. The fix also breaks IE history it looks like. Use the mitigating fix unless you absolutely positively need ne REQUIRE the other fixes in the package.

 

[Bob I]

I think you should say "It MAY break IE history." What version of IE is
installed?

 

[George Hester]

Bob. I am going from what the op said. Have you installed the patch that includes the Sasser fix and have a functioning IE history? If so what version of IE are you using. I have not installed the security fix and won't until I can verify that some people have no trouble with IE and the patch. We are talking about IE history here. Thanks.

 

[=?iso-8859-1?Q?J=FCrgen_Port?=]

Hello George,

Bob. I am going from what the op said. Have you installed the patch
that includes the Sasser fix and have a functioning IE history?

This is normally not a patch-problem.

It's a problem with McAfee VirusScan (maybe only older versions = 6.02
and 4.5.1). You have to deactivate the 'Internetfilter' - maybe also
'eMailscan'. Thats it.

If it doesn't work, delete the temp-folders 'Temporary Internet Files' +
'History' + 'Userdata' *completly* ... reboot the machine and try
again.

 

[Bob I]

patch installed IE 6 SP1 and the history is still working. sites are
listed for times before and after the patch install.

 

[George Hester]

Ah thanks Jürgen.