I
Ian.H [dS]
No, you need to download it and install it. If you haven't, you don't
have it.. and if not.. W H Y N O T!?!?!?!?
Regards,
Ian
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
How do I see if the Blaster.worm patch is installed on my comp?
No, you need to download it and install it. If you haven't, you don't
have it.. and if not.. W H Y N O T!?!?!?!?
Regards,
Ian
D
Devast8or, work
Hi all,
how do I see if the patch i already installed on my comp. I tried looking in
add/remove programs, but there lot's of these hotfixes (it is one of them
right?), but what number/code does this one have?
I've downloaded the entire SP4 file (111 MB), is the patch inthere?
TIA
Devast8or
how do I see if the patch i already installed on my comp. I tried looking in
add/remove programs, but there lot's of these hotfixes (it is one of them
right?), but what number/code does this one have?
I've downloaded the entire SP4 file (111 MB), is the patch inthere?
TIA
Devast8or
D
Devast8or, work
Ian.H said:No, you need to download it and install it.
Ok. Is it on WindowsUpdate.com or can i only get it by downloading and
installing manually?
If you haven't, you don't
have it.. and if not.. W H Y N O T!?!?!?!?
Didn't know about it before.
Devast8or
?
=?iso-8859-1?Q?Pourquoi_tant_d'=E9toiles_pour_si_p
In
Moreover, if you have patched first then upgraded to SP4 you need to patch
again even if the patch is found in Add / Remove Programs..
Moreover, if you have patched first then upgraded to SP4 you need to patch
again even if the patch is found in Add / Remove Programs..
?
=?iso-8859-1?Q?Pourquoi_tant_d'=E9toiles_pour_si_p
In
Try :
http://www.eeye.com/html/Research/Tools/RPCDCOM.html (from Retina)
http://www.iss.net/support/product_utilities/ms03-026rpc.php (to be used if
you have NT4 servers as Retina tool does not scan them)
Devast8or said:Hi all,
how do I see if the patch i already installed on my comp. I tried
looking in add/remove programs, but there lot's of these hotfixes (it
is one of them right?), but what number/code does this one have?
Try :
http://www.eeye.com/html/Research/Tools/RPCDCOM.html (from Retina)
http://www.iss.net/support/product_utilities/ms03-026rpc.php (to be used if
you have NT4 servers as Retina tool does not scan them)
Y
YK
Hi all,
how do I see if the patch i already installed on my comp. I tried
looking in add/remove programs, but there lot's of these hotfixes (it
is one of them right?), but what number/code does this one have?
I've downloaded the entire SP4 file (111 MB), is the patch inthere?
MS RPC Blaster Worm
A worm started spreading midday August 11, 2003 afternoon EDT (evening UTC
Time) and has continued spreading rapidly. This worms exploits the Microsoft
Windows DCOM RPC Vulnerability announced July 16, 2003. The worm appears to
be infectious and non-destructive in nature, meaning that its main goal is
to proliferate throughout the Internet as fast as possible without
corrupting and compromising data of infected systems.
http://www.foundstone.com/index.htm...nt=/resources/termsofuse.htm?file=rpcscan.zip
R
Rick Simon
Hi all,
how do I see if the patch i already installed on my comp. I tried
looking in add/remove programs, but there lot's of these hotfixes (it
is one of them right?), but what number/code does this one have?
Q823980
N
Nick FitzGerald
David H. Lipman said:Jean-Luc, I read your post this afternoon and did some research.
Your statement "...if you have patched first then upgraded to SP4 you need to patch
again..." is NOT true.
The consclusion -- if you patch a PC then install a Service Pack you DON'T need to patch the
PC again.
Did you reboot between installing the patch and installing the SP?
From all I've read elsewhere, if you do not reboot after installing the patch
then run the SP installer, the SP installer queues its updated-but-not-as-up-
to-date RPC DLLs "on top of" those already queued by the MS03-026 patch
installer (the files cannot be replaced immediately as they will always be in
use by Windows). When you next reboot the SP4-supplied RPC updates (which are
still vulnerable to the MS03-026 bugs) will be installed.
Your conclusion is, I believe, only correct _if_ the system is restarted
between installing the MS03-026 patch and any other patch or SP that contains
RPC updates. This is, in fact, a long-standing flaw in the MS installation
system -- it ptovides a check for the file versions of the current files but
does _NOT_ include a check of the file versions of any scheduled or pending
file updates. This is why, in general, it is important not only to install
SPs and hotfixes in release order, but to restart after _every_ SP or hotfix
installation. (There is a patch "chaining" tool that is supposed to help with
sorting all this out and allow multiple hotfixes (not sure about SPs) to be
installed at once _without_ rebooting between them and that is supposed to
make sure these version weirdnesses don't get all screwed up, but I've not
tested it...)
D
David H. Lipman
Nick:
Yes. The PCs tested had been rebooted prior to checking the version of the RPC DLL's in
%windir%\system32
Dave
|
| > Jean-Luc, I read your post this afternoon and did some research.
| > Your statement "...if you have patched first then upgraded to SP4 you need to patch
| > again..." is NOT true.
| <<snip>>
| > The consclusion -- if you patch a PC then install a Service Pack you DON'T need to patch
the
| > PC again.
|
| Did you reboot between installing the patch and installing the SP?
|
| From all I've read elsewhere, if you do not reboot after installing the patch
| then run the SP installer, the SP installer queues its updated-but-not-as-up-
| to-date RPC DLLs "on top of" those already queued by the MS03-026 patch
| installer (the files cannot be replaced immediately as they will always be in
| use by Windows). When you next reboot the SP4-supplied RPC updates (which are
| still vulnerable to the MS03-026 bugs) will be installed.
|
| Your conclusion is, I believe, only correct _if_ the system is restarted
| between installing the MS03-026 patch and any other patch or SP that contains
| RPC updates. This is, in fact, a long-standing flaw in the MS installation
| system -- it ptovides a check for the file versions of the current files but
| does _NOT_ include a check of the file versions of any scheduled or pending
| file updates. This is why, in general, it is important not only to install
| SPs and hotfixes in release order, but to restart after _every_ SP or hotfix
| installation. (There is a patch "chaining" tool that is supposed to help with
| sorting all this out and allow multiple hotfixes (not sure about SPs) to be
| installed at once _without_ rebooting between them and that is supposed to
| make sure these version weirdnesses don't get all screwed up, but I've not
| tested it...)
|
|
| --
| Nick FitzGerald
|
|
Yes. The PCs tested had been rebooted prior to checking the version of the RPC DLL's in
%windir%\system32
Dave
|
| > Jean-Luc, I read your post this afternoon and did some research.
| > Your statement "...if you have patched first then upgraded to SP4 you need to patch
| > again..." is NOT true.
| <<snip>>
| > The consclusion -- if you patch a PC then install a Service Pack you DON'T need to patch
the
| > PC again.
|
| Did you reboot between installing the patch and installing the SP?
|
| From all I've read elsewhere, if you do not reboot after installing the patch
| then run the SP installer, the SP installer queues its updated-but-not-as-up-
| to-date RPC DLLs "on top of" those already queued by the MS03-026 patch
| installer (the files cannot be replaced immediately as they will always be in
| use by Windows). When you next reboot the SP4-supplied RPC updates (which are
| still vulnerable to the MS03-026 bugs) will be installed.
|
| Your conclusion is, I believe, only correct _if_ the system is restarted
| between installing the MS03-026 patch and any other patch or SP that contains
| RPC updates. This is, in fact, a long-standing flaw in the MS installation
| system -- it ptovides a check for the file versions of the current files but
| does _NOT_ include a check of the file versions of any scheduled or pending
| file updates. This is why, in general, it is important not only to install
| SPs and hotfixes in release order, but to restart after _every_ SP or hotfix
| installation. (There is a patch "chaining" tool that is supposed to help with
| sorting all this out and allow multiple hotfixes (not sure about SPs) to be
| installed at once _without_ rebooting between them and that is supposed to
| make sure these version weirdnesses don't get all screwed up, but I've not
| tested it...)
|
|
| --
| Nick FitzGerald
|
|
D
Devast8or, work
Your conclusion is, I believe, only correct _if_ the system is restarted
between installing the MS03-026 patch and any other patch or SP that contains
RPC updates. This is, in fact, a long-standing flaw in the MS installation
system -- it ptovides a check for the file versions of the current files but
does _NOT_ include a check of the file versions of any scheduled or pending
file updates. This is why, in general, it is important not only to install
SPs and hotfixes in release order, but to restart after _every_ SP or hotfix
installation. (There is a patch "chaining" tool that is supposed to help with
sorting all this out and allow multiple hotfixes (not sure about SPs) to be
installed at once _without_ rebooting between them and that is supposed to
make sure these version weirdnesses don't get all screwed up, but I've not
tested it...)
So you're saying if I install SP4, and then the patch without rebooting it
won't work? Damn. But thanks for the info.
Devast8or
D
Devast8or, work
Looks like it is.
Prolly on windozeupdate, I never check.. or you can do a search for
"rpc patch" on m$.com in general.
Alternatively, see the many threads in this group already fr direct
links.. I don't know of the direct one off hand =)
Thanks, but I already have the direct link. The problem is I need to get it
installed on a lot of machines I can't get to - so I have to do it with
either WindowsUpdate or a boot-CD (many of the users don't know anything
about computers, so it has to be as simple to them as possible).
Devast8or
N
Nick FitzGerald
David H. Lipman said:Yes. The PCs tested had been rebooted prior to checking the version of the RPC DLL's in
%windir%\system32
That was not what I asked.
Were they rebooted between installing the patch and installing the SP?
If yes, then the patch should be installed. Probably the most common way of
causing the problem of the registry settings saying the patch is installed but
older versions of the DLLs being present and active comes from people installing
the patch, _NOT_ rebooting then installing the latest SP. This results in the
vulnerable versions of the RPC DLLs from the SP being "queued over" those from
the MS03-026 patch.
So, answer the question I asked -- were the machines rebooted between installing
the patch and installing the SP?
R
Rick Simon
Thanks, but I already have the direct link. The problem is I need to
get it installed on a lot of machines I can't get to - so I have to do
it with either WindowsUpdate or a boot-CD (many of the users don't
know anything about computers, so it has to be as simple to them as
possible).
Easy enough.
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/MS03-026.asp
At the bottom of the page are links for downloading the patch in
executable form for the different OS'. Create a separate CD for each one
with an autorun.inf and label the CD with the OS version on it. Then all
they have to do is put in the right CD for their OS and it'll do its
thing.
K
kurt wismer
Devast8or, work wrote:
[snip]
actually, i kinda got the impression that he was saying if you patch
and then install sp4 without rebooting in between it won't work because
the last set of dll's in the update queue will be older... the
impression i got is that the order in the queue is important...
[snip]
So you're saying if I install SP4, and then the patch without rebooting it
won't work? Damn. But thanks for the info.
actually, i kinda got the impression that he was saying if you patch
and then install sp4 without rebooting in between it won't work because
the last set of dll's in the update queue will be older... the
impression i got is that the order in the queue is important...
N
Nick FitzGerald
Kurt is right.
No.
If you do what I've described several times now Windows Update _WILL NOT_
correctly install the MS03-026 patch on your machine(s) because all it does
to check that the patch is installed is check for the registry value the
MS03-026 patch installer adds. As the SP -- released _BEFORE_ the SP --
does not remove that registry value, but will usurp the updating of the
DLLs _if_ you run it after the patch installer _and_ without rebooting
after the patch installer, Windows Update will see the registry value and
incorrectly conclude you are patched. One of the "nice" features of the
standard use of WU is that it will not offer you patches it thinks you do
not need (after all, MS always knows best...), so you _CANNOT_ recover from
this situation simply by relying on WU to automatically update (advanced
users may work out how to force the update from WU, through the "Catalog"
feature, but that cannot be automated on each machine).
Ah, I see. Anyway, it doesn't really matter as I checked windowsupdate.com
and found the patch there. So all our machines should get it automagically
(or should already have it by now I guess).
No.
If you do what I've described several times now Windows Update _WILL NOT_
correctly install the MS03-026 patch on your machine(s) because all it does
to check that the patch is installed is check for the registry value the
MS03-026 patch installer adds. As the SP -- released _BEFORE_ the SP --
does not remove that registry value, but will usurp the updating of the
DLLs _if_ you run it after the patch installer _and_ without rebooting
after the patch installer, Windows Update will see the registry value and
incorrectly conclude you are patched. One of the "nice" features of the
standard use of WU is that it will not offer you patches it thinks you do
not need (after all, MS always knows best...), so you _CANNOT_ recover from
this situation simply by relying on WU to automatically update (advanced
users may work out how to force the update from WU, through the "Catalog"
feature, but that cannot be automated on each machine).
D
David H. Lipman
Nick:
All PCs were rebooted between patching and/or installing Win2K Service Pack 4.
Dave
|
| > Yes. The PCs tested had been rebooted prior to checking the version of the RPC DLL's in
| > %windir%\system32
|
| That was not what I asked.
|
| Were they rebooted between installing the patch and installing the SP?
|
| If yes, then the patch should be installed. Probably the most common way of
| causing the problem of the registry settings saying the patch is installed but
| older versions of the DLLs being present and active comes from people installing
| the patch, _NOT_ rebooting then installing the latest SP. This results in the
| vulnerable versions of the RPC DLLs from the SP being "queued over" those from
| the MS03-026 patch.
|
| So, answer the question I asked -- were the machines rebooted between installing
| the patch and installing the SP?
|
|
| --
| Nick FitzGerald
|
|
All PCs were rebooted between patching and/or installing Win2K Service Pack 4.
Dave
|
| > Yes. The PCs tested had been rebooted prior to checking the version of the RPC DLL's in
| > %windir%\system32
|
| That was not what I asked.
|
| Were they rebooted between installing the patch and installing the SP?
|
| If yes, then the patch should be installed. Probably the most common way of
| causing the problem of the registry settings saying the patch is installed but
| older versions of the DLLs being present and active comes from people installing
| the patch, _NOT_ rebooting then installing the latest SP. This results in the
| vulnerable versions of the RPC DLLs from the SP being "queued over" those from
| the MS03-026 patch.
|
| So, answer the question I asked -- were the machines rebooted between installing
| the patch and installing the SP?
|
|
| --
| Nick FitzGerald
|
|
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.