Date: 08 February 2001
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2001.050 -- Microsoft Security Bulletin (MS01-005)
Tool and Patch Available to correct Hotfix Packaging Anomalies
8 February 2001
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Windows 2000
Vendor: Microsoft
Impact: Reduced Security
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
- - ----------------------------------------------------------------------
Title: Tool and Patch Available to correct Hotfix Packaging
Anomalies
Date: 30 January 2001
Software: Windows 2000
Bulletin: MS01-005
KB Article: Q281767 and Q282784 (available soon)
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/ms01-005.asp
- - ----------------------------------------------------------------------
Issue:
======
Microsoft packages all Windows 2000 hotfixes (including security
patches) with a catalog file that lists all of the valid hotfixes
that have been issued to date. The catalog is digitally signed to
ensure its integrity, and Windows File Protection uses the signed
catalog to determine which hotfixes are valid. An error in the
production of the catalog files for English language Windows 2000
Post Service Pack 1 hotfixes made available through December 18, 2000
could, under very unlikely circumstances, cause Windows File
Protection to remove a valid hotfix from a system. The removal of a
hotfix could cause a customer's system to revert to a version of a
Windows 2000 module that contained a security vulnerability.
Windows File Protection will only remove valid hotfixes from a
Windows 2000 system under a very restrictive set of circumstances.
The system administrator would have to have applied multiple hotfixes
in an order other than that in which Microsoft produced and packaged
them. Furthermore, Windows File Protection would only remove hotfixes
from a system if it were run explicitly (by running sfc/scannow for
instance) or triggered by some administrator action (such as
specifying that it be invoked under a group policy).
- - ----------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE FOREGOING LIMITATION MAY NOT APPLY.
- -----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBOncPX40ZSRQxA/UrAQHpWggApgHJ9yJTncAgNlozveulXNSzCkjg6R2I
1WKqtHRtZ8nY8Kqm6YOmpxsBByQqWUmAQ2Lic/V1tca889b5ngCOZuEmwLRRv14V
ja+lW8qqSQLqihD9MLU0VWFYVy4t6oOmOOdIWkXYrGrGftJMdwG7xPbCWIvRi65D
TBR3iz0J4kChifv1r+EE/ZScn2MS6DSF+xa3F00vvr653ok7Qut6SoAZDiGyytKT
1CwlKyBmYOGTV+jp1ZnQMN+NumKRwklya0N/QqvuhbIp5in+2RZ0yfeQIt+z6YQo
bodyj0e82Vnf9tZAAx044kIL0jUWJRHIKxZmP4hSHXup99Hq3JKOKg==
=iELH
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBOoJ9Zyh9+71yA2DNAQHORwP8Dr0LbS3jjBdtEf8e6ZUQXLzxhwBwbF/H
8QGVMhX91+jnZC+wNmLxzssSr3U80j0AaxhqOVt5PYBuUpvLr9nOGoK5wzLxRcjK
rf0HhjsgJljpvAlC1dKfFc5aVdCG1nPdsf2FqDq1t36oCPRkn8YJni4yZSIbyheN
wXDjJjUhOPQ=
=K4hQ
-----END PGP SIGNATURE-----
|