Windows

must add points.... must.... add.... points.......

Hi Joseph,

I only have 1 target system for the patch, and I have seen no problems on the XP box I installed it on.

My other systems are running W98 which does not have an update for this problem.
(I need to change out a number of hardware items before I can upgrade the W98 boxes to either W2K or XP.)

Chas

Ok, I have been put on this fulltime until all 50 of my servers are patched. User workstations can wait until a worm is released onto the Internet.
So, I have (as of 5PM CST) patched 3 Win2K server, 1 Win2KPro (my workstation), and 1 XP Pro machine (my laptop). So far, no indication of any problems. No errors in the Event Logs. No performance hickups. So far, so good.
I will leave this open over the weekend, and close it Monday night, so feel free to post any results you have with the patch.

Ah, the joys of "patch management"!

Buffer Overrun in RPC Interface Hotfix # 823980 / MS03-026...I have it on W2K Pro and XP Pro workstations...so far so good....no hickups installing or since installing it a week ago...it's also running on a Windows 2003 Server Small Business Server PDC [has Exchange 2003, ISA server SQL server and Outlook 2003 all on one box] and nothing out of the ordinary pops up in any of the monitoring tools [event viewer, health monitor..performance monitor..or in Exchange. Nothing out of reports from ISA server either]. Have no idea if W98 has problems with it as we don't use it anymore.

I was reading up on this issue this morning. The following was part of Microsoft's warning.

From Microsoft:

To exploit this vulnerability, the attacker must be able to send a specially crafted request to port 135, port 139, port 445, or any other specifically configured RPC port on the remote computer. For intranet environments these ports are typically accessible, but for Internet-connected computers, these ports are typically blocked by a firewall. If these ports are not blocked, or in an intranet environment, the attacker does not have to have any additional privileges.

Best practice recommendations include blocking all TCP/IP ports that are not actually being used. By default, most firewalls, including the Windows Internet Connection Firewall (ICF), block those ports. For this reason, most computers that are attached to the Internet should have RPC over TCP or UDP blocked. RPC over UDP or TCP is not intended to be used in hostile environments, such as the Internet. More robust protocols, such as RPC over HTTP, are provided for hostile environments.

Based on the preceding statements, it appears that I wouldn't be at risk. (ports blocked, firewall, etc.) However, since I've been playing around with various VPN configurations, I installed the patch on my servers (2 of them) anyway - just to be safe - and I haven't noticed any adverse effects up to now. I'll do the W2K workstations over the weekend.

I've been running this update since July 24th without any problems (even MS gets something right once in a while .

Don