Skill2die is 100% right , about testing everything
_BEFORE_ deply on critical systems .even WSUS warn you
in RED not to deploy patches without testing them ! ,.
after some checks here and there , I guess I`ve found
some reasons for that crash . Although it didn`t
stopped our businnes for more thn few hours ( lack of
fast restoring mechanism and) but it was hard to
bypass.
I`ll plan for checking patches one by one on a test
pdc ASAP , but what I`m sure is that the crash is
caused by
pnp or IE patch , not print spooler or telephony
service or ...
AND , remember that release-candidate version of 2k3
sp1 ? I guess that`s the most reasonable reason for
the conflict . RC-SP1+pnp patch = ????
anyway I`ll test them all and report back here :>
just some quick hints for crash-recovery in case
you`ve
same problem (can`t get into safe-mode)and have no
backup !!!
boot the crashed system , in command-prompt mode
and go to windows directory .
running "dir /AD *uninstall*" will give you list of
installed hotfixes on system . hotfixes are identified
by their KB number . move to directory
$NtUninstallKB899588$\spuninst
in case of ms05-039 pnp hotfix , and run
"spuninst.exe" . it will uninstall the patch.
note that there is no guaranty to get back your
domain-controller work reliable as it was before
installing patch !
regards
--- Adil Absar <sabsar@csc.com> wrote:
You have to test and reapply the patches 1 by 1.
It will be very surprising if the patch targets a
PDC only and not a DC ,so
fire up a test DC and apply patches 1 by 1.
If it is MS05-039 that is causing the problem ,
every one will be
interested, including MS, since that is related to
all the recent viruses.
However since the plug and play vulnerability
(Ms05-039) cannot be
exploited remotely and anonymously (spelling!) on
w2k3 it is not a critical
problem for you, and you have compensating controls
to utilise (see ms
bulletin)
Adil Absar
CSC Global Security Solutions
Based : London , UK
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the
intended recipient, please
delete without copying and kindly advise us by
e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail
shall not operate to
bind CSC to any order or other contract unless
pursuant to explicit written
agreement or government initiative expressly
permitting the use of e-mail
for such purpose.
----------------------------------------------------------------------------------------
"Hamid . K"
<elite_netbios To:
focus-ms@securityfocus.com
@yahoo.com> cc:
Subject: New MS patches crashed my 2k3 SP1 PDC
20/08/2005 06:24
Hi list ,
After deploying new set of microsoft patches
released
this months , we experienced a heavy crash on out
domain controller systems which are based on windows
2003 SP1 !
just after a clean install of last 5 patches ,
windows will no more boot ! nice blue screen of
death
is what MS dedicated to us !
another friend of mine , in his own network
experienced the same . cool point is that _ONLY_ PDC
systems are affected to this unexpected crash . no
other 2k3 SP1 server had any problem with patches .
anyone else have had same problem ?
what the hell is going wrong ?
__________________________________
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced
search.
http://info.mail.yahoo.com/mail_250
---------------------------------------------------------------------------
---------------------------------------------------------------------------
__________________________________
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html
---------------------------------------------------------------------------
---------------------------------------------------------------------------
