[Dshield] Re: [Full-Disclosure] FW: [Fwd: Re: AIM Password theft]

Al Reust areust at comcast.net
Thu Sep 25 00:10:32 GMT 2003


Hello Mark

Microsoft created a tool ages ago to check for faulty incomplete patch 
installation. It is called QFECheck.exe the is a win98 version and the 
Win2000/XP Version that sorta works with some NT 4.0 machines.

Here is the URL: (it may wrap)

http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=25BD2E13-B437-4F1C-A36A-1BBF6E8BA288

KB Q282784 from Microsoft Technet.

It validates the file version with what is the catalog.

If a machine is acting funky, that is normally one of the things that I 
run. It will then tell you to reinstall a particular patch. The only 
problem is that depending the same DLL will have been updated and you could 
place a vulnerable file back onto the system. So normally I redo patches 
from the affected one. My procedure is a download of the patch, edit a 
script and then burn to CD.. Thus I place a local copy of the script on the 
affected machine add a goto statement and it takes cares of the affect 
hotfix(s).

If anyone is interested I would be happy to share it offline. it also takes 
care of IE 55. SP 2, IE 6 and IIS

R/

Al


At 01:53 PM 9/24/2003 -0400, you wrote:
>On Wed, 24 Sep 2003 09:57:57 CDT, "Bassett, Mark" <mbassett at omaha.com>  said:
>
> > I am patched with MS03-032 ( Q822925 ) but am still vulnerable.
>
>I've seen multiple reports of patches failing to apply correctly in some cases
>(often tied to the way it renames files during a reboot to work around 
>locking issues).
>
>What tool did you use to verify it was in fact installed?
>
>_______________________________________________
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list