Date: Fri, 20 Jul 2001 21:39:02 +0100
From: "Boyce, Nick" <[email protected]>
To: BUGTRAQ <[email protected]>
Subject: Code Red / Microsoft Patch Q300972i / NT Service Packs
Microsoft's Security Bulletin MS01-033 (the one announcing the vulnerability
being used by Code Red, and the patch availability) states :
"The Windows NT 4.0 patch can be installed on systems
Windows NT 4.0 Service Pack 6a."
(See
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/
bulletin/ms01-033.asp, and click "Additional information about this patch".)
And the relevant KB article
http://support.microsoft.com/support/kb/articles/Q300/9/72.ASP says
"NOTE: Due to file dependencies, this hotfix requires
Microsoft Windows NT 4.0 Service Pack 6a."
Can anyone provide any experience of successfully using the patch
("Q300972i.exe") on an NT4 Server running *earlier* service packs ? A
statement from Microsoft would be nice (like: What is the impact of applying
the patch to a server running an earlier SP ? What would be broken ?)
[ We have a couple of NT4 servers stuck with earlier SPs (one with SP4, and
one with SP5) due to alleged non-certification of their major application
with any later service pack. I've set up a test NT4/SP5/IIS4 server, and
installed Q300972i, and IIS is back up & running without apparent sickness
...]
Thanks for any light anyone can shed.
Nick Boyce
EDS, Bristol, UK
