Steve's OM Blog

If I understand this correctly.

Clever deconstruction of the patch

It used to be possible to force a buffer overflow by forcing the netapi32.dll to load

\..\..\..\..\..\abc

This was fixed in MS06-040 by stripping off and \.. characters at the beginning of the string.

Therefore \..\..\..\..\..\abc becomes \abc

However some bright button noticed that

\abc\..\..\..\..\xyz does the same buffer overflow but MS06-040 does not catch this. Hence the quick release of MS08-067

More interesting links regarding problems people are having.

What McAffee has to say

Security Update KB958644 broke my wireless NIC!

We think it also broke the authentication to our firewall in our TestNet.

MS08-067 (Issues?)

I have prepared a Management Pack to be used with OpsMgr 2007. As this was done in a bit of a hurry it really does not comply with best practices.

Two (Local Application based) monitors to all servers
1. Is NETAPI32.DLL too old? i.e. not patched yet. We initially had problems with our distribution of the Update and this proved to be a good reality check. This has two states good and warning.
2. Is there a file %System%\Wbem\basesvc.dll on my servers (i.e. The server is exploited?. This also has two states Critical and good.

A Nice View
Of course a nice state view of all servers.

Details of a know exploit
Management Pack. Save as an XML file

SCOM OpsMgr System Center Operations Manager MS06-040 2007

We are currently in PANIC! mode with testing and deploying MS08-067.

After distributing it into out testnet the authentication for some of our non-windows services failed. It is important remember the experiences we had with MS06-040 as this Security Update has been superceeded by MS08-067.

Security Bulletin MS08-067

MS08-067 and the SDL

The Exploit Details

Department of Homeland Security and MS08-067

Deployment Issues; MS08067 MS-08067 Deploy