Reader Comments

I am unable to update as your warning about worms suggests and I don't know where to look on this site to get the instructions I need. Please advice.

So far it appears that the 98 Editions are not in harms way with the threat of the Sasser Worm. Unless I have misread or missed any other bulletins I can see no reason to download the MS04-011 Patch. If someone knows different or has read any article pertaining to this issue please let me know so that I can download the patch also. This article is excellent and very informative not to scare the hell out of everyone who reads it. Thank You. Bill Barnett.

i want to update my pc which is on lan and has been infected wirth sasser virus pl tell me how to patch with MS04-011 patch

The MS04-011 patch might also have a major impact on Server with Citrix MetaFrame installed. After the patch is applied no logon through ICA is possible and/or 1003 and 1004 events are logged. To resolve the Problem follow the desciption in MSKB 329896 and apply it only on the Citrix Server.

Hey guys (Cassandra and Punet), MS provides the support. Not this article.

People with ORACLE Server 8.1.6 have problems with Services and Windows 2000 (WorkAround in Microsoft). http://support.microsoft.com/default.aspx?kbid=841180 And ORACLE don't know that ?

Having installed the MS04-011 patch my dual cpu pc is unresponsive due to the System process consuming full cpu power (the only reason I can write this is that max utilisation leaves 50% free on a dual cpu pc). I suspect the os is repeatedly trying to load a driver (.sys file) unsucsesfully. I would like to unload the MS04-011 patch but there seems to be no way of doing this. Microsoft do not publish the hotfix files for this issue. I am seemingly forced to reload the operating system as a consequence of one of Microsofts own security fixes.

This is ridiculous that Microsoft continues to roll-up patches that have not been regression tested in the public domain all into one patch. They need to release patches one by one so that if there are problems then they can more easily resolved. Don't think that these are the only problems with this MS04-011 patch. Every patch cycle (second Tuesday of every month) the patches seem to be written by different groups and/or contain multiple problems. Corporations that once were able to regression test patches and newly released code are forced to put these unttested patches into their production environments immideately due to exploit code being released so fast after patches are released. It's just a matter of time before a large corporation's network is crippled by a poorly written and untested patch. This type of panic patching is totally acceptable Mr. Gates. Quit traveling the world and get back in the office and resolve these issues that is only hurting your company's credibility. Sincerely, JMP

This is ridiculous that Microsoft continues to roll-up patches that have not been regression tested in the public domain all into one patch. They need to release patches one by one so that if there are problems then they can more easily resolved. Don't think that these are the only problems with this MS04-011 patch. Every patch cycle (second Tuesday of every month) the patches seem to be written by different groups and/or contain multiple problems. Corporations that once were able to regression test patches and newly released code are forced to put these unttested patches into their production environments immideately due to exploit code being released so fast after patches are released. It's just a matter of time before a large corporation's network is crippled by a poorly written and untested patch. This type of panic patching is totally acceptable Mr. Gates. Quit traveling the world and get back in the office and resolve these issues that is only hurting your company's credibility. Sincerely, JMP

I just had one issue with a W98se box networked were the lsass.exe was enabled.

Error number that occured: 0x80244028

i have found one of the three offending drivers on my computer but it is in the Winnt\ServicePackFiles\386 directory. does this mean that the driver is 'loaded' or would it always have to occur in the system or system32 folders? Thanks, Sean.

I installed the update on a win 2000 professional client service pack 2 and could not restart after reboot - now get BSOD at startup with error C0000135 winsrv.dll not found - could this be a result of the pacth & if so - how do I fix?

The Microsoft patch has caused my PC to be unusable. I have a PC that's dual-bootable. I have a Windows-98 OS on my C-Drive and a Windows-200 OS on my D-Drive. While running on my Windows-2000 OS, I downloaded and installed this security patch. I then tested my PC for the presence of the Sasser virus and found that my PC was not infected with the Sasser virus. However, after rebooting my PC, I can no longer start my PC in either OS. My boot.ini file was apparently hosed up real good by this patch. Additionally, the phone number that Microsoft posts on their web site to call in case you have issues with this patch doesn't work. It's a bogus number and doesn't work. Thanks a lot Microsoft! Very irresponsible to release something like this as a "patch". Got any suggestions on how to fix this mess you created on my computer!?

Nihil and others who have loaded the patch and have probs - there is a hotfix for the problem and there is also a safe mode fix (depending on which driver has caused the problem). paste this into your browser for Microsoft's article: http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx follow the link to knowledge base article 835732 then follow the links relevant to the type of fault. you can get a hotfix direct from them.

Roland. Boot into safe mode and select last known good configuration. It will roll back your files.

We all are tired of patching and reboots of production servers. We all are tired of Windows platform. Period.

I have installed MS04-011 on several test PC's. On each one after the install when logging on the logon script hangs at a point where it is calling another script. The scrip is in VBS. It calls the second script as that one writes a log file, it is almost as if it doesn't return to the main program. Now if a user that has local administrator rights logs in, everything works. Anyone seeing anything similar to this? As a rule, our users do not have admin rights.

I have the dreaded microsoft KB835732 patch problem on my w2k machine and I can't remove the patch because it continuously reboots and I can't even get into safe mode. My last resort now is to use the boot CD Repair Console to uninstall the patch but I'm having trouble. What is the correct Repair Console procedure to rid my machine of thie badly designed patch from microsoft (in my opinion the patch is much worse than the sasser virus)

How does "serial nitemare" sound? If you ever talk to a federal legislator about anything, be sure to mention the desirability of fragmenting micrsoft.

Any idea how to fix that error 0x80244028?

If we all pull together, we might be able to get our systems fixed. But what about the Millions who will download the "patch" and have system lockout issues? :-( Do you-all think that this "patch problem" is wide-spread or just isolated? BTW, I appreciate all the comments. I was beginning to think that I was the only one (and was beginning to think I was losing it)! Tex

If the machine is unbootable then copying ntoskrnl.exe and mssip232.dll from $NtUninstallKB835732$ to \Winnt\System32 may solve the problem.) You would need to do this in the Command Console.

OR, instead of bitching and whining, we could a) setup a test sever that verifies the useability of MS Hotfixes and Patches before putting them on production and/or mission critical servers. b) If our job entails Admin'ing those servers, do your job. c) move to a platform that appeals to you. However, do not expect problems to magically go away. Do a search on OpenBSD exploits within the last week.

This article is really good and shows what the real world is. Good stuff.

Ran into the problem on one of our machines-the MS fixes didnt work and we even called for support-still no help. What did work is this-patiently letting the system come up-then going into Task Mgr-changing the priority of the process to realtime-then go to the control panel/add-remove-uninstall the ms update-each step getting to the add/remove change the process priority to realtime- it worked for me and i was able to uninstall "The patch of death" good luck

microsoft bitches at end users to upgrade their systems regularly and then they have the gaul to blame us when their crappy patches blow up our systems. I'm sick of this garbage. Linux here I come.

when I go to internet Messenger Service Interepting me,please advise hoew to stop this. I HAVE WINDOW XP

when I go to internet Messenger Service Interepting me,please advise hoew to stop this. I HAVE WINDOW XP

Patch worked for us (about 4000 XP machines + 300 2000/NT servers), had to reinstall it a few times on some machines, but no boot up probs......maybe if you all stopped downloading spyware programs you wouldn't be stuffing your machines up. In fact, out of all the patches and hotfixes we've deployed, only one of them caused a problem with one application (which we of course found in a test environment before deploying to everyone)....I agree with Mike: do your bloody jobs. You still have a maximum of 18 days (at last look) to test and deploy patches....thats 3 weeks people!!!

I use a program called ClickBook. After installing MS04-011 the program stopped working. So far, the company has not been able to find a fix for my version. Their new version does work with the MS patch.

Now, now. What's all this fussing about? The "rumored" bad patch was implemented quickly as a countermeasure to a very serious situation. While it would be ideal for us to follow normal approval procedures, and ensure complete and advance communication, the people who sent the destructive virus did not give us adequate notice. I "fix" for the problems the patch causes is available through Microsoft. I patched about 500 machines in my company and only had three problems. If you think you can get any stability, support or decent software for the Macintosh or Linux operating systems...go boy, go!

I have to agree with Ben - almost 500 workstations, laptops and servers and only one problem - a Win NT Terminal Server with Citrix 1.8. Small price to pay not to have to work 24 hours straight unloading a worm or virus from everyone's PC...

I must agree with David S. While Microsoft came out with these patches and removal tools quickly to help people remove this malicious virus, the person who made this gave us no information as to how to prevent, remove or warning it was coming. It is unfortunate that there are problems and issue with the patch -- either way the infected computers are for the most part unusable, unless you recognize the processes running in task manager and end them -- if you can because now someone else (or a group)has gone in and developed new strains going around that are much more difficult to stop. What I don't understand is -- why don't these people or groups spend their time doing something that will improve on technology instead of being malicious??

if i want to amke an update fis error apears! 0x80244028 What can i do?

Our rollout of MS04-011 went pretty smoothly in all respects bar one. Since applying the patch to our enterprise DHCP servers clients are occassionally receiving corrupt or missing information. Often the clients DNS server entries will be missing and/or the default gateway is either missing or configured to 0.10.140.0. I've spent ages troubleshooting this problem and as strange as it sounds the problems seem to stem from applying the patch to our win2k sp4 DHCP servers. The problem is compounded because the patch does not uninstall properly, it might say it does but it does not, check the dll versions afterwards and you'll see what I mean. The problem was solved by building new win2k boxes and not installing the patch on to them. Our problem may stem from applying patchs out of sequence, only further testing will prove this. Has anybody else suffered similar problems ??

Is it just me, or are there an awful lot of SysAdmins out there who have serious trouble with communicating in this language? How do you guys follow the rules (or is that 'guidelines') correctly if you can't even write intelligible entries on this forum? Or is this part of the problem perhaps? Nobody actually reads the guidance that comes with patches and SP's? Part of the job is to test this stuff in a non-production test environment that resembles your production environment before you roll it out. Rather than complain about too many patches, why not get off Microsoft's case and bring pressure to bear on your authorities to hunt down the people who exploit these vulnerabilities? They are the criminals here, not the people who are working into the wee hours putting patches together to safeguard your machines.

Don't you people back up your systems before applying patches ? Cheapest solution is a 2nd HDD and an imager (norton ghost is good). Image the system, apply the patch, and if it doesn't work, boot from the imaged drive, which only requires a bios change. This ensures that you always have a bootable drive. Total cost for software and HDD should be $100 or less. Cheap for the security.

I really don't know what to download anymore.every time I turn my computer on the thing says new updates.I read all these updates and really says the same thing.What do you download that won't affect your computer.

AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

After applying the fix to W2k, it is apparently not possible to query the "Process" performance data counter (and possibly others) via the registry interface from an impersonation context. The Win32 API RegQueryValueEx does not report any error, but returns a very small amount of data (typically 112 bytes). The same code works correctly under a non-impersonated context. I would like to see confirmation from MS that this is an intended side effect of this patch and suggest a workaround (apart from "so don't do it"). In any case, it is unacceptable for an api (RegQueryValueEx) to silently fail. It should either return correct data or report an error; not simply return invalid data. Even if the workaround that I have put in place for SAP Gui actually works, it isn't ideal and has some deficiencies. A better understanding of the issue would be beneficial.

I've went to the website for the MS04-011 patch, but all it gives me is the article. I want the actual downloadable patch. I've downloaded the windos NT 4.0 package, but my comp. says that I need the 4.0 package. Why does this have to be so complicated? The article is leading me to a hundered different things, but not one of the the actual patch. Please help me A>S>A>P>. I can't use the internet, and it is important for all my research and e-mail.

help me

I installed the patch on a 2000 Pro desktop that some how had the dlttape.sys driver. Machine locked up with 100% cpu usage by the system process. I called Microsoft and got the hotfix. It took me over an hour to get it installed but was worth it as the machine is now back to normal and still patched for the vulnerabilities.