Update: Problems with Microsoft's Patch MS04-011

I have installed MS04-011 on several test PC's. On each one after the install when logging on the logon script hangs at a point where it is calling another script. The scrip is in VBS. It calls the second script as that one writes a log file, it is almost as if it doesn't return to the main program. Now if a user that has local administrator rights logs in, everything works. Anyone seeing anything similar to this? As a rule, our users do not have admin rights.

I installed the update on a win 2000 professional client service pack 2 and could not restart after reboot - now get BSOD at startup with error C0000135 winsrv.dll not found - could this be a result of the pacth & if so - how do I fix?

I use a program called ClickBook. After installing MS04-011 the program stopped working. So far, the company has not been able to find a fix for my version. Their new version does work with the MS patch.

I am unable to update as your warning about worms suggests and I don't know where to look on this site to get the instructions I need. Please advice.

So far it appears that the 98 Editions are not in harms way with the threat of the Sasser Worm. Unless I have misread or missed any other bulletins I can see no reason to download the MS04-011 Patch. If someone knows different or has read any article pertaining to this issue please let me know so that I can download the patch also. This article is excellent and very informative not to scare the hell out of everyone who reads it. Thank You. Bill Barnett.

OR, instead of bitching and whining, we could a) setup a test sever that verifies the useability of MS Hotfixes and Patches before putting them on production and/or mission critical servers. b) If our job entails Admin'ing those servers, do your job. c) move to a platform that appeals to you. However, do not expect problems to magically go away. Do a search on OpenBSD exploits within the last week.

when I go to internet Messenger Service Interepting me,please advise hoew to stop this. I HAVE WINDOW XP

This is ridiculous that Microsoft continues to roll-up patches that have not been regression tested in the public domain all into one patch. They need to release patches one by one so that if there are problems then they can more easily resolved. Don't think that these are the only problems with this MS04-011 patch. Every patch cycle (second Tuesday of every month) the patches seem to be written by different groups and/or contain multiple problems. Corporations that once were able to regression test patches and newly released code are forced to put these unttested patches into their production environments immideately due to exploit code being released so fast after patches are released. It's just a matter of time before a large corporation's network is crippled by a poorly written and untested patch. This type of panic patching is totally acceptable Mr. Gates. Quit traveling the world and get back in the office and resolve these issues that is only hurting your company's credibility. Sincerely, JMP

I've went to the website for the MS04-011 patch, but all it gives me is the article. I want the actual downloadable patch. I've downloaded the windos NT 4.0 package, but my comp. says that I need the 4.0 package. Why does this have to be so complicated? The article is leading me to a hundered different things, but not one of the the actual patch. Please help me A>S>A>P>. I can't use the internet, and it is important for all my research and e-mail.

Don't you people back up your systems before applying patches ? Cheapest solution is a 2nd HDD and an imager (norton ghost is good). Image the system, apply the patch, and if it doesn't work, boot from the imaged drive, which only requires a bios change. This ensures that you always have a bootable drive. Total cost for software and HDD should be $100 or less. Cheap for the security.

I just had one issue with a W98se box networked were the lsass.exe was enabled.

help me

If the machine is unbootable then copying ntoskrnl.exe and mssip232.dll from $NtUninstallKB835732$ to \Winnt\System32 may solve the problem.) You would need to do this in the Command Console.

if i want to amke an update fis error apears! 0x80244028 What can i do?

Error number that occured: 0x80244028

I installed the patch on a 2000 Pro desktop that some how had the dlttape.sys driver. Machine locked up with 100% cpu usage by the system process. I called Microsoft and got the hotfix. It took me over an hour to get it installed but was worth it as the machine is now back to normal and still patched for the vulnerabilities.

i have found one of the three offending drivers on my computer but it is in the Winnt\ServicePackFiles\386 directory. does this mean that the driver is 'loaded' or would it always have to occur in the system or system32 folders? Thanks, Sean.

AHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Is it just me, or are there an awful lot of SysAdmins out there who have serious trouble with communicating in this language? How do you guys follow the rules (or is that 'guidelines') correctly if you can't even write intelligible entries on this forum? Or is this part of the problem perhaps? Nobody actually reads the guidance that comes with patches and SP's? Part of the job is to test this stuff in a non-production test environment that resembles your production environment before you roll it out. Rather than complain about too many patches, why not get off Microsoft's case and bring pressure to bear on your authorities to hunt down the people who exploit these vulnerabilities? They are the criminals here, not the people who are working into the wee hours putting patches together to safeguard your machines.

Having installed the MS04-011 patch my dual cpu pc is unresponsive due to the System process consuming full cpu power (the only reason I can write this is that max utilisation leaves 50% free on a dual cpu pc). I suspect the os is repeatedly trying to load a driver (.sys file) unsucsesfully. I would like to unload the MS04-011 patch but there seems to be no way of doing this. Microsoft do not publish the hotfix files for this issue. I am seemingly forced to reload the operating system as a consequence of one of Microsofts own security fixes.

After applying the fix to W2k, it is apparently not possible to query the "Process" performance data counter (and possibly others) via the registry interface from an impersonation context. The Win32 API RegQueryValueEx does not report any error, but returns a very small amount of data (typically 112 bytes). The same code works correctly under a non-impersonated context. I would like to see confirmation from MS that this is an intended side effect of this patch and suggest a workaround (apart from "so don't do it"). In any case, it is unacceptable for an api (RegQueryValueEx) to silently fail. It should either return correct data or report an error; not simply return invalid data. Even if the workaround that I have put in place for SAP Gui actually works, it isn't ideal and has some deficiencies. A better understanding of the issue would be beneficial.

We all are tired of patching and reboots of production servers. We all are tired of Windows platform. Period.