Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Ex-Bay Networks CEO: Nortel's enterprise group could do well on its own
Net neutrality advocates score big win with broadband stimulus rules
Security guard charged with hacking hospital systems
Cisco looks to accelerate virtualization deployments
Apple patching serious SMS vulnerability on iPhone
Could Cisco take on Microsoft with office app service?
Nortel enterprise data chief wants to bring back Bay Networks
Government releases $4 billion in broadband stimulus funds
Why the iPhone can't be 'killed'
IBM bundles x86 servers with VMware, offers special financing
Users note virtualization foot-dragging among app vendors
Five slick search engines you should know about
FTC opens all out assault on economic cyber-scammers
Happy birthday! The Walkman turns 30
Cisco won't take on Amazon in cloud
Security /

Bug Alert: Win 2000 SP3 problems and fixes - Part 1

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Jason Meserve
Security and Bug Patch Alert, 10/21/02

Looks like Windows 2000 SP3 is causing quite a few headaches among our faithful readers. We've gotten a number of responses to date and we'll cover them this week. Some people have problems and found workarounds, others just have problems.

Not really a bug, but an annoying feature, reader " Doran " writes: "My biggest problem with SP3 are the reports that it requires a user to allow MS to automatically check and update a computer! I'll be danged if I want *them* determining if it's okay for my production Web server needs an update or not."

From reader Fred Lewis:

Problem: The one major issue is that on a Compaq DeskPro EX Pentium 1.0 GHz when the PC rebooted after downloading SP3, the reboot failed saying that file ntoskrnl.exe was missing in winnt/system32. Upon getting the PC up and running on a boot disk, I noticed that this file was indeed there but was not the correct SP3 version. I installed the correct SP3 version but Win 2000 was still telling me that SP2 was installed.

Fix: After downloading SP3 again, everything was fine.

A couple minor issues Lewis is dealing with:

* Registry changes made to fix a problem with Crystal Report 8.5 were removed when SP3 was installed.

* A few Dell laptops had problems with the SonicWall VPN software after install. He's reinstalling the software.

From reader Micah Wissman:

Problem: I have a perfectly functional server running Exchange Server SP2 and Win 2000 SP2 before the update to SP3. Now 75% of the time the Exchange Server services will not start with the system. I'll receive an error that one or more services did not start and it's always Exchange when I check. This only started after I installed the Win 2000 SP3 update.

From reader "wes":

Problem: Machines being upgraded from older operating system were having problems with the SP3 installation.

Fix: "Clean Installs have given us no trouble. The problems with SP3 have been eliminated by simply having all available upgrades from SP2 and since loaded before SP3. Lesson learned, Do clean installations and the majority of problems are gone."

From reader Tom Bagg:

Problem: I have experienced problems with network shares after the installation of SP3. Not all shares are affected and I can find no predictable pattern. I have found that (usually) by removing the share and reestablishing it the problem goes away temporarily. The specific message is "That network share is not available."

From reader Helio Coragem:

Problem: First boot after SP3 installation caused a Blue Screen of Death (BSOD). Second reboot worked.

Solution: Keep fingers crossed with each reset.

From reader Dusty Thibodeaux:

Problem: Microsoft Office files corrupted after SP3 install.

Fix: Re-installed Office.

From reader Kevin Garrity:

Problem: Several programs that use windrvr.sys such as the development program Xilinx refused to let the machine get past the logon screen, it would just reboot as soon as the driver was loaded, whether you tried to log on or not.

Fix: After a $265 tech support call to Microsoft, he found the fix was free from Xilinx:

www.jungo.com/support/tech_docs/td108.html

From reader "Andy":

Problem: After doing a fresh install of Win 2000, I updated to SP3 and then loaded Microsoft Office 2000. Office would open and then die immediately without any error.

Fix: I then reloaded the operating system, installed Office 2000 and updated to SP3, after doing this Office worked even after the SP3 install.

From reader Brian McIntyre:

Problem No. 1: I've found out the hard way that I don't want to install SP3 on a server running Terminal Services if I expect my users to be able to print. There's a specific issue that Microsoft has made mention of in KB article Q328020, and that directly effected me in one of the two SP3 installs.

Problem No. 2: Another system would not print Adobe Acrobat files correctly after installing the SP.

Fix: In both cases I had to rollback to SP2 to return things to normal.

From reader Heather Toth:

Problem: The only problem we have encountered so far with SP3 was with its compatibility with Arcserve2000 SP4. We found that Arcserve wouldn't back up certain files (thousands for us) mainly the ones that were accessed the most.

Fix: Remove SP3.

Making it worse: Unfortunately, we discovered this after a critical server failed and we lost a month's worth of data, the time since SP3 was applied. We haven't applied SP3 to any other servers at this point.

We'll cover more problems and workarounds on Thursday.

Today's bug patches and security alerts:

Undocumented account in Avaya switches

Avaya has issued a warning that its P882, P880, P580, and P550R switches contain two undocumented accounts with default passwords that can be accessed via telnet or the Web interface. These accounts allow privileged access to the switch. For more, go to:

support.avaya.com/japple/css/japple?PAGE=avaya.css.OpenPage&temp.template.name=Avaya_P580_P882_Undocumented

**********

Red Hat patches kernel vulnerabilities

Red Hat issues two advisories regarding potential root-access vulnerabilities in the code for Versions 2.2 and 2.4 of its kernel. Users are urged to upgrade to fix the problems. For more, go to:

www.redhat.com/support/resources/howto/kernel-upgrade/

Red Hat releases Mozilla update

An updated version of the open-source browser Mozilla is available for Red Hat users. Versions prior to 1.0.1 contain vulnerabilities that could allow an attacker to read data off the local hard drive and potentially execute arbitrary code on the affected machine. For more, go to:

https://rhn.redhat.com/errata/RHSA-2002-192.html

**********

Debian fixes heimdal

A number of vulnerabilities have been found in the heimdal package. These flaws could be exploited to gain root access to the affected system, according to an alert from Debian. Users are urged to patch their implementation of heimdal as soon as possible. For more, go to:

www.debian.org/security/2002/dsa-178

New gnome-gv fixes available

A flaw in gnome-gv, an open-source application for viewing PDF and PostScript files, could allow an attacker to run arbitrary code on the affected machine. For more, go to:

www.debian.org/security/2002/dsa-179

Debian warning of password flaw in PAM

A flaw in the way the PAM package handles disabled password could allow an attacker access to the affected system via a closed account. PAM Version 0.76 is affected by the problem. For more, go to:

www.debian.org/security/2002/dsa-177

**********

HP/Compaq patch HP Tru64 UNIX 5.1A

According to an alert from the company, a potential security vulnerability has been discovered, where under certain circumstances, system integrity may be compromised. This may be in the form of improper file or privilege management. Compaq has corrected this potential vulnerability. The fix for this problem can be found at:

ftp://ftp1.support.compaq.com/public/unix/v5.1a/

**********

Trustix releases kernel update

Trustix has released a new version of its Linux kernel that fixes a number of security flaws in various functions of the operating system. Fir more, go to:

www.trustix.net/errata/misc/2002/TSL-2002-0068-kernel.asc.txt

New version of Apache for Trustix

An update to the Apache Web server code is available for Trustix users. This update fixes a number of minor security vulnerabilities. For more, go to:

www.trustix.net/errata/misc/2002/TSL-2002-0069-apache.asc.txt

**********

Today's roundup of virus alerts:

W32/Opaserv-C - Another version of the Opaserv worm, which spreads via network shares. This version drops two files on the infected machine, "brasil.exe" or "brasil.pif". (Sophos)

**********

From the interesting reading department:

Network World Security Supplement

A special report detailing tips and techniques for software patches, vulnerability warnings, password problems and security device management.

www.nwfusion.com/supp/security2/

Securing your share of cyberspace

The federal government needs to set an example for industry and flex its $52-billion a year IT spending muscle to raise standards, so vendors build security into technology rather than rushing products to market. A concerted effort is needed from everyone who depends on the Internet, to take ownership, to look for and fix the vulnerability on individual networks. Otherwise, industry won't flourish and the economy and the nation will remain at risk. Network World Fusion, 10/18/02.

www.nwfusion.com/news/2002/1018clarkecybersec.html

Secure e-mail on tap from Tumbleweed

Tumbleweed says later this month it will ship technology that makes it easier for corporations to send secure and encrypted e-mail from their existing messaging systems and messaging-enabled applications. Network World, 10/17/02.

www.nwfusion.com/news/2002/1021tumbleweed.html

Start-up secures stored net data

Businesses looking for ways to protect data in networked storage arrays might be interested in a start-up that has unveiled appliances designed to encrypt and decrypt storage data without hurting network performance. Network World, 10/21/02.

www.nwfusion.com/news/2002/1021decru.html

**********

Archives online:

Every operating system has its flaws. Look back in our online archive at:

www.nwfusion.com/newsletters/bug/

RELATED LINKS

Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at jmeserve@nww.com.

Security and Bug Patch Alert archive
Past newsletters.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.