Last week, Microsoft released Systems Management Server (SMS) Service Pack 3 (SP3) for premier customers. Those who installed the first release discovered that SP3 Release Candidate 9 (RC9) didn't correctly propagate client agent setting updates to client systems. Microsoft quickly corrected the problem and reissued SP3 a day later. You can download the corrected SP3 from the Microsoft Web site.
As I mentioned last week, you can install SMS SP3 only on top of SP2. If you are running an earlier version on any of your systems, you need to install SP2 and then upgrade to SP3. See Microsoft’s SMS SP3 download page for more information.
If you installed SP3 RC9, you can download a hotfix that corrects the client agent problem. See Microsoft article Q289000 for a description of the hotfix and the files the hotfix installs. However, considering the complexity of the hotfix's installation instructions, you can save time and effort by downloading and installing the new version of SP3.
NT 4.0 PPTP DOS Hotfix
Windows NT’s PPTP service contains a security vulnerability that leaks kernel memory when the service processes a malformed packet. If a server receives many packets that contain a specific malformation, the memory leak eventually consumes all available kernel memory. Without kernel memory, of course, a system hangs, and you need to reboot to restore operation, disconnecting all the active PPTP sessions in the process. A malicious user can exploit this security hole without first establishing a valid PPTP session simply by sending a steady stream of malformed packets to the PPTP server.
This Denial of Service (DoS) vulnerability doesn't threaten the security of the data in PPTP sessions in any way and doesn't exist in Win2K systems that support PPTP connections. Computers running the PPTP service are the only machines that this vulnerability affects.
This vulnerability affects all versions of NT 4.0, up to and including SP6a, NT 4.0 Server, Enterprise Edition (NTS/E), and NT Server 4.0, Terminal Server Edition (TSE). You can download English and German updates for NT Server and NTS/E. Download the English language hotfix, Q283001i.exe, and the German hotfix, Deuq283001i.exe, from the Microsoft Web site. The hotfix updates one file, raspptpe.exe, and the file has a release date of December 7, 2000. Unfortunately, the TSE hotfix isn't available for public download. To obtain it, you must call Microsoft Support directly.
Cleaning Up After Anna K
Did you know that the Anna K virus that hit systems last week takes advantage of a vulnerability in older versions of Internet Explorer (IE) for NT and Windows 9x? Even if you download the latest virus files for your virus scanner, your system remains vulnerable if your version of IE precedes IE 5.01. You can close this security hole permanently by upgrading to IE 5.01 or 5.5 or by installing the security update whose friendly name is EyeDog. Microsoft released the update, which is available for public download at Microsoft’s FTP site, in August 1999. See Microsoft article Q240308 for details.
The NT 4.0 FunLove Virus
The W32.FunLove.4099 virus infects systems on which an administrator runs a program already contaminated with the virus. Once installed, the virus attacks the NT file security system and infects ntoskrnl.exe. When you boot a system with the modified kernel file, FunLove gives all users full access to every file on the system, regardless of the file’s security settings. Microsoft article Q287664, issued February 16, states that after the virus has infected a system, you should consider all data vulnerable to any user until after you have removed the virus. Contact your antivirus vendor for instructions about identifying and detoxifying a system infected with the W32.FunLove.4099 virus.
McAfee NetShield Makes NT 4.0 PDC Unavailable
I don't know how long this particular problem has existed, but news of it appeared a few days ago. Apparently, one or more versions of McAfee’s NetShield cause NT 4.0 PDC connectivity problems. Clients might periodically lose connectivity to the PDC, and although they can successfully ping the PDC, they can't see PDCs that have NetBIOS names such as \\servername. When NetShield is the cause of the problem, the PDC logs either event ID 3013 with the text "the redirector has timed out to servername" or event ID 2022 with the message "the server was unable to find a free connection." Microsoft article Q288258, which doesn't identify the version or versions of NetShield that cause the connectivity problem, states that the only way to eliminate the problem is to remove NetShield. Contact McAfee to determine whether the company can identify the versions of NetShield that cause this problem. McAfee might have an update that solves the NetBIOS problem.