SCCS 4.2 - is it safe to load latest MS hotfixes

[bluerigsby]

Hi,

My UK maintainer is giving me contradictory advice about the latest MS security hotfix's. Although these are marked as critical & should be applied immediately on their website, they tell me verbally it is not essential to add them as they see the server as safe enough without them. However loading them can be done at our request but at our risk. If it does not work we'll have to wait for them to find a resolution.
This does not inspire me with confidence.

Anyone loaded them already & what issues were seen if any ?

Cumulative Update for Microsoft RPC/DCOM (828741) MS04-012 Critical

Security Update for Microsoft Windows (835732) MS04-011 Critical

Buffer Overrun in the Workstation Service Could Allow Code Execution (828749) MS03-049 Critical

Buffer Overrun in Messenger Service Could Allow Code Execution (828035) MS03-043 Critical

Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232) MS03-042 Critical

Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182) MS03-041 Critical

 

[ipeology]

as long as you download them at nortel website and you read the readme file carefully you won't have problem.

cheers

 

[mikeyb123]

they've been added to ours with no problems..

It's not getting any smarter out there. You have to come to terms with stupidity, and make it work for you.

 

[glarkin]

Where on the Nortel website can you download the Microsoft patches? I've looked but can't find anything.

 

[sandyml]

Nortel publishes a hotfix compatibility matrix for Symposium products; the latest edition is dated April 14, 2004. If you have access, it can be found on Nortel's Partner Information Center.

 

[ErwinStevanus]

Nortel does not provide any Microsoft Patches at all. The only thing you can download from nortel is Symposium Hotfixes Compatibility List.

All Microsoft Security Patches can be downloaded from :

http://www.microsoft.com/technet/security/current.aspx

Also, for those who does not have the Symposium compatibility list, here are the hotfixes you need to put on SCCS Server (With SP4):
MS03-034 Low
MS03-041 Critical
MS03-042 Critical
MS03-043 Critical
MS03-044 Low
MS03-045 Low/Important
MS03-049 Critical
MS04-003 Important
MS04-011 Critical
MS04-012 Critical

 

[glarkin]

Thanks for posting this information. Why does Nortel make it so hard to support their equipment? Our vendor is pretty weak and I end up having to do most of this kind of legwork myself. It's near impossible to find anything on Nortel's site.

Greg

 

[Sympology]

Nortel seem to have the attitude just because you've paid 10s of thousands for our equipment, doesn't mean we'll support it for free(or even cheaply)
Everyone bitches about MS but at least you get half decent free support (Technet).
Is it any wonder Cisco are No1 in Networking and people are leaving Nortel telecoms in their droves. We used to be pure Nortel everything. We're now down to about 70% and falling. Mainly due to the fact you have to pay for everything, either directly or through useless authourised outlets.
"Have you tried rebooting? You have, oh that normally fixes it. Please hold".
Bitter, me? Never ! lol.

2 decades from retirement, 2 minutes from a breakdown