Howdy janaugcpa-ga,
Having been plagued with the same problem, I feel the following
will help you quite a bit.
First, as this is a critical time for you, do nothing. As the
Microsoft web page that goes into detail on the 811493 update
points out, there are only very specific conditions where this
vulnerability can be exploited.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;811493
"For an attack to be successful, an attacker would have to be able
to log on interactively to the system, either at the console or
through a terminal session. Also, a successful attack would require
the introduction of code to exploit this vulnerability.
...
- A successful attack requires the ability to log on interactively to
the target computer, either directly at the console or through a
terminal session.
- Properly secured servers are at little risk from this vulnerability.
Standard best practices resources recommend that you only allow
trusted administrators to log on to these kinds of systems
interactively. Without these privileges, an attacker could not
exploit the vulnerability."
To translate the above into English, someone would have to be in
front of the computer and using it, and then run a specific program
that would use the exploit. They also could be running a terminal
session on your machine to do the above, but it doesn't sound like
you have your computer set up so someone could log on to your
computer from a remote (outside your office) location. You should
be more afraid of a person breaking in and stealing your computer
than someone using this exploit.
So, you have now gone until May or June, not having done anything
about this (that means not doing the 811493 "update" on a daily
basis as well) and are ready to try to fix it.
First, remove the original patch. This Microsoft web page shows
how to do it for Windows XP, but it is same process for you.
http://support.microsoft.com/default.aspx?scid=kb;en-us;819634
"To remove the original 811493 security update:
In Control Panel, double-click Add or Remove Programs.
Click Change or Remove Programs.
Click Windows [2000 Hotfix (SP4)] Q811493 ... and then click Remove.
Click Next, and then click Finish to restart your computer."
Next, you will want to install the Windows 2000 Service Pack 4 (SP4).
which also contains the 811493 fix. The Microsoft page on "How to
Obtain the Latest Windows 2000 Service Pack" details this.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;260910
"Windows 2000 fixes are distributed in service packs. Service packs
keep the product current. Service packs include updates, system
administration tools, drivers, and additional components."
On that page, there is a link to the "List of Bugs That Are Fixed
in Windows 2000 Service Pack 4" which includes the Q811493 hotfix.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;327194
"811493 MS03-013: Buffer Overrun in Windows Kernel Message Handling"
You can download SP4 at no cost through the Microsoft "Windows 2000
Service Pack 4" web page.
http://www.microsoft.com/windows2000/downloads/servicepacks/sp4/default.asp
"Windows 2000 Service Pack 4 (SP4) provides the latest updates to
the Windows 2000 operating systems. These updates are a collection
of fixes in the following areas: security, application compatibility,
operating system reliability, and setup."
Hopefully, after that, you will not be notified that you should install
the 811493 fix. On my XP system, doing a "Cumulative Patch" (which is
sort of the same thing you will be doing by applying SP4) did the trick.
If you need clarification, feel free to ask.
Search Strategy: Personal experience of 6 months of being notified that
I should install Q811493. Also went to the Microsoft web site and did
various queries on the 811493 hotfix.
http://www.microsoft.com
Looking Forward, denco-ga - Google Answers Researcher |
