Update 015-027 Revised (3002657)


In the March 2015 security bulletin, update 15-027 was released.  This is to address a vulnerability in the Netlogon component of windows that could allow spoofing.  The security bulleting for 015-027 is available in the Security TechCenterKB 3002657 provides details of the update. 

Please be aware that the update has been revised, and version 2.0 is now available.  Version 2 is required on Windows Server 2003 machines to correct the issues discussed in this blog post.

This is discussed in the revisions section of the security bulletin. 

 

If you are planning to patch servers in the coming days, please verify what is being rolled out and the version of the update(s). 

  

Possible Symptoms

There have been reports of the original version of the update (v1.0) affecting Exchange and Outlook if Windows 2003 domain controllers are still present in the environment. The typical client symptom is authentication prompts when using NTLM authentication.  EventID 4625 will be logged stating An Error occured during Logon with a status code of 0xc000006d. 

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          3/17/2015 2:20:08 AM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      exchange.tailspintoys.ca
Description:
An account failed to log on.

 

Revised Update

V2.0 (March 16, 2015): To address a connectivity issue with update 3002657 when installed on supported editions of Windows Server 2003, Microsoft released update 3002657-v2 for all supported editions of Windows Server 2003. Customers who have not already installed the 3002657 update should install update 3002657-v2 to be fully protected from this vulnerability. To avoid the possibility of future detection logic problems, Microsoft recommends that customers running Windows Server 2003 who have already successfully installed the 3002657 update also apply update 3002657-v2 even though they are already protected from this vulnerability. Customers running other Microsoft operating systems are not affected by this rerelease and do not need to take any action. See Microsoft Knowledge Base Article 3002657 for more information.

The revised update can be downloaded from the Microsoft download center. 

Links to all versions:

Download Updated MS015-027 Update For KB3002657

 

Cheers,

Rhoderick

Comments (1)

  1. Barry says:

    Guys,
    I am unable to find a working solution, Windows 2003 DC, Exchange 2003, was working great,, all remote users did not have authentication popups after the updates but instead all login ok looking at the security logs in the exchange, but all are remaining disconnected.
    I have removed KB3002657 and installed V2 my problem still remains.
    I have enabled DefConnectOpts ages ago.
    Help I am out of ideas here.

    Thanks
    Barry

Skip to main content