Microsoft April 2004 Updates - 3 minor issues
Microsoft did a quality job overall given the magnitude of the 20 bundled security changes in the April 2004 updates. Below are some 3 minor issues reported so far in our 11,000 member My IT Forums. Hopefully, the good quality and regression testing exterted by Microsoft will continue to hold up.
# 1 - ROAMING PROFILES & MAPPED DRIVE ISSUES
First issue encountered with MS04-011 - This from my colleague and administrator of our Citrix farm... We've discovered that the -011 patch messes up roaming profiles and homedrive homepath mappings – Supposedly MS has quite few cases on this. I don’t think you use roaming profiles but hope there is nothing else mucked up – wanted to give you an FYI
# 2 - WINDOWS NT 4 - NTOSKRNL.EXE ISSUES
I've seen this on servers that were originally Uniprocessor HALs that were converted to Multiprocessor HALS later. When the patch runs, it replaces ntoskrnl.exe with the wrong HAL version. I have seen an issue on some of my NT 4.0 Workstation PC's. I get a missing NTOSKRNL.EXE on reboot. To fix it I had to restore the NTOSKRNL.EXE from C:\WINNT\$KB835732$ Anyone else seen this?
# 3 - WINDOWS 2003 IE 6 ISSUE (after updates) - Cipher Strength = 0
NTBugtraq Mailing List
This is a functionality regression that has been around for some time. The weird part of the MS04-011 patch is that it only occurs on Windows 2003.
KB261328: Cipher Strength Appears as 0-Bit in Internet Explorer http://support.microsoft.com/?kbid=261328
SYMPTOMS - In Microsoft Internet Explorer, you may experience the following behaviors: When you click About Internet Explorer on the Help menu, the Cipher Strength value is 0-bit. -and- You cannot connect to and view Web pages on secure Web sites.
CAUSE - This behavior can occur if the Schannel.dll, Rsabase.dll, or Rsaenh.dll files are missing, damaged, or of the incorrect version.
Subject: [Full-Disclosure] MS04-011 Break SSL support in IE 6.0.3790.0 with Windows 2003
Hello everyone, A warning to all Windows 2003 user, this happened on two machine who had the exact same software configuration but different hardware. After installing the latest set of patches from microsoft, I was unable to access sites using SSL, after some investigation it turned out that my IE Cipher strength was set to 0 bit ... After lot of troubleshooting and tryout with the different solutions offered by Microsoft I decided to take a guess and uninstall the MS04-011 patch... Well, the problem solved itself, the IE Cipher Strength is now at 128 like it was before, I can now access sites using SSL, windowsupdate, msn, etc ... Weird ..