microsoft.public.windowsxp.security_admin
back to index
From: =?Utf-8?B?bmFzcw==?=
Date: Sunday, April 06, 2008 9:27 AM
Subject: RE: Microsoft Security Advisory (950627) - Help
Hi KC,
Glad you got it sorted and thanks for these valuable info and sharing it
with us.
Much appreciated.
Good luck.
nass
---
http://www.nasstec.co.uk
"KC" wrote:
> The fix:
>
> Copied the .dll from another machine (same version) onto a CD.
> Started the 'broken' machine in SafeMode/CommandPrompt.
>
> Deleted the 'broken' .dll then copied the new one to the same location.
> Rebooted. Viola. Works fine.
>
> Gah.
>
> "KC" wrote:
>
> > Thanks for the links. The 1st one is the exact tech note that tells one to
> > disable the Jet Engine and how to re-enable on the WorkArounds.
> >
> > The others do not mention what happens or how to fix when the re-enabling
> > fails.
> >
> > I am 99.9% sure this drive was not compromised. Why? It's never been hooked
> > up to the internet. Yet, mandates from upon high (management) say 'you have
> > to disable this'. (Ridiculous if you ask me, that one has to do things for
> > computers to prevent it from attack when it'll never be effected through the
> > internet or e-mail).
> >
> > Yet, also, no one around here where I'm located knows how to re-enable it.
> >
> >
> >
> > "nass" wrote:
> >
> > >
> > >
> > > "KC" wrote:
> > >
> > > > So, as requested in this advisory, I entered the command line on one of the
> > > > computers here to disable the jet database engine:
> > > >
> > > > Caution, read the rest of this post before entering this line...
> > > > echo y| cacls "%SystemRoot%\system32\msjet40.dll" /E /P everyone:N
> > > >
> > > > So, that sets it as it should.
> > > >
> > > > Come to find out, some of the programs on the computer require the access to
> > > > that specific .dll. Fine. I'll re-enable it using the instructions also
> > > > listed an undo procedure... the advisory states to enter:
> > > >
> > > > echo y| cacls "%SystemRoot%\system32\msjet40.dll" /E /R everyone
> > > >
> > > > I get "Access Denied".
> > > >
> > > > Anyone have a suggestion on how to re-enable the msjet40.dll?
> > >
> > >
> > > I'm afraid your system may be compromised or you messed it up!.
> > > Did you tried the |keys in the registry to adjust to loosen its grip a
> > > little bit?.
> > > Read the info here:
> > > Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code
> > > Execution
> > > http://www.microsoft.com/technet/security/advisory/950627.mspx
> > >
> > > http://office.microsoft.com/en-us/access/HP010321681033.aspx
> > > http://office.microsoft.com/en-us/access/HP010321611033.aspx
