|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Update on Win9x and NewTear, TCP/IP vulnerabilities
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Update on Win9x and NewTear, TCP/IP vulnerabilities
- From: Jason Garms <jasongMICROSOFT.COM>
- Date: Fri, 6 Mar 1998 16:50:27 -0800
- Comments: To: "ntsecurityiss.net" <ntsecurityiss.net>
- Comments: cc: Paul Leach <paullemicrosoft.com>
- Reply-To: Jason Garms <jasongMICROSOFT.COM>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Last week we released the "Winsock 2 Update" for Windows 95. This update contains fixes for all known vulnerabilities in the Windows 95 TCP/IP stack. We are in the process of updating our KB articles and advisories to reflect new recommendations that customers concerned about TCP/IP security and denial of service issues should install this update. This update works for all existing Windows 95 systems, and can be installed on top of systems that already have existing security updates installed. (Note: there is a caveat on installing the dun 1.2b after installing this update, so please read the release notes.) The "Winsock 2 Update" update (approximately 192k) is available from http://www.microsoft.com/windows95/info/ws2.htm <http://internet-build1/windows95/info/ws2.htm> . This is a fully supported and regression tested update. We have notified CERT, NASIRC, and CIAC of this update so they can update their notifications. It's also worth noting that Windows 98 RC0 (release candidate 0) contains all known TCP/IP updates, and is not vulnerable to this attack. At the requests of numerous customers, we're also revising the language that appears in the knowledge base articles to be more consistent with our security recommendations. The revisions will be completed early next week. The language that was used is the standard legal boilerplate language that appears on all the knowledge base articles. Please be assured, from a security perspective, we want to encourage customers to install updates that will help to improve security. I apologize for the confusion. Thanks for the feedback, -JasonG Product Manager Windows NT Security Microsoft Corporation
- Prev by Date: Re: FW: CERT Summary CS-98.02
- Next by Date: Administrivia #8122 - Anniversary Issue
- Prev by thread: Re: FW: CERT Summary CS-98.02
- Next by thread: Administrivia #8122 - Anniversary Issue
- Index(es):