OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [NTSEC] Re: Update on Win9x and NewTear, TCP/IP vulnerab
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [NTSEC] Re: Update on Win9x and NewTear, TCP/IP vulnerabiliti es

  • To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
  • Subject: Re: [NTSEC] Re: Update on Win9x and NewTear, TCP/IP vulnerabiliti es
  • From: Jason Garms <jasongMICROSOFT.COM>
  • Date: Mon, 9 Mar 1998 10:37:48 -0800
  • Comments: To: Sebastian Stache <zebsbbs.se>, "ntsecurityiss.net" <ntsecurityiss.net>
  • Comments: cc: Paul Leach <paullemicrosoft.com>
  • Reply-To: Jason Garms <jasongMICROSOFT.COM>
  • Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Hi Sebastian,

Your comment has been heard and your point is well taken. As Paul Leach has
already posted, the issue of localization for security hotfixes is being
carefully examined. I wish I could say that everything will be better by
this afternoon and I could give you every hotfix necessary in every language
right now, but that would be misleading.

What I can say is that the process is being changed. It is being updated.
You might (or might not) notice, but we're trying to automatically produce
security hotfixes for WinNT 3.51, and that represents a change in the last 2
months. I just submit that to you as evidence of change, rather than a
resolution to your immediate problem. (Yes the 3.51 version.

I don't have all the answers at this exact moment, but I wanted to let you
know we're looking very carefully at this, and simply offer this post as a
commitment to further improving the process.

Also, since I've gotten the question a lot, we're hard at work at service
pack 4 for Windows NT 4, which will contain all these updates. It will
definitely be localized into all languages NT is available in.

Thanks,
-JasonG

Product Manager
Windows NT Security
Microsoft Corporation


        -----Original Message-----
        From:   Sebastian Stache [SMTP:zebsbbs.se]
        Sent:   Sunday, March 08, 1998 2:31 AM
        To:     'ntsecurityiss.net'
        Cc:     Jason Garms
        Subject:        [NTSEC] Re: Update on Win9x and NewTear, TCP/IP
vulnerabilities


        TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomoiss.net
        Contact ntsecurity-owneriss.net for help with any problems!

---------------------------------------------------------------------------

        Date: Fri, 6 Mar 1998 16:50:27 -0800
        From: Jason Garms <jasongmicrosoft.com>
        Subject: [NTSEC] Update on Win9x and NewTear, TCP/IP vulnerabilities

        Last week we released the "Winsock 2 Update" for Windows 95. This
update
        contains fixes for all known vulnerabilities in the Windows 95
TCP/IP stack.
        We are in the process of updating our KB articles and advisories to
reflect
        new recommendations that customers concerned about TCP/IP security
and
        denial of service issues should install this update. This update
works for
        all existing Windows 95 systems, and can be installed on top of
systems that
        already have existing security updates installed. (Note: there is a
caveat
        on installing the dun 1.2b after installing this update, so please
read the
        release notes.)

        The "Winsock 2 Update" update (approximately 192k) is available from
        http://www.microsoft.com/windows95/info/ws2.htm
        <http://internet-build1/windows95/info/ws2.htm> . This is a fully
supported
        and regression tested update.

        We have notified CERT, NASIRC, and CIAC of this update so they can
update
        their notifications.

        It's also worth noting that Windows 98 RC0 (release candidate 0)
contains
        all known TCP/IP updates, and is not vulnerable to this attack.

        At the requests of numerous customers, we're also revising the
language that
        appears in the knowledge base articles to be more consistent with
our
        security recommendations. The revisions will be completed early next
week.
        The language that was used is the standard legal boilerplate
language that
        appears on all the knowledge base articles. Please be assured, from
a
        security perspective, we want to encourage customers to install
updates that
        will help to improve security. I apologize for the confusion.

        Thanks for the feedback,
        - -JasonG

        Product Manager
        Windows NT Security
        Microsoft Corporation

        This is welcome news.
        Could you also clarify your policy on international hot-fixes?
        As of today, only 3 post-SP3 fixes are available for the Swedish
        versions of NT (2gcrash, roll-up and simtcp-fix).
        I'm particularly interested to find out why the getadmin isn't
        available, since the exploit has been widely published in a
        ready-to-use form. Typing "getadmin foo_user" isn't rocket science.
        I realize that you're not in a position to make promises, but please
        make an educated guess: Do you think it would be safe to apply
        (by manually extracting or changing the inf-file) the U.S. getadmin
        hot-fix on a Swedish NT?

        Best regards
        Sebastian Stache