Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [NTSEC] Re: Update on Win9x and NewTear, TCP/IP vulnerabiliti es
- To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
- Subject: Re: [NTSEC] Re: Update on Win9x and NewTear, TCP/IP vulnerabiliti es
- From: Jason Garms <jasongMICROSOFT.COM>
- Date: Mon, 9 Mar 1998 10:37:48 -0800
- Comments: To: Sebastian Stache <zebsbbs.se>, "ntsecurityiss.net" <ntsecurityiss.net>
- Comments: cc: Paul Leach <paullemicrosoft.com>
- Reply-To: Jason Garms <jasongMICROSOFT.COM>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Hi Sebastian, Your comment has been heard and your point is well taken. As Paul Leach has already posted, the issue of localization for security hotfixes is being carefully examined. I wish I could say that everything will be better by this afternoon and I could give you every hotfix necessary in every language right now, but that would be misleading. What I can say is that the process is being changed. It is being updated. You might (or might not) notice, but we're trying to automatically produce security hotfixes for WinNT 3.51, and that represents a change in the last 2 months. I just submit that to you as evidence of change, rather than a resolution to your immediate problem. (Yes the 3.51 version. I don't have all the answers at this exact moment, but I wanted to let you know we're looking very carefully at this, and simply offer this post as a commitment to further improving the process. Also, since I've gotten the question a lot, we're hard at work at service pack 4 for Windows NT 4, which will contain all these updates. It will definitely be localized into all languages NT is available in. Thanks, -JasonG Product Manager Windows NT Security Microsoft Corporation -----Original Message----- From: Sebastian Stache [SMTP:zebsbbs.se] Sent: Sunday, March 08, 1998 2:31 AM To: 'ntsecurityiss.net' Cc: Jason Garms Subject: [NTSEC] Re: Update on Win9x and NewTear, TCP/IP vulnerabilities TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomoiss.net Contact ntsecurity-owneriss.net for help with any problems! --------------------------------------------------------------------------- Date: Fri, 6 Mar 1998 16:50:27 -0800 From: Jason Garms <jasongmicrosoft.com> Subject: [NTSEC] Update on Win9x and NewTear, TCP/IP vulnerabilities Last week we released the "Winsock 2 Update" for Windows 95. This update contains fixes for all known vulnerabilities in the Windows 95 TCP/IP stack. We are in the process of updating our KB articles and advisories to reflect new recommendations that customers concerned about TCP/IP security and denial of service issues should install this update. This update works for all existing Windows 95 systems, and can be installed on top of systems that already have existing security updates installed. (Note: there is a caveat on installing the dun 1.2b after installing this update, so please read the release notes.) The "Winsock 2 Update" update (approximately 192k) is available from http://www.microsoft.com/windows95/info/ws2.htm <http://internet-build1/windows95/info/ws2.htm> . This is a fully supported and regression tested update. We have notified CERT, NASIRC, and CIAC of this update so they can update their notifications. It's also worth noting that Windows 98 RC0 (release candidate 0) contains all known TCP/IP updates, and is not vulnerable to this attack. At the requests of numerous customers, we're also revising the language that appears in the knowledge base articles to be more consistent with our security recommendations. The revisions will be completed early next week. The language that was used is the standard legal boilerplate language that appears on all the knowledge base articles. Please be assured, from a security perspective, we want to encourage customers to install updates that will help to improve security. I apologize for the confusion. Thanks for the feedback, - -JasonG Product Manager Windows NT Security Microsoft Corporation This is welcome news. Could you also clarify your policy on international hot-fixes? As of today, only 3 post-SP3 fixes are available for the Swedish versions of NT (2gcrash, roll-up and simtcp-fix). I'm particularly interested to find out why the getadmin isn't available, since the exploit has been widely published in a ready-to-use form. Typing "getadmin foo_user" isn't rocket science. I realize that you're not in a position to make promises, but please make an educated guess: Do you think it would be safe to apply (by manually extracting or changing the inf-file) the U.S. getadmin hot-fix on a Swedish NT? Best regards Sebastian Stache
- Prev by Date: Re: What patches *must* I install?
- Next by Date: Re: [NTSEC] Re: Update on Win9x and NewTear, TCP/IP vulnerabiliti es
- Prev by thread: Re: What patches *must* I install?
- Next by thread: Re: [NTSEC] Re: Update on Win9x and NewTear, TCP/IP vulnerabiliti es