Home page logo
/

bugtraq logo Bugtraq mailing list archives

Fw: Re-release of Microsoft Security Bulletin MS99-046
From: matt () USE NET (Matt)
Date: Sat, 25 Dec 1999 14:13:35 -0800


FYI

----- Original Message -----
From: "Microsoft Product Security Response Team" <secure () microsoft com>
To: "'Matt'" <matt () use net>
Sent: Saturday, December 25, 1999 12:52 PM
Subject: RE: Re-release of Microsoft Security Bulletin MS99-046

Hi Matt -

Thanks for your note.  I'm sorry, but there aren't any plans to develop a
patch for Win98.  The attacks that use the predictability of TCP ISNs are
almost exclusively useful for attacking high-value servers such as web
servers and e-commerce servers.  Windows 98 simply doesn't serve in a role
like this.  WIth that said, I do know that the plan for future members of
the Win9x family is to import the same strong ISN generation alogirhtm as
is
used in Windows 2000.  Regards,

Secure () microsfot com


-----Original Message-----
From: Matt [mailto:matt () use net]
Sent: Friday, December 24, 1999 8:48 PM
To: Microsoft Product Security Response Team
Subject: Re: Re-release of Microsoft Security Bulletin MS99-046


When will the equivelant win98 patch for this vulnerability be released?

thnx


On Thu, 23 Dec 1999, Microsoft Product Security wrote:

The following is a Security  Bulletin from the Microsoft Product
Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an
unattended
mailbox.
                    ********************************

Re-release of Microsoft Security Bulletin MS99-046
--------------------------------------------------

In November, we withdrew a previously released patch that improved the
randomness of TCP initial sequence numbers in Windows NT 4.0.  The patch
was
withdrawn because it contained the same regression error that was
present
in
Windows NT 4.0 SP6.  We have eliminated the regression error and
re-released
the patch.  The security bulletin has been updated and is available at
http://www.microsoft.com/Security/Bulletins/ms99-046.asp; the FAQ also
has
been updated and is available at
http://www.microsoft.com/Security/Bulletins/ms99-046faq.asp.

All versions of the original patch were affected by the regression
error,
although the error only manifested itself in certain situations.  When
applying the new patch, it's not necessary to uninstall the original
patch
first.  Just install the patch as normal.  Here's how to determine which
patch to apply:
 - If you are running Windows NT 4.0 SP4 or SP5 on an Intel machine, go
   to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and
   select q243835sp5i.exe.
 - If you are running Windows NT 4.0 SP6 on an Intel machine, go to
   http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and
   select q243835i.exe.
 - If you are running Windows NT 4.0 SP4 or SP5 on an Alpha machine, go
   to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and
   select q243835sp5a.exe.
 - If you are running Windows NT 4.0 SP6 on an Alpha machine, go
   to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and
   select q243835a.exe.

We are very sorry for any inconvenience caused by the regression error,
and
will do our best to prevent similar problems in the future.  Regards,

The Microsoft Security Response Team

   *******************************************************************
You have received  this e-mail bulletin as a result  of your
registration
to  the   Microsoft  Product  Security  Notification   Service.  You
may
unsubscribe from this e-mail notification  service at any time by
sending
an  e-mail  to
MICROSOFT_SECURITY-SIGNOFF-REQUEST () ANNOUNCE MICROSOFT COM
The subject line and message body are not used in processing the
request,
and can be anything you like.

For  more  information on  the  Microsoft  Security Notification
Service
please visit http://www.microsoft.com/security/services/bulletin.asp.
For
security-related information  about Microsoft products, please  visit
the
Microsoft Security Advisor web site at
http://www.microsoft.com/security.


--
"The RIAA can eat a bowl of dicks." -- Ice T



  By Date           By Thread  

Current thread:
  • Fw: Re-release of Microsoft Security Bulletin MS99-046 Matt (Dec 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]