Re: Update on wide-spread NewTear Denial of Service attacks

[newsham () LAVA NET (Tim Newsham)]

> From:   Jason Garms
> Sent:   Wednesday, March 04, 1998 12:53 AM
> Subject:        Update on wide-spread NewTear Denial of Service attacks
[...]

> unpatched systems would blue screen. However, these replayed attacks had
> no effect on fully patched Windows NT 4.0 SP3 systems (all hotfixes). The
> primary fix that is important here is the "NewTear/Bonk/Boink" update that
> was released in January.

It's too bad that microsoft recommends against applying these patches:

  Microsoft has confirmed this to be a problem in Windows NT version 4.0.
  A supported fix is now available, but has not been fully regression-tested
  and should be applied only to systems experiencing this specific problem.
  Unless you are severely impacted by this specific problem, Microsoft
  recommends that you wait for the next Service Pack that contains this fix.
  Contact Microsoft Technical Support for more information.

It really bothers me that microsoft takes such a stance on what
are obviously very important security fixes.  If microsoft wants
to market their system as a secure system, and if that system is
only secure against current attacks if all hotfixes and service
packs are installed, then microsoft should fully support those
hotfixes and service packs.  Microsoft should fully regression
test the hotfixes and should recommend that everyone installs them.
I suspect this is a contributing factor to the rash of attacks
that are being seen.  I wonder how many admins did not update their
systems with the recent fixes after reading the recommendation in
the hotfix text.

And of course if you choose to report a problem to microsoft the
first question they ask is "do you have all the service packs and
hotfixes installed?".  Microsoft can't have their cake and eat it
too.

> Jason Garms
> Product Manager
> Windows NT Security
> Microsoft Corporation

                                          Tim N.