Announcements from The Palace (fwd)

[myke () EES COM (Mike Holling)]

---------- Forwarded message ----------
Date: Wed, 30 Sep 1998 02:48:14 -0700
From: The Palace <custserv3 () thepalace com>
Subject: Announcements from The Palace

IMPORTANT SECURITY BUG FIX FOR PALACE CLIENT SOFTWARE FOR WINDOWS 95/98/NT:

Over the September 26th weekend, Electric Communities became aware of a
potential serious security problem with the Windows 95/98/NT Palace Client
software. Monday we confirmed a bug that would permit a malicious Palace
server operator to force a Windows Palace client to DOWNLOAD AND EXECUTE an
arbitrary program on the client machine. This bug could be used to deliver
and run software viruses, personal information sniffers, and other
potentially damaging software. However we are not aware of any specific
instances of malicious individuals exploiting this bug in any harmful way.

We have confirmed that this problem does not affect the Macintosh or the
Windows 3.1 client.

In response to this security bug, we are today releasing a NEW WINDOWS
95/98/NT PALACE CLIENT update. This update prevents Palace servers from
attempting to execute software on the client machine, and is HIGHLY
RECOMMENDED FOR ALL WINDOWS PALACE CLIENT USERS.  If you do not upgrade
your client, your machine is vulnerable to this bug being exploited by
malicious server operators.

Visit http://www.thepalace.com/products/client/downloads.html to get the
latest full version of the Windows Client software.

---
If you are currently using version 3.4 (any build) of the palace client,
you may instead download one of the following, smaller updates instead of
the full installer:

ftp://ftp.thepalace.com/pub/palace/client/Windows_95orNT/3.4/AutoUpgradeFor3.4Users.exe if you are using the latest 
version of 3.4 and don't have
multiple versions installed (about 1 meg).
ftp://ftp.thepalace.com/pub/palace/client/Windows_95orNT/3.4/ManualUpgrade.exe
if you know where you have the palace installed, or have
multiple installations (about 400 k).
---