Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047))

[Russ <Russ.Cooper () RC ON CA>]

Neena Grimm said;
> What makes you think that 95 and 98 boxes can't be security critical
> machines again?

As someone who worked with Ungermann-Bass' original NBNS servers, and
frequently experienced NB Broadcast storms, I'm extremely curious as to how
people seem to think they can prevent an NB DoS. The particular issue that
MS has addressed seemed logical to take a stab at, on the systems they did
and in the way they did, but at best its a bandaid over a severed limb
(without an NT or W2K server acting as a WINS server). All of this
jabberwocky about 9x machines being used in security critical environments
or fear that their NB services may become unavailable due to name releases
seems a venting contest rather than serious security concerns...but of
course I could be wrong.

If there's no WINS server address on a 9x machine, its a flat NB namespace.
There's nothing authoritative in such a network, nothing that can be relied
upon, and nothing that can be reliably referred to. Since the environment is
likely bridged (if more than one LAN segment exists), broadcast storms are
probably already prevalent. LMHOST files can't be secured against tampering,
elections can't be secured, and names can be injected adhoc by virtually
anything.

Since so many posts have come through indicating the dire need for this
patch on such systems, maybe one or more of them might consider putting up
the ultra-secure NB Win9x-only environment configuration they've implemented
that falls apart due to this flaw.

Cheers,
Russ - NTBugtraq Editor