Bugtraq mailing list archives
Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047))
From: Russ <Russ.Cooper () RC ON CA>
Date: Wed, 2 Aug 2000 14:02:45 -0400
Neena Grimm said;
What makes you think that 95 and 98 boxes can't be security critical machines again?
As someone who worked with Ungermann-Bass' original NBNS servers, and frequently experienced NB Broadcast storms, I'm extremely curious as to how people seem to think they can prevent an NB DoS. The particular issue that MS has addressed seemed logical to take a stab at, on the systems they did and in the way they did, but at best its a bandaid over a severed limb (without an NT or W2K server acting as a WINS server). All of this jabberwocky about 9x machines being used in security critical environments or fear that their NB services may become unavailable due to name releases seems a venting contest rather than serious security concerns...but of course I could be wrong. If there's no WINS server address on a 9x machine, its a flat NB namespace. There's nothing authoritative in such a network, nothing that can be relied upon, and nothing that can be reliably referred to. Since the environment is likely bridged (if more than one LAN segment exists), broadcast storms are probably already prevalent. LMHOST files can't be secured against tampering, elections can't be secured, and names can be injected adhoc by virtually anything. Since so many posts have come through indicating the dire need for this patch on such systems, maybe one or more of them might consider putting up the ultra-secure NB Win9x-only environment configuration they've implemented that falls apart due to this flaw. Cheers, Russ - NTBugtraq Editor
Current thread:
- FW: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Forrester, Mike (Aug 01)
- <Possible follow-ups>
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Patrick R. Sweeney (Aug 01)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Microsoft Security Response Center (Aug 01)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Ryan Fox (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) David LeBlanc (Aug 03)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Ryan Fox (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Neena Grimm (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Russ (Aug 02)