Bugtraq mailing list archives
Re: Microsoft Security Bulletin (MS00-036)
From: matt () USE NET (Matt)
Date: Fri, 26 May 2000 12:46:03 -0700
On Fri, 26 May 2000, Microsoft Product Security wrote:
Affected Software Versions ========================== - Microsoft Windows NT 4.0 Workstation - Microsoft Windows NT 4.0 Server - Microsoft Windows NT 4.0 Server, Enterprise Edition - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server - Microsoft Windows 2000 Advanced Server NOTE: Windows 95, Windows 98, and Windows NT 4.0 Server, Terminal Server Edition, also provide an implementation of the Computer Browser protocol. However, they are not listed as affected products because the scenario in which these vulnerabilities could be exploited - large networks that rely on computer browsing - are exactly the ones most unlikely to use Windows 95, Windows 98 or Windows NT 4.0 Terminal Servers as master browsers.
Either Win9x and NT4TSE are "affected", or they aren't. They aren't in the "Affected Software Versions" list, but then the verbage says that they are affected. If they are affected, a fix should be provided instead of Microsoft making broad assumptions that their products are only being used in certain contexts. As a Windows 98 user, I would very much like to see a fix for these vulnerabilities and I'm sure others would as well. -- this band is perfect just don't scratch the surface
Current thread:
- [COVERT-2000-05] Microsoft Windows Computer Browser Reset Vulnerability COVERT Labs (May 25)
- new vulnerability in Netscape effectively disables SSL server auth Kevin Fu (May 26)
- Microsoft Security Bulletin (MS00-036) Microsoft Product Security (May 26)
- Re: Microsoft Security Bulletin (MS00-036) Matt (May 26)
- [TL-Security-Announce] gpm TLSA2000011-1 Katherine M. Moussouris (May 26)
- Revision 2: Analysis of jolt2.c (MS00-029) Mikael Olsson (May 27)
- Re: [COVERT-2000-05] Microsoft Windows Computer Browser Reset Vulnerability Vladimir Dubrovin (May 26)