Bugtraq mailing list archives
Fw: Re-release of Microsoft Security Bulletin MS99-046
From: matt () USE NET (Matt)
Date: Sat, 25 Dec 1999 14:13:35 -0800
FYI ----- Original Message ----- From: "Microsoft Product Security Response Team" <secure () microsoft com> To: "'Matt'" <matt () use net> Sent: Saturday, December 25, 1999 12:52 PM Subject: RE: Re-release of Microsoft Security Bulletin MS99-046
Hi Matt - Thanks for your note. I'm sorry, but there aren't any plans to develop a patch for Win98. The attacks that use the predictability of TCP ISNs are almost exclusively useful for attacking high-value servers such as web servers and e-commerce servers. Windows 98 simply doesn't serve in a role like this. WIth that said, I do know that the plan for future members of the Win9x family is to import the same strong ISN generation alogirhtm as
is
used in Windows 2000. Regards, Secure () microsfot com -----Original Message----- From: Matt [mailto:matt () use net] Sent: Friday, December 24, 1999 8:48 PM To: Microsoft Product Security Response Team Subject: Re: Re-release of Microsoft Security Bulletin MS99-046 When will the equivelant win98 patch for this vulnerability be released? thnx On Thu, 23 Dec 1999, Microsoft Product Security wrote:The following is a Security Bulletin from the Microsoft Product
Security
Notification Service. Please do not reply to this message, as it was sent from an
unattended
mailbox. ******************************** Re-release of Microsoft Security Bulletin MS99-046 -------------------------------------------------- In November, we withdrew a previously released patch that improved the randomness of TCP initial sequence numbers in Windows NT 4.0. The patchwaswithdrawn because it contained the same regression error that was
present
inWindows NT 4.0 SP6. We have eliminated the regression error andre-releasedthe patch. The security bulletin has been updated and is available at http://www.microsoft.com/Security/Bulletins/ms99-046.asp; the FAQ also
has
been updated and is available at http://www.microsoft.com/Security/Bulletins/ms99-046faq.asp. All versions of the original patch were affected by the regression
error,
although the error only manifested itself in certain situations. When applying the new patch, it's not necessary to uninstall the original
patch
first. Just install the patch as normal. Here's how to determine which patch to apply: - If you are running Windows NT 4.0 SP4 or SP5 on an Intel machine, go to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and select q243835sp5i.exe. - If you are running Windows NT 4.0 SP6 on an Intel machine, go to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and select q243835i.exe. - If you are running Windows NT 4.0 SP4 or SP5 on an Alpha machine, go to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and select q243835sp5a.exe. - If you are running Windows NT 4.0 SP6 on an Alpha machine, go to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and select q243835a.exe. We are very sorry for any inconvenience caused by the regression error,andwill do our best to prevent similar problems in the future. Regards, The Microsoft Security Response Team ******************************************************************* You have received this e-mail bulletin as a result of your
registration
to the Microsoft Product Security Notification Service. You
may
unsubscribe from this e-mail notification service at any time by
sending
an e-mail to
MICROSOFT_SECURITY-SIGNOFF-REQUEST () ANNOUNCE MICROSOFT COM
The subject line and message body are not used in processing the
request,
and can be anything you like. For more information on the Microsoft Security Notification
Service
please visit http://www.microsoft.com/security/services/bulletin.asp.
For
security-related information about Microsoft products, please visit
the
Microsoft Security Advisor web site at
http://www.microsoft.com/security.
-- "The RIAA can eat a bowl of dicks." -- Ice T
Current thread:
- Fw: Re-release of Microsoft Security Bulletin MS99-046 Matt (Dec 25)