> From: Jason Garms > Sent: Wednesday, March 04, 1998 12:53 AM > Subject: Update on wide-spread NewTear Denial of Service attacks [...] > unpatched systems would blue screen. However, these replayed attacks had > no effect on fully patched Windows NT 4.0 SP3 systems (all hotfixes). The > primary fix that is important here is the "NewTear/Bonk/Boink" update that > was released in January. It's too bad that microsoft recommends against applying these patches: Microsoft has confirmed this to be a problem in Windows NT version 4.0. A supported fix is now available, but has not been fully regression-tested and should be applied only to systems experiencing this specific problem. Unless you are severely impacted by this specific problem, Microsoft recommends that you wait for the next Service Pack that contains this fix. Contact Microsoft Technical Support for more information. It really bothers me that microsoft takes such a stance on what are obviously very important security fixes. If microsoft wants to market their system as a secure system, and if that system is only secure against current attacks if all hotfixes and service packs are installed, then microsoft should fully support those hotfixes and service packs. Microsoft should fully regression test the hotfixes and should recommend that everyone installs them. I suspect this is a contributing factor to the rash of attacks that are being seen. I wonder how many admins did not update their systems with the recent fixes after reading the recommendation in the hotfix text. And of course if you choose to report a problem to microsoft the first question they ask is "do you have all the service packs and hotfixes installed?". Microsoft can't have their cake and eat it too. > Jason Garms > Product Manager > Windows NT Security > Microsoft Corporation Tim N.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:57 PDT