---------- Forwarded message ---------- Date: Wed, 30 Sep 1998 02:48:14 -0700 From: The Palace <custserv3at_private> Subject: Announcements from The Palace IMPORTANT SECURITY BUG FIX FOR PALACE CLIENT SOFTWARE FOR WINDOWS 95/98/NT: Over the September 26th weekend, Electric Communities became aware of a potential serious security problem with the Windows 95/98/NT Palace Client software. Monday we confirmed a bug that would permit a malicious Palace server operator to force a Windows Palace client to DOWNLOAD AND EXECUTE an arbitrary program on the client machine. This bug could be used to deliver and run software viruses, personal information sniffers, and other potentially damaging software. However we are not aware of any specific instances of malicious individuals exploiting this bug in any harmful way. We have confirmed that this problem does not affect the Macintosh or the Windows 3.1 client. In response to this security bug, we are today releasing a NEW WINDOWS 95/98/NT PALACE CLIENT update. This update prevents Palace servers from attempting to execute software on the client machine, and is HIGHLY RECOMMENDED FOR ALL WINDOWS PALACE CLIENT USERS. If you do not upgrade your client, your machine is vulnerable to this bug being exploited by malicious server operators. Visit http://www.thepalace.com/products/client/downloads.html to get the latest full version of the Windows Client software. --- If you are currently using version 3.4 (any build) of the palace client, you may instead download one of the following, smaller updates instead of the full installer: ftp://ftp.thepalace.com/pub/palace/client/Windows_95orNT/3.4/AutoUpgradeFor3.4Users.exe if you are using the latest version of 3.4 and don't have multiple versions installed (about 1 meg). ftp://ftp.thepalace.com/pub/palace/client/Windows_95orNT/3.4/ManualUpgrade.exe if you know where you have the palace installed, or have multiple installations (about 400 k). ---
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:18:35 PDT