FYI ----- Original Message ----- From: "Microsoft Product Security Response Team" <secureat_private> To: "'Matt'" <mattat_private> Sent: Saturday, December 25, 1999 12:52 PM Subject: RE: Re-release of Microsoft Security Bulletin MS99-046 > Hi Matt - > > Thanks for your note. I'm sorry, but there aren't any plans to develop a > patch for Win98. The attacks that use the predictability of TCP ISNs are > almost exclusively useful for attacking high-value servers such as web > servers and e-commerce servers. Windows 98 simply doesn't serve in a role > like this. WIth that said, I do know that the plan for future members of > the Win9x family is to import the same strong ISN generation alogirhtm as is > used in Windows 2000. Regards, > > Secureat_private > > > -----Original Message----- > From: Matt [mailto:mattat_private] > Sent: Friday, December 24, 1999 8:48 PM > To: Microsoft Product Security Response Team > Subject: Re: Re-release of Microsoft Security Bulletin MS99-046 > > > When will the equivelant win98 patch for this vulnerability be released? > > thnx > > > On Thu, 23 Dec 1999, Microsoft Product Security wrote: > > > The following is a Security Bulletin from the Microsoft Product Security > > Notification Service. > > > > Please do not reply to this message, as it was sent from an unattended > > mailbox. > > ******************************** > > > > Re-release of Microsoft Security Bulletin MS99-046 > > -------------------------------------------------- > > > > In November, we withdrew a previously released patch that improved the > > randomness of TCP initial sequence numbers in Windows NT 4.0. The patch > was > > withdrawn because it contained the same regression error that was present > in > > Windows NT 4.0 SP6. We have eliminated the regression error and > re-released > > the patch. The security bulletin has been updated and is available at > > http://www.microsoft.com/Security/Bulletins/ms99-046.asp; the FAQ also has > > been updated and is available at > > http://www.microsoft.com/Security/Bulletins/ms99-046faq.asp. > > > > All versions of the original patch were affected by the regression error, > > although the error only manifested itself in certain situations. When > > applying the new patch, it's not necessary to uninstall the original patch > > first. Just install the patch as normal. Here's how to determine which > > patch to apply: > > - If you are running Windows NT 4.0 SP4 or SP5 on an Intel machine, go > > to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and > > select q243835sp5i.exe. > > - If you are running Windows NT 4.0 SP6 on an Intel machine, go to > > http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and > > select q243835i.exe. > > - If you are running Windows NT 4.0 SP4 or SP5 on an Alpha machine, go > > to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and > > select q243835sp5a.exe. > > - If you are running Windows NT 4.0 SP6 on an Alpha machine, go > > to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and > > select q243835a.exe. > > > > We are very sorry for any inconvenience caused by the regression error, > and > > will do our best to prevent similar problems in the future. Regards, > > > > The Microsoft Security Response Team > > > > ******************************************************************* > > You have received this e-mail bulletin as a result of your registration > > to the Microsoft Product Security Notification Service. You may > > unsubscribe from this e-mail notification service at any time by sending > > an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUESTat_private > > The subject line and message body are not used in processing the request, > > and can be anything you like. > > > > For more information on the Microsoft Security Notification Service > > please visit http://www.microsoft.com/security/services/bulletin.asp. For > > security-related information about Microsoft products, please visit the > > Microsoft Security Advisor web site at http://www.microsoft.com/security. > > > > -- > "The RIAA can eat a bowl of dicks." -- Ice T >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:23:31 PDT