[159] in Best-of-Security
BoS: Some quick notes about SP3:
daemon@ATHENA.MIT.EDU (Russ)
Sat May 17 21:54:35 1997
Date: Fri, 16 May 1997 09:06:32 -0400
Reply-To: Windows NT BugTraq Mailing List <NTBUGTRAQ@RC.ON.CA>,
Russ <Russ.Cooper@RC.ON.CA>
From: Russ <Russ.Cooper@RC.ON.CA>
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
Could someone from Microsoft comment about items 2, 3, and 9.
1. Microsoft is phasing out development for the PowerPC platform, so SP3
does not include any code for PowerPC. What with DEC suing Intel for the
patent of the Pentium, we may find ourselves with a single NT platform.
2. ODBC 3.0 is included, but it's not specified as to whether or not the
version in the service pack is the updated version available from the
http://www.microsoft.com/ODBC/download/DMDownload.htm page. Could
someone from Microsoft please clarify as to whether or not its still
necessary to retrieve the odbcdmin.exe file?
3. There are updates to the Win32 SDK, including new APIs, and Microsoft
refers folk to http://www.microsoft.com/msdn/sdk to retrieve them. At
the time of this writing (5.16.97 - 8:30EST) these were not yet
available on that site.
4. Everyone should read section 2.1 and 2.2 (at least) of the README.TXT
file included in the SP3 download area. It covers incompatibilities that
need to be considered before updating your system with SP3.
5. Limited PPP MD5-CHAP support is included in SP3, but its important to
note that the user account information is stored under the RAS Server's
registry keys and NOT in the SAM. The account information is also local
to the specific RAS server, not all RAS servers in a given environment.
It would be highly recommended to employ the Registry Encryption
features of SP3 if you plan on supporting PPP MD5 clients.
6. The version of DHCP Server included in SP3 now supports BOOTP
clients!!(although only with a static IP address reservation). It should
be noted, however, that it also changes the format of your DHCP dB so
you should back it up before you apply SP3. It also supports logging!
7. By default, unencrypted passwords cannot be sent from an NT box with
SP3, this must be specifically enabled to be possible.
8. $ smbclient -U verylongname -M host (from Unix) is fixed.
9. NBT SMB connection calls are sent to all bound interfaces, and by
default, the system will wait to see if a response is received on the
"primary" interface before accepting a response received only on the
"secondary" interface. This can result in delays in SMB connects on
multi-homed machines. Article Q166159 explains a registry entry that can
be added to speed this process up (it accepts the connection over
whichever interface receives one first). Its unclear whether or not SP3
implements this registry value now by default, or whether you still have
to manually place the registry entry in yourself? Could Microsoft
clarify?
Cheers,
Russ
R.C. Consulting, Inc. - NT/Internet Security
owner of the NTBugTraq mailing list:
http://ntbugtraq.rc.on.ca/index.html
