[274] in Best-of-Security
BoS: 'sec-fix' for NT 3.51
daemon@ATHENA.MIT.EDU (Alan C. Ramsbottom)
Thu Jun 26 12:11:16 1997
Date: Wed, 25 Jun 1997 23:02:34 +0100
Reply-To: acr@als.co.uk
From: "Alan C. Ramsbottom" <acr@als.co.uk>
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
Perhaps everyone has already upgraded all their machines, but an NT
3.51 version of the 'sec-fix' seems to have quietly arrived on the
MS ftp server a couple of weeks ago. It can be found at:
ftp.microsoft.com
..in the (very long) directory:
/bussys/winnt/winnt-public/fixes/usa/NT351/hotfixes-postSP5/sec-fix
The 3.51 version of the fix addresses two security 'exploits' that
are described in the KB articles:
Q143474 - Anonymous logon user (Red Button).
Q161372 - SMB signing to prevent "Man in the middle" attacks.
Unlike the NT 4 version (now part of SP3), this *doesn't* include
the System Key fix that allows you to enable strong encryption of
the SAM database (Q143475).
Regards,
--Alan--
acr@als.co.uk
