[10466] in bugtraq
Re: Windows NT Service Pack 5 Released
daemon@ATHENA.MIT.EDU (Chad Price)
Thu May 6 18:39:58 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <4.1.19990506170236.00b62200@137.197.214.37>
Date: Thu, 6 May 1999 17:06:27 -0500
Reply-To: Chad Price <cprice@MOLBIO.UNMC.EDU>
From: Chad Price <cprice@MOLBIO.UNMC.EDU>
X-To: Aleph One <aleph1@UNDERGROUND.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990506123224.O789@underground.org>
You forgot to mention that you MUST be running IE and also that the SP5 web
pages induce _long_ (30 seconds +) apparent lockups when downloading all
the pages (and before displaying their contents for you to actual read)
with Netscape. The NT performance monitor is pegged at 100% for this period
of time.
When you eventually get to the page which allows you to download the
128-bit SP is the point at which you find out that the full SP will not be
released until May 19th and that you must be running IE to download the
current version.
At 12:32 PM 5/6/1999 -0700, Aleph One wrote:
>Microsoft has released the Windows NT Service Pack 5. This one includes
>the following security fixes:
>
>Q188348 Specially-Malformed FTP Requests May Create Denial of Service
>http://support.microsoft.com/support/kb/articles/Q188/3/48.asp
>
>Q193361 MSGINA.DLL does not Reset WINLOGON Structure
>http://support.microsoft.com/support/kb/articles/Q193/3/61.asp
>
>Q195733 Denial of Service in Applications Using RPC over Named Pipes
>http://support.microsoft.com/support/kb/articles/Q195/7/33.asp
>
>Q214802 WinNT Lets You Paste Text into Unlock Workstation Dialog Box
>http://support.microsoft.com/support/kb/articles/Q214/8/02.asp
>
>Q214840 MSV1_0 Allows Network Connections for Specific Accounts
>http://support.microsoft.com/support/kb/articles/Q214/8/40.asp
>
>Q218473 Restricting Changes to Base System Objects
>http://support.microsoft.com/support/kb/articles/Q218/4/73.asp
>
>Q221991 Screen Saver Vulnerability Lets User Privileges Be Elevated
>http://support.microsoft.com/support/kb/articles/Q221/9/91.asp
>
>Go get it:
>
>http://www.microsoft.com/ntserver/nts/news/msnw/Sp5Mktbulletin.asp
>
>--
>Aleph One / aleph1@underground.org
>http://underground.org/
>KeyID 1024/948FD6B5
>Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Chad Price
Systems Manager
University of Nebraska Medical Center
600 S 42nd St
Omaha, NE 68506-6495
cprice@molbio.unmc.edu
(402) 559-9527
(402) 559-4077 (FAX)
