[13439] in bugtraq
Re: Microsoft Security Bulletin (MS00-005)
daemon@ATHENA.MIT.EDU (bugtraq@NS.DOOMSDAY.COM)
Wed Jan 19 16:58:26 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10001191052150.21751-100000@ns.doomsday.com>
Date: Wed, 19 Jan 2000 10:54:18 -0600
Reply-To: bugtraq@NS.DOOMSDAY.COM
From: bugtraq@NS.DOOMSDAY.COM
X-To: Microsoft Product Security <secnotif@MICROSOFT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <D1A11CCE78ADD111A35500805FD43F5867C28A@RED-MSG-04>
Interesting that this is not a part of Windows 98's Windows
Update. If it was a serious enough vulnerability to fix you would think
that it would also be easy to download and install without subscribing to
any security related lists. :>
_John
On Mon, 17 Jan 2000, Microsoft Product Security wrote:
> The following is a Security Bulletin from the Microsoft Product Security
> Notification Service.
>
> Please do not reply to this message, as it was sent from an unattended
> mailbox.
> ********************************
>
> Microsoft Security Bulletin (MS00-005)
> --------------------------------------
>
> Patch Available for "Malformed RTF Control Word" Vulnerability
> Originally Posted: January 17, 2000
>
> Summary
> =======
> Microsoft has released a patch that eliminates a security vulnerability in
> the Rich Text Format (RTF) reader that ships as part of Microsoft(r)
> Windows(r) 95 and 98, and Windows NT(r) 4.0. Under certain conditions, the
> vulnerability could be used to cause email programs to crash.
>
> Frequently asked questions regarding this vulnerability can be found at
> http://www.microsoft.com/security/bulletins/MS00-005faq.asp.
>
{SNIP}
>
> Affected Software Versions
> ==========================
> - Microsoft Windows 95
> - Microsoft Windows 98
> - Microsoft Windows 98 Second Edition
> - Microsoft Windows NT 4.0 Workstation
> - Microsoft Windows NT 4.0 Server
> - Microsoft Windows NT 4.0 Server, Enterprise Edition
> - Microsoft Windows NT 4.0 Server, Terminal Server Edition
>
> NOTE: Windows 2000 is not affected by this vulnerability.
>
> Patch Availability
> ==================
> - Windows 95:
> http://www.microsoft.com/windows95/downloads/contents/
> WUCritical/rtfcontrol/default.asp
> - Window 98:
> http://www.microsoft.com/windows98/downloads/contents/
> WUCritical/rtfcontrol/default.asp
> - Windows NT 4.0 Workstation, Windows NT 4.0 Server, and
> Windows NT 4.0 Server, Enterprise Edition:
> Intel:
> http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17510
> Alpha:
> http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17511
> - Windows NT 4.0 Server, Terminal Server Edition:
> To be released shortly.
{SNIP}
