[16043] in bugtraq
Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047))
daemon@ATHENA.MIT.EDU (Microsoft Security Response Center)
Wed Aug 2 01:35:34 2000
Mime-Version: 1.0
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
boundary="----=_NextPart_000_0164_01BFFBE6.19AFBA60"; micalg=SHA1
Message-Id: <B9D1827FDF66D111925800805F3102E31DEB22C9@RED-MSG-57>
Date: Tue, 1 Aug 2000 18:27:05 -0700
Reply-To: Microsoft Security Response Center <secure@MICROSOFT.COM>
From: Microsoft Security Response Center <secure@MICROSOFT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
------=_NextPart_000_0164_01BFFBE6.19AFBA60
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hi All -
We've received several notes asking why there are no Windows 95 or 98
patches provided in MS00-047. We've added a Q&A to the FAQ to
explain
our reasoning, and the updated version should be available on the web
shortly. FYI, here's the text of the Q&A we added:
- ------- start ------------
NetBIOS is provided as part of all Windows systems. Why hasn't a
patch
been provided for Windows 95 and 98?
These systems do implement NetBIOS, but we have not developed a patch
for them. The reason is because there is an incompatibility between
the
effect of the patch and the role in which Windows 95 and 98 machines
are
most appropriately used.
As discussed above, the vulnerability results from the misuse of
normal,
by-design management functions provided in NetBIOS. The patch removes
some of these functions. It's not appropriate to apply the patch
globally - for instance, on all workstations within a large network -
because it would impede the ability of the network to cope with
normally-occurring name conflicts. Indeed, it's likely that if the
patch
were deployed globally within a large network, the loss of the normal
management functions would cause as much, if not more, disruption
than a
malicious attack. As a result, we have recommended that the patch be
applied only to security-critical machines, and have only developed
patches for products that are appropriate in such a role.
- ------ end ----------------
Hope that helps explain our rationale. Regards,
Secure@microsoft.com
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBOYd4640ZSRQxA/UrAQHvCwf/aU4YW60S/9Mp9qcDpWkXYXlOtHgdyXOQ
yx22YXWJ43TTI8uKHlNzCnrGux0BviimIFSX//wqfbVhzNIcrEjhu3FeNSs465Fk
g7kNJpXgnFpkIkz9q14NjA7tnyi8WxjF+TYWzdoHOgOIGtn6zsPD/2wIQFlFmRn9
7PYKsJ7H/lp6J5t8hT3MPGkcztRoOJVNL0W2MLxoZTletlNRll/q2FRMVH1bT79o
erPrPQobld0jbjc4W0CmQCAi0rmOS33+I46mnIf//oTRqRuholmF7rZJtUce+SHv
2/22HGDnes7Qifids2rWHeK8A7OB/LWxgISEue6Hyispi/m4C2cHng==
=PX+9
-----END PGP SIGNATURE-----
------=_NextPart_000_0164_01BFFBE6.19AFBA60
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJ/TCCAj0w
ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG
A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi
bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH
mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF
4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d
6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix
3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR
cZQwggMuMIICl6ADAgECAhEA0nYujRQMPX2yqCVdr+4NdTANBgkqhkiG9w0BAQIFADBfMQswCQYD
VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj
IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTgwNTEyMDAwMDAwWhcNMDgwNTEy
MjM1OTU5WjCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy
dXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5j
b3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0Eg
SW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAu1pEigQWu1X9A3qKLZRPFXg2uA1Ksm+cVL+86HcqnbnwaLuV2TFBcHqB
S7lIE1YtxwjhhEKrwKKSq0RcqkLwgg4C6S/7wju7vsknCl22sDZCM7VuVIhPh0q/Gdr5FegPh7Yc
48zGmo5/aiSS4/zgZbqnsX7vyds3ashKyAkG5JkCAwEAAaN8MHowEQYJYIZIAYb4QgEBBAQDAgEG
MEcGA1UdIARAMD4wPAYLYIZIAYb4RQEHAQEwLTArBggrBgEFBQcCARYfd3d3LnZlcmlzaWduLmNv
bS9yZXBvc2l0b3J5L1JQQTAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
AQIFAAOBgQCIuDc73dqUNwCtqp/hgQFxHpJqbS/28Z3TymQ43BuYDAeGW4UVag+5SYWklfEXfWe0
fy0s3ZpCnsM+tI6q5QsG3vJWKvozx74Z11NMw73I4xe1pElCY+zCphcPXVgaSTyQXFWjZSAA/Rgg
5V+CprGoksVYasGNAzzrw80FopCubjCCBIYwggPvoAMCAQICEAVbo7ZcNCuluzJSdf+s4CIwDQYJ
KoZIhvcNAQEEBQAwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
biBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBB
IEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAx
IENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwHhcNOTkxMjMw
MDAwMDAwWhcNMDAxMjI5MjM1OTU5WjCCASoxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD
VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3Jl
cG9zaXRvcnkvUlBBIEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk4MR4wHAYDVQQLExVQZXJz
b25hIE5vdCBWYWxpZGF0ZWQxNDAyBgNVBAsTK0RpZ2l0YWwgSUQgQ2xhc3MgMSAtIE1pY3Jvc29m
dCBGdWxsIFNlcnZpY2UxKzApBgNVBAMUIk1pY3Jvc29mdCBTZWN1cml0eSBSZXNwb25zZSBDZW50
ZXIxIzAhBgkqhkiG9w0BCQEWFHNlY3VyZUBtaWNyb3NvZnQuY29tMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQC5p8rQpjuPFFZf+KLtESi391k/8oOw6zOIOx6odUMFfulf0clSmvKn8ubcfOeR
/4n0uTGhvBnMO0zP/g6xKoDwFIzY/5DNY2VmZ7wLIxpvfwDjBTSAdw53t60rJzs8PmB26FgbJ69B
Y+rnsR3xg+HUok+BIvYS6GTHUzmwQdonEQIDAQABo4IBBjCCAQIwCQYDVR0TBAIwADCBrAYDVR0g
BIGkMIGhMIGeBgtghkgBhvhFAQcBATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNp
Z24uY29tL0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWdu
J3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24wEQYJ
YIZIAYb4QgEBBAQDAgeAMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwudmVyaXNpZ24uY29t
L2NsYXNzMS5jcmwwDQYJKoZIhvcNAQEEBQADgYEAOZ+QMi8SC6JAG4j9hdZPbZtHPPsJ0o8g7g2y
N6IBGcQkiuxStuH+QfYv1P6/o14un3gk1CEFmNvj2a9ed1Ah7rbhM+jdhsS4zdZvIevU7AQzfY6Z
FNfi6feQlseXgvKD0kSIvhyw9sUu4vvugYN4wtiYJRFHDCUKm4L2+Cs2pXsxggM4MIIDNAIBATCB
4TCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5l
dHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBC
eSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0EgSW5kaXZp
ZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZAIQBVujtlw0K6W7MlJ1/6zgIjAJ
BgUrDgMCGgUAoIIBrDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0w
MDA4MDIwMTI3MDhaMCMGCSqGSIb3DQEJBDEWBBTBSOVY7surUfrFvU+cM7PRM4jdxzBYBgkqhkiG
9w0BCQ8xSzBJMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAHBgUrDgMCBzANBggqhkiG9w0D
AgIBKDAHBgUrDgMCGjAKBggqhkiG9w0CBTCB8gYJKwYBBAGCNxAEMYHkMIHhMIHMMRcwFQYDVQQK
Ew5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UE
CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElBQi5M
VEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmli
ZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkAhAFW6O2XDQrpbsyUnX/rOAiMA0GCSqGSIb3DQEBAQUA
BIGAqcr2aoiiRgHuJ+ePwZSTmZ1ApHXIKsxX728+Kl9RMkqbQRwWFOHcWCFpe5SN9Tm8pWtRQ6WI
hys5DZu8+J6QDQ95EzfjToSBIJc+gAsmjxq4YFmIoxiGvEXljU6uydEp/slXls1PBMFq77kU2bQI
IDgcy0h2QchCcw+Oyo9I2ToAAAAAAAA=
------=_NextPart_000_0164_01BFFBE6.19AFBA60--
