[4804] in bugtraq
'sec-fix' for NT 3.51
daemon@ATHENA.MIT.EDU (Aleph One)
Thu Jun 26 13:19:46 1997
Date: Thu, 26 Jun 1997 09:54:57 -0500
Reply-To: Aleph One <aleph1@DFW.NET>
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
---------- Forwarded message ----------
Date: Wed, 25 Jun 1997 23:02:34 +0100
From: Alan C. Ramsbottom <acr@ALS.CO.UK>
To: NTBUGTRAQ@RC.ON.CA
Subject: 'sec-fix' for NT 3.51
Perhaps everyone has already upgraded all their machines, but an NT
3.51 version of the 'sec-fix' seems to have quietly arrived on the
MS ftp server a couple of weeks ago. It can be found at:
ftp.microsoft.com
..in the (very long) directory:
/bussys/winnt/winnt-public/fixes/usa/NT351/hotfixes-postSP5/sec-fix
The 3.51 version of the fix addresses two security 'exploits' that
are described in the KB articles:
Q143474 - Anonymous logon user (Red Button).
Q161372 - SMB signing to prevent "Man in the middle" attacks.
Unlike the NT 4 version (now part of SP3), this *doesn't* include
the System Key fix that allows you to enable strong encryption of
the SAM database (Q143475).
Regards,
--Alan--
acr@als.co.uk
