Bugtraq mailing list archives
FW: WinNews Special Issue
From: chasin () crimelab com (Scott Chasin)
Date: Sun, 22 Oct 1995 17:38:15 MDT
Forwarded message:
From owner-ntdev () atria com Sat Oct 21 18:42:05 1995
Message-Id: <01BA9FD0.D58CD320 () voyager stl dec com>
From: Stephen Thompson <steve () stl dec com>
To: "'Nicholas Sayer'" <"sayer nick"@a1.bbov01.sno.mts.dec.com>,
"'Colin Yandle'" <"yandle colin"@a1.snofs1.sno.mts.dec.com>,
"'Bret Hirshman'" <bret () enterprise stl dec com>,
"'Des Gordon'" <gordon () blofly sno dec com>,
"'Windows NT Distrubtion List'" <ntdev () utopia com>,
"'Steve Ollis'" <ollis () stevo stl dec com>
Subject: FW: WinNews Special Issue
Date: Sat, 21 Oct 1995 16:17:57 +-1000
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="---- =_NextPart_000_01BA9FD0.D58CD320"
Sender: owner-ntdev () atria com
Precedence: bulk
------ =_NextPart_000_01BA9FD0.D58CD320
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
---
Stephen Thompson
Digital Equipment Corporation
RSSG Support Group
----------
From: WinNews () microsoft com[SMTP:WinNews () microsoft com]
Sent: Saturday, October 21, 1995 10:08 AM
To: WinNews () microsoft nwnet com
Subject: WinNews Special Issue
Microsoft(R) WinNews Electronic Newsletter
Special Issue, October 20, 1995
***********************************************************
Here is some important information on Windows 95 that
may affect some of you. Please make certain to read it.
UPDATED DRIVERS FOR WINDOWS 95 FILE AND PRINTER SHARING
SECURITY ISSUE - October 20, 1995
Microsoft wants its customers to know that it has
discovered and fixed a potential security problem with file
and printer sharing in Windows 95. Only customers who have
enabled file and printer sharing - a non-default option -
may have been at risk, and, to the best of our knowledge,
no users have been harmed. Nevertheless, Microsoft
regards this potential problem with the greatest
seriousness and, we have worked hard over the past week to
resolve it. Microsoft recommends customers using File and
Printer Sharing upgrade to the newer drivers.
How do I know if I am affected?
Only customers that use the File and Printer Sharing option
to share their files with other users on a network are
affected. This option is not enabled by default so unless
you have manually enabled it, you are not affected by this
issue. To determine if File and Printer Sharing is
enabled, choose the Networks Option in the Control Panel.
If file and printer sharing is enabled, you will see
either "File and Printer Sharing for Microsoft Networks"
or "File and Printer Sharing for NetWare Networks" in the
list of installed network components.
What are the issues?
File and Printer Sharing for NetWare Networks
Microsoft was recently made aware of an issue with File
and Printer sharing for NetWare Networks which may affect
data security for corporate users.
Only users whose environments meet both of the following
conditions may be affected:
1. They configure their machine to share files and
printers with other users on the network using File
and Printer Sharing for NetWare networks (This
option is not turned on by default)
2. They enable remote administration or install
Microsoft Remote Registry Services (These options
are not turned on by default)
If your configuration matches that listed above, it is
possible for another user on the network to gain read-only
access to your machine after the administrator has logged
off the machine and until you restart your computer. To
correct this problem, Microsoft has issued an updated
driver for File and Printer Sharing for NetWare Networks.
The updated driver ensures that only valid administrators
have access to the computer's drive.
File and Printer Sharing for Microsoft Networks (not MSN:
The Microsoft Network online service)
Microsoft is also issuing an update for a known problem
with File and Printer Sharing for Microsoft Networks and a
certain UNIX shareware network client (Samba's SMBCLIENT).
The update corrects a problem with share-level security
documented in the Microsoft Knowledge Base on October 9th.
The update also includes a correction for a similar problem
with user-level security that Microsoft recently discovered
as part of its internal testing of the new driver.
Customers whose environments meet all of the conditions
below, may have their data susceptible to network or
Internet hackers:
1. They configure their machine to share files and
printers with other users on the network using File
and Printer Sharing for Microsoft Networks (This
option is not turned on by default)
2. They share a LAN, Internet, or Dial-Up connection
with a UNIX-based computer running Samba's
SMBCLIENT software
3. The network administrator does not disable peer
services using System Policies
The Samba SMB client allows its users to send illegal
networking commands over the network. The Samba client is
the only known SMB client at this time that does not filter
out such illegal commands. SMBCLIENT users do not
automatically have access to the Windows 95 drive, and
must know the exact steps to send these illegal commands.
The updated driver prevents these illegal commands from
being executed, preventing SMBCLIENT users from accessing
the drive on which sharing is enabled. With the updated
driver, the SMBCLIENT user will only have access to those
shared folders that the Windows 95 user has designated.
How do I get the Updated Drivers?
(Please note that this only affects English language
versions of Windows 95.)
Both drivers are available for immediate download from the
Internet (http://www.microsoft.com/windows), The Microsoft
Network online service, and is being made available to
other online services including CompuServe, America Online,
and Prodigy. The updated drivers will also be mailed to
any user free of charge if they call Microsoft's FastTips
line, 800-936-4200, beginning Monday, October 23rd.
Microsoft is committed to providing safe connectivity
solutions for customers. Microsoft takes this
responsibility seriously and has worked, and will continue
to work, with great speed to provide solutions for
customer issues.
------ =_NextPart_000_01BA9FD0.D58CD320
Content-Type: application/ms-tnef
Content-Transfer-Encoding: base64
eJ8+IhMGAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAENgAQAAgAAAAIAAgABBJAG
APgHAAAGAAAADAAAAAMAADAHAAAACwAPDgEAAAACAf8PAQAAAH8AAAAAAAAAtTvCwCx3EBqhvAgA
KypWwhUAAABjMilXIcvOEYUNCAArON3TxIAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAABAE5pY2hv
bGFzIFNheWVyAFNNVFAAInNheWVyIG5pY2siQGExLmJib3YwMS5zbm8uTVRTLmRlYy5jb20AAB4A
AjABAAAABQAAAFNNVFAAAAAAHgADMAEAAAAnAAAAInNheWVyIG5pY2siQGExLmJib3YwMS5zbm8u
TVRTLmRlYy5jb20AAAMAFQwBAAAAAwD+DwYAAAAeAAEwAQAAABEAAAAnTmljaG9sYXMgU2F5ZXIn
AAAAAAIBCzABAAAALAAAAFNNVFA6IlNBWUVSIE5JQ0siQEExLkJCT1YwMS5TTk8uTVRTLkRFQy5D
T00AAwAAOQAAAAALAEA6AAAAAAIB9g8BAAAABAAAAAAAAAcMAAAAAwAAMAgAAAALAA8OAQAAAAIB
/w8BAAAAfwAAAAAAAAC1O8LALHcQGqG8CAArKlbCFQAAAGMyKVchy84RhQ0IACs43dOkgQAAAAAA
AIErH6S+oxAZnW4A3QEPVAIAAAEAQ29saW4gWWFuZGxlAFNNVFAAInlhbmRsZSBjb2xpbiJAYTEu
c25vZnMxLnNuby5NVFMuZGVjLmNvbQAAHgACMAEAAAAFAAAAU01UUAAAAAAeAAMwAQAAACkAAAAi
eWFuZGxlIGNvbGluIkBhMS5zbm9mczEuc25vLk1UUy5kZWMuY29tAAAAAAMAFQwBAAAAAwD+DwYA
AAAeAAEwAQAAAA8AAAAnQ29saW4gWWFuZGxlJwAAAgELMAEAAAAuAAAAU01UUDoiWUFORExFIENP
TElOIkBBMS5TTk9GUzEuU05PLk1UUy5ERUMuQ09NAAAAAwAAOQAAAAALAEA6AAAAAAIB9g8BAAAA
BAAAAAAAAAgMAAAAAwAAMAkAAAALAA8OAQAAAAIB/w8BAAAAcwAAAAAAAAC1O8LALHcQGqG8CAAr
KlbCFQAAAGMyKVchy84RhQ0IACs43dNkgAAAAAAAAIErH6S+oxAZnW4A3QEPVAIAAAAAQnJldCBI
aXJzaG1hbgBTTVRQAGJyZXRAZW50ZXJwcmlzZS5zdGwuZGVjLmNvbQAAHgACMAEAAAAFAAAAU01U
UAAAAAAeAAMwAQAAABwAAABicmV0QGVudGVycHJpc2Uuc3RsLmRlYy5jb20AAwAVDAEAAAADAP4P
BgAAAB4AATABAAAAEAAAACdCcmV0IEhpcnNobWFuJwACAQswAQAAACEAAABTTVRQOkJSRVRARU5U
RVJQUklTRS5TVEwuREVDLkNPTQAAAAADAAA5AAAAAAsAQDoAAAAAAgH2DwEAAAAEAAAAAAAACQwA
AAADAAAwCgAAAAsADw4BAAAAAgH/DwEAAABuAAAAAAAAALU7wsAsdxAaobwIACsqVsIVAAAAYzIp
VyHLzhGFDQgAKzjd06SAAAAAAAAAgSsfpL6jEBmdbgDdAQ9UAgAAAABEZXMgR29yZG9uAFNNVFAA
Z29yZG9uQGJsb2ZseS5zbm8uZGVjLmNvbQAAAB4AAjABAAAABQAAAFNNVFAAAAAAHgADMAEAAAAa
AAAAZ29yZG9uQGJsb2ZseS5zbm8uZGVjLmNvbQAAAAMAFQwBAAAAAwD+DwYAAAAeAAEwAQAAAA0A
AAAnRGVzIEdvcmRvbicAAAAAAgELMAEAAAAfAAAAU01UUDpHT1JET05AQkxPRkxZLlNOTy5ERUMu
Q09NAAADAAA5AAAAAAsAQDoAAAAAAgH2DwEAAAAEAAAAAAAACgwAAAADAAAwCwAAAAsADw4AAAAA
AgH/DwEAAABrAAAAAAAAALU7wsAsdxAaobwIACsqVsIVAAAAYzIpVyHLzhGFDQgAKzjd0+SBAAAA
AAAAgSsfpL6jEBmdbgDdAQ9UAgAAAABudGRldkB1dG9waWEuY29tAFNNVFAAbnRkZXZAdXRvcGlh
LmNvbQAAHgACMAEAAAAFAAAAU01UUAAAAAAeAAMwAQAAABEAAABudGRldkB1dG9waWEuY29tAAAA
AAMAFQwBAAAAAwD+DwYAAAAeAAEwAQAAAB4AAAAnV2luZG93cyBOVCBEaXN0cnVidGlvbiBMaXN0
JwAAAAIBCzABAAAAFgAAAFNNVFA6TlRERVZAVVRPUElBLkNPTQAAAAMAADkAAAAACwBAOgEAAAAC
AfYPAQAAAAQAAAAAAAALDAAAAAMAADAMAAAACwAPDgEAAAACAf8PAQAAAG0AAAAAAAAAtTvCwCx3
EBqhvAgAKypWwhUAAABjMilXIcvOEYUNCAArON3TxIEAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAAA
AFN0ZXZlIE9sbGlzAFNNVFAAb2xsaXNAc3Rldm8uc3RsLmRlYy5jb20AAAAAHgACMAEAAAAFAAAA
U01UUAAAAAAeAAMwAQAAABgAAABvbGxpc0BzdGV2by5zdGwuZGVjLmNvbQADABUMAQAAAAMA/g8G
AAAAHgABMAEAAAAOAAAAJ1N0ZXZlIE9sbGlzJwAAAAIBCzABAAAAHQAAAFNNVFA6T0xMSVNAU1RF
Vk8uU1RMLkRFQy5DT00AAAAAAwAAOQAAAAALAEA6AAAAAAIB9g8BAAAABAAAAAAAAAzylAEIgAcA
GAAAAElQTS5NaWNyb3NvZnQgTWFpbC5Ob3RlADEIAQSAAQAaAAAARlc6IFdpbk5ld3MgU3BlY2lh
bCBJc3N1ZQDMCAEFgAMADgAAAMsHCgAVABAAEQA5AAYAUQEBIIADAA4AAADLBwoAFQAQABEAHQAG
ADUBAQmAAQAhAAAARDkxMEUwOUQyMDBCQ0YxMTgxRjE0NDQ1NTM1NDAwMDAA0QYBA5AGAFQNAAAS
AAAACwAjAAAAAAADACYAAAAAAAsAKQAAAAAAAwA2AAAAAABAADkAYFQc93yfugEeAHAAAQAAABoA
AABGVzogV2luTmV3cyBTcGVjaWFsIElzc3VlAAAAAgFxAAEAAAAWAAAAAbqffPNXneAQ4QsgEc+B
8URFU1QAAAAAHgAeDAEAAAAFAAAAU01UUAAAAAAeAB8MAQAAABIAAABzdGV2ZUBzdGwuZGVjLmNv
bQAAAAMABhCEDQqsAwAHEO0QAAAeAAgQAQAAAGUAAAAtLS1TVEVQSEVOVEhPTVBTT05ESUdJVEFM
RVFVSVBNRU5UQ09SUE9SQVRJT05SU1NHU1VQUE9SVEdST1VQLS0tLS0tLS0tLUZST006V0lOTkVX
U0BNSUNST1NPRlRDT01TTVRQAAAAAAIBCRABAAAA2AsAANQLAACoGgAATFpGdYz5rVT/AAoBDwIV
AqgF6wKDAFAC8gkCAGNoCsBzZXQyNwYABsMCgzIDxQIAcHJCcRHic3RlbQKDM3cC5AcTAoB9CoAI
zwnZO/EWDzI1NQKACoENsQtg4G5nMTAzFFALChRRNQvyYwBAIAqFCotsacgxNDQC0WktHFMM0HMc
UwtZMTYKoANgE9Bj1wVACo8d1jceZy0hIB71ElMT0HBoCfAgVGgZA3BwcwIgHvVEaWfGaQGQAyBF
cXUFIAeAJQIwIAhQcnAFsGF0hmkCIBrmUlNTRwYA7HVwJIEFQEcDYCXgGv//HA8dHx4rISEqpR73
KVsMMHUedkYDYTorrh52DIIghlcLgAfBc0BtaQUAFm8ikAGALgWgbVtTsE1UUDovbzByXStPvyxd
BmACMC2PLpsGEHQIcEBkYXksIE8ewG8iYgSQIDIxNxAxOYQ5NTfgMDowOBSw5k0yfyxdVG80vy6f
MVx4bnduEcAwcjjPM451fGJqHrE67zv/MVEGAHDzBZAHMSBJBBAKUCavGa+LHnZGqU0v9ihSKUK3
XEVsHrEDYAMAYweyc/9IwAJABJBEhjyCNkRDWjcQ7TcoMDfURBwqTf9PD1AfS1CVRIVIBJBlIAQA
IP8ikAeAUlAicBWxAHAFQAuAPQIQcgDAJMMk4TzBZG9rQxE4EXQRgHREhQDAeTwgYQ3QHrJSkzBA
IHnVCGAuRqBQSMBhEbBVwXprUkBjBJABkAuAVRBv8iAWEGFkUlAwYEQcRIWAVVBEQVRFRCMgMFJJ
VkUlgC0wT1LBPLBJTkRPVwXwOBHwRklMRRSwXABXUFswxk5a4FvAU0hBXTElsJEhVkVDVVswVFlD
sHUlkFVcwC1MD0QcR2cgnndTQQQgI2AEIGN1E8DnUqERoFiSa25UsFUTWRFqIBGAc0SFZAQABaB2
X1IhWQAAcFkAKFB4ZYIgfySAE9ACMEOCEbBiwAUQdL9V8B5xAmAT4GIQI2BoZeH/SMBEhWWyE1AL
gEnRUoARgR0LgGdTcVRpVzFPbmz7VfBiyHciUGRRZVBEhQnw/wGgSMBl0kjAaR9qIl+AZlCJY6Bu
LQ2xYXVsBUC+bwUwJNIhRlXSbJIgN3DnIhFkAQUQc2s3EGWxNxD/WKFVIHGyE8BWwghhY4Ntge5n
S9BEhWOgIGLQYyJxiPsRgQeAZFcxB8BlUXMxSMDfBBA3EEdnRIUWEGcLEWNB/mhSYWZ4Z6tzMgnB
JLBzgX9EhXWBJNBi0D4ABBFys3f7UkBxg3cFsFfwWQARgVkAn2VCcyNEsHORfWBla1iR+3h3IpBs
caFZIUdJWMEwgd8kAXkxYshi0GoiRm3VRIX6UGl1U2n1JeAJwFjwUkC/cwU+AH1gZOEFEGVRc1lP
f1HEY7FUoEOwY4QGkIjxYfdoAFYUCYA/RIVrbWPjdXH/cyODhoRvcFREhVihaeKMU/5pBcBocmwx
aDIekCIABcD/dXQk4W9xEcB94lYAFhBotv+KBVcxIkBSYXBVUmFjoAVA/W1GYlXwb9YikHVga3B3
ke9EhVcBcXQDgXUHQGuBbUb/I2A3EJbyj2KUgon2lTJ5Yv9EhQQBClCTYliwDbBJ0S/g/z4AiWKM
v4T2mndtRTcQEXC+bzAgjFQHwJHjBCBPk/W/WIFzQQhQAjADYAMgUABw+3dwhz1JVuBtz2nnBCCe
p3+W8mgRl9BnAWzHaDE3gSLfnI+E9lOhYXmf5iJEhQWx96dPqFuf4VePYqnHoNVEhf8n4HOUC4AT
wJfBZYGRxjCB3ySAPgBiQYc/RKNXY/KPZfma9HM/GuarD6wfrSlgr39htwQggdEkEWuBAMCFwWH/
YiBSMVbRA5GbA2gUg4Jouf+Edmnmtb+gMmxQL/BoUFXY/2SWJLBmUGcXqOIFoSSDUkB/dXOxDWtj
dXRsUVehCfB2/4/QAiAkAgQgB4ARwHHAkLH/VsJzMgIQl9BUsGohRIUFoH9UkCNgJNHEcVXhN3CJ
5zrbRBxGojFXMCJAZWuRAiD9KFBnCHCPhgDBeXCcIY8X/5AEg9hGpqPVkE+RU4YkkeS/gyjMnbR/
vM2RxQQgKJOSf8ydk+w2sT4AfoEDoJVIKf3IyTLJhW1EWMEEYMFBWPB/nAGu0SSlBbGvRcydYYhS
/9lU3NAjUNoRVfAGYcPgWCD/BCDUIgeQVrFwY9R+mRbWX//XaaI/VwHGg8ojJLRT0RFw/weRY+Ou
wmWCBuBlUDcQZDH3mnckgAQQadkCqOIAcJC4388eWKF5AFhxWNItAiBrgP1otmPeIWND45PK9lYQ
aaKfczLZuQWxZGGusG9ndKD/g/YwQMVE7DdlwZYgJMADIL+W8oBhAZAmIeOVInB1SdH7m1PGN3KB
0eCheXNntHfJ/+4jmwNlkoVhv7Hut4bEqNP/tC/Sb60psQbJofYG9uYJ8E9D4IBhY9TqkiB2B0Bp
f2WR7WpkhnGD60hzMvH2J/8EIIbDsQ33r6hvqXvUIJSC/Q/QTshGRqL68gPv/OKcEv91gd4C4g1h
iFJh/VCV8ZsC/2oi9efntGODkYBnpUSFurdvAl8Db5/YZbJhxjZYNVX4TklYjzS5o6/nJ+AkEmIo
NpBtYmEAoTDAQtBDTElFXVAp+n8AAu/zU8xBZ5zLoy3QkGVQZvh9ZJZvYsAkAphioPRhiEu5dEYg
QleSJOE3Njm60NcVD6NxCmNuE2B1m7AWov/zNSTSC8TnYC/gPwDnEQyf/3VjGA1j1IE7uORlCGi2
eZH/8WKvEmJSaZJtUHowe6KOA+/FRIZhhrWxDUNrysOfxKL/l8HFJsaoRIXHkMXRNxBxR/+PpL+0
YtBYII5R54JYoZHG3w9QoqYms8SxZGBjV/BjMP/IT8lfym/Lf8yPzZ/Or8+//9DPDj8PT9Pf1O/V
/+F/16/3VfA1pGZQTFzgcpAxRnKQxTzxREtRLVVwxpKRwN8fc9tNurNmUBHyLRQQKoD/WQDx9ljA
liDZ8GoxE+XbTZ8UZ1KB7MC5okHPIDMzg3+RuO1rVKA2MZSCZQHY83CfxKAwxtumCCWDBlN55bH9
aABQxbAIYBOAtu368hPj/xRSE1aXwWrSYoJ1dI8SgjH/ukCvkenw2zaRxWoigfI2Yf+RUX62kcVM
9FP0E2Wad3My//zzDCRUWvOVcHB2oCMUTrf/aHE8IapW8jAvMb5xVpVYF/+TYUqodXSI0ZSB6tby
MIuA/eRhY5fD/v+zEGqYhrRyk89w1oKRiRRzMmV4/0CV0f150HBV+HMxKoFgL1Lf+y7fblB3EStC
aR9YVGYq8Azm/8eQndJn0CKh9lFykGyVSQP/YW1ukus1xgj/4mXjkWK+RP+kX3bCZTB69fYfhvGf
EP/i/2FcpdT882QPKnF75o9Sr8D/xaGbsIu2ZP3og/UyHsHkIP/Y4JMyh7+IxO6gfFRFUPtU5kSG
1Ip2KFA6kBvSYoHfXcXzs/zzmZQ2QEXGEK7B/2AAIHDGEJewG5Hq1YbyxwPTufFlOC4p4nZCxPL2
9P82QUOS/UAgYeeGIEArgCyw98EyZWFbwG/qYHHkrigxRwAoaHR0cDovL9p3jOAuIFAapS6wYYzQ
/WVEKZ8QBlvq1Qc/3fNmM/+UQm9EuUSI5xxg7tam8we8fyaCHpKd0qFQAEHd0uZBQa8qAWORwqLs
cSy7S28ssPxnefJya3838qYBClPHkf/sMA3BaPHytrogwuRugcSg7ywC5PDiUBuRaSwjM9Er0osa
hwChRhvQdFRpaGADrleXMSA4MDAtOeAzNi00MqAw5lDHkHvdYEjkTSyRx2DmUBxGMvwzcn6OCYtY
IrrA+3JWEf8W4cPglWNPYL8ARXfD4BjX/x5AHqDG9MCTKcbycRqI2wD/MgDlIuan8SGwkedh8LAi
4v840R+QKcCDklZh9TITEnAC//BCeOPGoSdh9aBbBlYgExL75lC6s2fqQV+xT8GlKQgB/6eqxjYp
xbpEYRLiferVs9KOZLPQIHARwFxmM7WwfnOgsLPQKvBoQPOB6tV9BerQALdwAwAQEAAAAAADABEQ
AQAAAEAABzCA6YvmfJ+6AUAACDCA6YvmfJ+6AR4APQABAAAABQAAAEZXOiAAAAAAr4s=
------ =_NextPart_000_01BA9FD0.D58CD320--
--
When cryptography gets outlawed, only outlaws will have privacy.
Backwards compatibility is one of the greatest foes
of security. "It's broke and we can't fix it!"
__________________________________________________________________________
| |
| Torsten Sturm: ComputerScience Student University of Erlangen-Nuremburg|
| FTP-Administrator for PC / Windows subdirs of ftp.uni-erlangen.de |
| |
| EMail: tnsturm () cip informatik uni-erlangen de |
| WWW: http://wwwcip.informatik.uni-erlangen.de/user/tnsturm/index.html |
|________________________________________________________________________|
Current thread:
- FW: WinNews Special Issue Scott Chasin (Oct 22)
- Re: FW: WinNews Special Issue Tim Cook (Oct 22)