Bugtraq mailing list archives

'sec-fix' for NT 3.51


From: aleph1 () DFW NET (Aleph One)
Date: Thu, 26 Jun 1997 09:54:57 -0500


---------- Forwarded message ----------
Date: Wed, 25 Jun 1997 23:02:34 +0100
From: Alan C. Ramsbottom <acr () ALS CO UK>
To: NTBUGTRAQ () RC ON CA
Subject: 'sec-fix' for NT 3.51

Perhaps everyone has already upgraded all their machines, but an NT
3.51 version of the 'sec-fix' seems to have quietly arrived on the
MS ftp server a couple of weeks ago. It can be found at:

   ftp.microsoft.com

..in the (very long) directory:

  /bussys/winnt/winnt-public/fixes/usa/NT351/hotfixes-postSP5/sec-fix

The 3.51 version of the fix addresses two security 'exploits' that
are described in the KB articles:

   Q143474  - Anonymous logon user (Red Button).
   Q161372  - SMB signing to prevent "Man in the middle" attacks.

Unlike the NT 4 version (now part of SP3), this *doesn't* include
the System Key fix that allows you to enable strong encryption of
the SAM database (Q143475).

Regards,

--Alan--
acr () als co uk



Current thread: