Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re-release of Microsoft Security Bulletin MS99-046

From: secnotif () MICROSOFT COM (Microsoft Product Security)
Date: Thu, 23 Dec 1999 16:23:06 -0800

The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended
mailbox.
                    ********************************

Re-release of Microsoft Security Bulletin MS99-046
--------------------------------------------------

In November, we withdrew a previously released patch that improved the
randomness of TCP initial sequence numbers in Windows NT 4.0.  The patch was
withdrawn because it contained the same regression error that was present in
Windows NT 4.0 SP6.  We have eliminated the regression error and re-released
the patch.  The security bulletin has been updated and is available at
http://www.microsoft.com/Security/Bulletins/ms99-046.asp; the FAQ also has
been updated and is available at
http://www.microsoft.com/Security/Bulletins/ms99-046faq.asp.

All versions of the original patch were affected by the regression error,
although the error only manifested itself in certain situations.  When
applying the new patch, it's not necessary to uninstall the original patch
first.  Just install the patch as normal.  Here's how to determine which
patch to apply:
 - If you are running Windows NT 4.0 SP4 or SP5 on an Intel machine, go
   to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and
   select q243835sp5i.exe.
 - If you are running Windows NT 4.0 SP6 on an Intel machine, go to
   http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and
   select q243835i.exe.
 - If you are running Windows NT 4.0 SP4 or SP5 on an Alpha machine, go
   to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and
   select q243835sp5a.exe.
 - If you are running Windows NT 4.0 SP6 on an Alpha machine, go
   to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and
   select q243835a.exe.

We are very sorry for any inconvenience caused by the regression error, and
will do our best to prevent similar problems in the future.  Regards,

The Microsoft Security Response Team

   *******************************************************************
You have received  this e-mail bulletin as a result  of your registration
to  the   Microsoft  Product  Security  Notification   Service.  You  may
unsubscribe from this e-mail notification  service at any time by sending
an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUEST () ANNOUNCE MICROSOFT COM
The subject line and message body are not used in processing the request,
and can be anything you like.

For  more  information on  the  Microsoft  Security Notification  Service
please visit http://www.microsoft.com/security/services/bulletin.asp. For
security-related information  about Microsoft products, please  visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.
Previous By Date Next
Previous By Thread Next

Current thread: