Bugtraq mailing list archives
Re-release of Microsoft Security Bulletin MS99-046
From: secnotif () MICROSOFT COM (Microsoft Product Security)
Date: Thu, 23 Dec 1999 16:23:06 -0800
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. ******************************** Re-release of Microsoft Security Bulletin MS99-046 -------------------------------------------------- In November, we withdrew a previously released patch that improved the randomness of TCP initial sequence numbers in Windows NT 4.0. The patch was withdrawn because it contained the same regression error that was present in Windows NT 4.0 SP6. We have eliminated the regression error and re-released the patch. The security bulletin has been updated and is available at http://www.microsoft.com/Security/Bulletins/ms99-046.asp; the FAQ also has been updated and is available at http://www.microsoft.com/Security/Bulletins/ms99-046faq.asp. All versions of the original patch were affected by the regression error, although the error only manifested itself in certain situations. When applying the new patch, it's not necessary to uninstall the original patch first. Just install the patch as normal. Here's how to determine which patch to apply: - If you are running Windows NT 4.0 SP4 or SP5 on an Intel machine, go to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and select q243835sp5i.exe. - If you are running Windows NT 4.0 SP6 on an Intel machine, go to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and select q243835i.exe. - If you are running Windows NT 4.0 SP4 or SP5 on an Alpha machine, go to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and select q243835sp5a.exe. - If you are running Windows NT 4.0 SP6 on an Alpha machine, go to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and select q243835a.exe. We are very sorry for any inconvenience caused by the regression error, and will do our best to prevent similar problems in the future. Regards, The Microsoft Security Response Team ******************************************************************* You have received this e-mail bulletin as a result of your registration to the Microsoft Product Security Notification Service. You may unsubscribe from this e-mail notification service at any time by sending an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST () ANNOUNCE MICROSOFT COM The subject line and message body are not used in processing the request, and can be anything you like. For more information on the Microsoft Security Notification Service please visit http://www.microsoft.com/security/services/bulletin.asp. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security.
Current thread:
- More details on the WU-FTPD configuration vulnerability., (continued)
- More details on the WU-FTPD configuration vulnerability. suid (Dec 21)
- Microsoft Security Bulletin (MS99-058) Aleph One (Dec 21)
- Microsoft Security Bulletin (MS99-061) Aleph One (Dec 21)
- More Netscape Passwords Available. Rob Jones (Dec 21)
- UnixWare i2odialogd remote root exploit Brock Tellier (Dec 21)
- IE 5.01 vulnerabilities in external.NavigateAndFind() Georgi Guninski (Dec 22)
- Solaris 2.7 dmispd local/remote problems Brock Tellier (Dec 22)
- Multiple vulnerabilites in glFtpD (current versions) suid (Dec 22)
- Re: Multiple vulnerabilites in glFtpD (current versions) Per Lejontand (Dec 23)
- Re: Multiple vulnerabilites in glFtpD (current versions) The Tree of Life (Dec 23)
- Re-release of Microsoft Security Bulletin MS99-046 Microsoft Product Security (Dec 23)
- BUG? Non-root user can configure traffic shaper (2.2.13) (fwd) Yuri Kuzmenko (Dec 24)
- RealMedia Server 5.0 Crasher (rmscrash.c) bow (Dec 22)
- Re: procmail / Sendmail - five bugs Casper Dik (Dec 23)
- Re: SSH-1.2.27 & RSAREF2 exploit Wakko Ellington Warner-Warner III (Dec 15)
- Recent postings about SCO UnixWare 7 Andrew Malcolm (Dec 15)
- Re: SSH-1.2.27 & RSAREF2 exploit Iván Arce (Dec 15)
- Oops, my apologies. Wakko Ellington Warner-Warner III (Dec 15)
- IRCnet IRCD 2.0x Reboot Bug A Bloke (Dec 15)
- Re: IRCnet IRCD 2.0x Reboot Bug Matus \ (Dec 15)
- Re: SSH-1.2.27 & RSAREF2 exploit Speed (Dec 15)