Bugtraq mailing list archives
Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047))
From: Microsoft Security Response Center <secure () MICROSOFT COM>
Date: Tue, 1 Aug 2000 18:27:05 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hi All - We've received several notes asking why there are no Windows 95 or 98 patches provided in MS00-047. We've added a Q&A to the FAQ to explain our reasoning, and the updated version should be available on the web shortly. FYI, here's the text of the Q&A we added: - ------- start ------------ NetBIOS is provided as part of all Windows systems. Why hasn't a patch been provided for Windows 95 and 98? These systems do implement NetBIOS, but we have not developed a patch for them. The reason is because there is an incompatibility between the effect of the patch and the role in which Windows 95 and 98 machines are most appropriately used. As discussed above, the vulnerability results from the misuse of normal, by-design management functions provided in NetBIOS. The patch removes some of these functions. It's not appropriate to apply the patch globally - for instance, on all workstations within a large network - because it would impede the ability of the network to cope with normally-occurring name conflicts. Indeed, it's likely that if the patch were deployed globally within a large network, the loss of the normal management functions would cause as much, if not more, disruption than a malicious attack. As a result, we have recommended that the patch be applied only to security-critical machines, and have only developed patches for products that are appropriate in such a role. - ------ end ---------------- Hope that helps explain our rationale. Regards, Secure () microsoft com -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQEVAwUBOYd4640ZSRQxA/UrAQHvCwf/aU4YW60S/9Mp9qcDpWkXYXlOtHgdyXOQ yx22YXWJ43TTI8uKHlNzCnrGux0BviimIFSX//wqfbVhzNIcrEjhu3FeNSs465Fk g7kNJpXgnFpkIkz9q14NjA7tnyi8WxjF+TYWzdoHOgOIGtn6zsPD/2wIQFlFmRn9 7PYKsJ7H/lp6J5t8hT3MPGkcztRoOJVNL0W2MLxoZTletlNRll/q2FRMVH1bT79o erPrPQobld0jbjc4W0CmQCAi0rmOS33+I46mnIf//oTRqRuholmF7rZJtUce+SHv 2/22HGDnes7Qifids2rWHeK8A7OB/LWxgISEue6Hyispi/m4C2cHng== =PX+9 -----END PGP SIGNATURE-----
Attachment:
smime.p7s
Description:
Current thread:
- FW: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Forrester, Mike (Aug 01)
- <Possible follow-ups>
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Patrick R. Sweeney (Aug 01)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Microsoft Security Response Center (Aug 01)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Ryan Fox (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) David LeBlanc (Aug 03)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Ryan Fox (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Neena Grimm (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Russ (Aug 02)