Bugtraq mailing list archives
Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047))
From: David LeBlanc <dleblanc () MINDSPRING COM>
Date: Wed, 2 Aug 2000 23:12:08 -0700
At 12:39 PM 8/2/00 -0400, Ryan Fox wrote:
2. The vendor's patch, by their own admission in the last e-mail, breaks some "normal, by-design management functions" in the NetBIOS protocol. They also called the patch unsuitable for rollout over the entire network. Nowhere in the initial disclosure was any mention of this.
If you read the FAQ, you will find that it says: "As discussed above, the vulnerability results from the misuse of normal, by-design management functions provided in NetBIOS. The patch removes some of these functions. It's not appropriate to apply the patch globally -"
I, for one, would feel much more comfortable applying a patch if I knew exactly what it did.
If you read the FAQ, you'll have a better understanding. Reading the related RFCs can also be helpful. The bulletins always have a link to the FAQ, and it typically provides helpful details. If it isn't clear enough, write secure () microsoft com and ask - they do their best to state things clearly, but no one is perfect. Some of these issues can be tough to explain. Hope this helps. David LeBlanc dleblanc () mindspring com
Current thread:
- FW: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Forrester, Mike (Aug 01)
- <Possible follow-ups>
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Patrick R. Sweeney (Aug 01)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Microsoft Security Response Center (Aug 01)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Ryan Fox (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) David LeBlanc (Aug 03)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Ryan Fox (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Neena Grimm (Aug 02)
- Re: Windows 9x? (Re: Microsoft Security Bulletin (MS00-047)) Russ (Aug 02)