FYI
----- Original Message -----
From: "Microsoft Product Security Response Team" <[EMAIL PROTECTED]>
To: "'Matt'" <[EMAIL PROTECTED]>
Sent: Saturday, December 25, 1999 12:52 PM
Subject: RE: Re-release of Microsoft Security Bulletin MS99-046
> Hi Matt -
>
> Thanks for your note. I'm sorry, but there aren't any plans to develop a
> patch for Win98. The attacks that use the predictability of TCP ISNs are
> almost exclusively useful for attacking high-value servers such as web
> servers and e-commerce servers. Windows 98 simply doesn't serve in a role
> like this. WIth that said, I do know that the plan for future members of
> the Win9x family is to import the same strong ISN generation alogirhtm as
is
> used in Windows 2000. Regards,
>
> [EMAIL PROTECTED]
>
>
> -----Original Message-----
> From: Matt [mailto:[EMAIL PROTECTED]]
> Sent: Friday, December 24, 1999 8:48 PM
> To: Microsoft Product Security Response Team
> Subject: Re: Re-release of Microsoft Security Bulletin MS99-046
>
>
> When will the equivelant win98 patch for this vulnerability be released?
>
> thnx
>
>
> On Thu, 23 Dec 1999, Microsoft Product Security wrote:
>
> > The following is a Security Bulletin from the Microsoft Product
Security
> > Notification Service.
> >
> > Please do not reply to this message, as it was sent from an
unattended
> > mailbox.
> > ********************************
> >
> > Re-release of Microsoft Security Bulletin MS99-046
> > --------------------------------------------------
> >
> > In November, we withdrew a previously released patch that improved the
> > randomness of TCP initial sequence numbers in Windows NT 4.0. The patch
> was
> > withdrawn because it contained the same regression error that was
present
> in
> > Windows NT 4.0 SP6. We have eliminated the regression error and
> re-released
> > the patch. The security bulletin has been updated and is available at
> > http://www.microsoft.com/Security/Bulletins/ms99-046.asp; the FAQ also
has
> > been updated and is available at
> > http://www.microsoft.com/Security/Bulletins/ms99-046faq.asp.
> >
> > All versions of the original patch were affected by the regression
error,
> > although the error only manifested itself in certain situations. When
> > applying the new patch, it's not necessary to uninstall the original
patch
> > first. Just install the patch as normal. Here's how to determine which
> > patch to apply:
> > - If you are running Windows NT 4.0 SP4 or SP5 on an Intel machine, go
> > to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and
> > select q243835sp5i.exe.
> > - If you are running Windows NT 4.0 SP6 on an Intel machine, go to
> > http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and
> > select q243835i.exe.
> > - If you are running Windows NT 4.0 SP4 or SP5 on an Alpha machine, go
> > to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763 and
> > select q243835sp5a.exe.
> > - If you are running Windows NT 4.0 SP6 on an Alpha machine, go
> > to http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764 and
> > select q243835a.exe.
> >
> > We are very sorry for any inconvenience caused by the regression error,
> and
> > will do our best to prevent similar problems in the future. Regards,
> >
> > The Microsoft Security Response Team
> >
> > *******************************************************************
> > You have received this e-mail bulletin as a result of your
registration
> > to the Microsoft Product Security Notification Service. You
may
> > unsubscribe from this e-mail notification service at any time by
sending
> > an e-mail to
[EMAIL PROTECTED]
> > The subject line and message body are not used in processing the
request,
> > and can be anything you like.
> >
> > For more information on the Microsoft Security Notification
Service
> > please visit http://www.microsoft.com/security/services/bulletin.asp.
For
> > security-related information about Microsoft products, please visit
the
> > Microsoft Security Advisor web site at
http://www.microsoft.com/security.
> >
>
> --
> "The RIAA can eat a bowl of dicks." -- Ice T
>
