NT4 terminal server security fix delinquency
From: Matthew Brill (brill.18@OSU.EDU)Date: 12/14/01
- Previous message: Stephen Thair: "ASPSession ID's, SSL and a potential major security hole."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Dec 2001 13:33:19 -0500 From: Matthew Brill <brill.18@OSU.EDU> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
On 7/31/2001 I submitted the e-mail below to NTBUGTRAQ, pointing out a
serious delinquency in Microsoft's handling of security hotfixes for Windows
NT Server 4.0, Terminal Server Edition. The post was refused for unknown
reasons. Since that time the Windows NT Server 4.0, Terminal Server Edition
Security Roll-Up (to cover MS01-041) has still not been released, MS01-048
is now three months behind, and only two of the fixes noted as delinquent
(MS00-070,MS00-095) have been released. An updated list is included below:
Windows NT Server 4.0, Terminal Server Edition Delinquent Security Fixes
(Updated 12/13/2001)
MS00-040 - Patch Available for “Remote Registry Access Authentication”
Vulnerability
NT Fix Released: 6/8/2000
TSE Fix Status: To be release shortly
URL:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS00-040.asp
MS00-083 - Patch Available for “Netmon Protocol Parsing” Vulnerability
NT Fix Released: 11/1/2000
TSE Fix Status: To be released shortly
URL:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS00-083.asp
MS01-041 - Malformed RPC Request Can Cause Service Failure
NT Fix Released: 6/26/2001
TSE Fix Status: To be released shortly
URL:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-041.asp
MS00-048 - Malformed Request to RPC Endpoint Mapper can Cause RPC Service to
Fail
NT Fix Released: 9/14/2001
TSE Fix Status: To be released shortly
URL:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-048.asp
Microsoft's failure to release fixes for TSE in a reasonable amount of time
should be a serious concern to TSE admins. In addition to
reminding/informing readers, it is my intent for this message be
read/responded to by the Microsoft employees that frequent this list.
(Original e-mail regarding TS fix delinquency, send 7/2001)
The general poor response time for Microsoft's support of Windows NT Server
4.0 Terminal Server Edition is out of hand. First, for more than a year in
some cases, security fixes for Post-SP6 Windows NT 4.0 Terminal Server
Edition (TSE) have been listed as "to be released shortly" or similar in the
MS security bulletins (see list below), and thus unavailable. Second, the
security bulletins mentioned above were removed from the list generated by
the security bulletin search function on the MS Technet Security website as
associated with TSE, although in the bulletins themselves TSE vulnerability
is clearly indicated.
I realize that NT4TSE is not as widely used as Windows NT 4.0 Server, and is
not the most current version of the software, but waiting six months to a
year with no end in sight for security fixes is ridiculous. I also
understand that some of the vulnerabilities listed are not common among
terminal server installations, but are vulnerabilities nonetheless. I have
tried to contact Microsoft through both the secure@microsoft.com and
support/feedback channels, with either an "I don't know/don't care" or no
response.
At this point, with the pending release of the security roll-up fix for TSE
I have two questions. Will it be six months to a year before the TSE SRP is
released? Will the TSE SRP include these security fixes which seem to have
fallen through the cracks? Are there other TSE admins out there who have
more information, or have also noticed this behavior?
Windows NT Server 4.0, Terminal Server Edition Delinquent Security Fixes
MS00-040 - Patch Available for “Remote Registry Access Authentication”
Vulnerability
NT Fix Released: 6/8/2000
TSE Fix Status: To be release shortly
URL:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS00-040.asp
MS00-070 - Patch Available for Multiple LPC and LPC Ports Vulnerabilities
NT Fix Released: 10/3/2000
TSE Fix Status: To be released shortly
URL:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS00-070.asp
MS00-083 - Patch Available for “Netmon Protocol Parsing” Vulnerability
NT Fix Released: 11/1/2000
TSE Fix Status: To be released shortly
URL:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS00-083.asp
MS00-095 - Tool Available for “Registry Permissions” Vulnerability
NT Fix Released: 12/6/2000
TSE Fix Status: To be released shortly
URL:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS00-095.asp
- Matthew D. Brill
======================================
Delivery co-sponsored by VeriSign - The Internet Trust Company
======================================
Protect your servers with 128-bit SSL encryption!
Get VeriSign's FREE guide, "Securing Your Web Site for Business." You will
learn everything you need to know about using SSL to encrypt your e-commerce
transactions for serious online security. Click here!
http://www.verisign.com/cgi-bin/go.cgi?a=n016065650057000
======================================
- Previous message: Stephen Thair: "ASPSession ID's, SSL and a potential major security hole."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
