Re: Windows 98 ASN.1 Vulnerability?
From: Greg Kujawa (anonymous_at_discussions.microsoft.com)
Date: 02/19/04
- Next message: Robert Tuck: "Re: e mail attachments"
- Previous message: Paul: "Re: Anonymous (NULL user) access to a Share"
- In reply to: SFB: "Re: Windows 98 ASN.1 Vulnerability?"
- Next in thread: Duncan Corps: "Re: Windows 98 ASN.1 Vulnerability?"
- Reply: Duncan Corps: "Re: Windows 98 ASN.1 Vulnerability?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 Feb 2004 11:48:26 -0800
The hotfix for the ASN.1 issue, of course. The ASN.1
protocol contains the buffer overflow independent of
vendor and platform. It affected everything from H.323
VoIP implementations to Windows software. So obviously it
wasn't restricted just to one flavor of Windows. That was
my point. If you have access to a Windows 98 or ME box
look for yourself. In c:\windows\system you'll see the
msasn1.dll file that's just as vulnerable as its Windows
2000 and XP counterparts.
Wait until you see Microsoft update their bulletin to
reflect the fact they left out Windows 98 and ME. Maybe
then you'll believe it. I will check to see when they
update their bulletin and post it on this thread to
further disprove your sheep mentality.
Here is the e-mail that was sent to me from one of their
techs containing the Windows 98 fix. Bogus. Right. I don't
care if you believe it or not. At least I am patching my
boxes starting tomorrow AM after the logon script.
CASE_ID_NUM: SRX040219602629
MESSAGE:
Hello,
The hot fix for your issue has been packaged and placed on
an HTTP site for you to download.
WARNING: This fix is not publicly available through the
Microsoft website as it has not gone through full
Microsoft regression testing. If you would like
confirmation that this fix is designed to address your
specific problem, or if you would like to confirm whether
there are any special compatibility or installation issues
associated with this fix, you are encouraged to speak to a
Support Professional in Product Support Services.
The package is password protected so be sure to enter the
appropriate password for each package. To ensure the right
password is provided cut and paste the password from this
mail.
NOTE: Passwords expire every 7 days so download the
package within that period to insure you can extract the
files. If you receive two passwords it means you are
receiving the fix during a password change cycle. Use the
second password if you download after the indicated
password change date.
Package:
-----------------------------------------------------------
KB Article Number(s): 828028
Language: English
Platform: i386
Location: (http://hotfixv4.microsoft.com/Windows%2098%
20Second%
20Edition/nosp/29224/1/free/167199_ENU_i386_zip.exe)
Password: {wY7cF7
NOTE: Be sure to include all text between '(' and ')' when
navigating to this hot fix location!
Thanks!
>-----Original Message-----
>
>"Greg Kujawa" <anonymous@discussions.microsoft.com>
schreef in bericht
>news:12a4b01c3f71a$7f046270$a301280a@phx.gbl...
>> Well I just got e-mailed the Windows 98 SE version of
the
>> hotfix. And the tech is putting in a change request to
>> update the security bulletin to reflect this. So
>> apparently I'm not having bad dreams after all. Maybe
I'm
>> intelligent enough to think for myself and not blindly
>> trust a bulletin. After making the mistake of installing
>> Windows NT 4.0 Service Pack 6 (not 6a) which totally
broke
>> TCP/IP on my production servers I have learned to look
>> beneath the surface...
>
> The Hotfix for what? Stay paranoid if you want to but
don't start to lie
>about things.
>You are refering to some forum from security focus
>http://www.securityfocus.com/archive/1/353655/2004-02-16/0
>I cannot make anything out of this and since I am not
with MS I find myself
>independent enough to judge.
>It is Bogus.
>
>
>.
>
- Next message: Robert Tuck: "Re: e mail attachments"
- Previous message: Paul: "Re: Anonymous (NULL user) access to a Share"
- In reply to: SFB: "Re: Windows 98 ASN.1 Vulnerability?"
- Next in thread: Duncan Corps: "Re: Windows 98 ASN.1 Vulnerability?"
- Reply: Duncan Corps: "Re: Windows 98 ASN.1 Vulnerability?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
