Re: Microsoft Security Bulletin (MS00-005)

Subject: Re: Microsoft Security Bulletin (MS00-005)
From: bugtraqNS.DOOMSDAY.COM
Date: Wed Jan 19 2000 - 10:54:18 CST

• Next message: Jesper M. Johansson: "Re: XML in IE 5.0"
• Previous message: Marc Cozzi: "Re: problem with SNMPc"
• In reply to: Microsoft Product Security: "Microsoft Security Bulletin (MS00-005)"
• Next in thread: Tabor J. Wells: "Re: Microsoft Security Bulletin (MS00-005)"
• Next in thread: Brock Tellier: "Re: Microsoft Security Bulletin (MS00-005)"
• Reply: bugtraqNS.DOOMSDAY.COM: "Re: Microsoft Security Bulletin (MS00-005)"
• Reply: Tabor J. Wells: "Re: Microsoft Security Bulletin (MS00-005)"
• Reply: Matt Davis: "Re: Microsoft Security Bulletin (MS00-005)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

        Interesting that this is not a part of Windows 98's Windows
Update. If it was a serious enough vulnerability to fix you would think
that it would also be easy to download and install without subscribing to
any security related lists. :>

        _John

On Mon, 17 Jan 2000, Microsoft Product Security wrote:

> The following is a Security Bulletin from the Microsoft Product Security
> Notification Service.
>
> Please do not reply to this message, as it was sent from an unattended
> mailbox.
> ********************************
>
> Microsoft Security Bulletin (MS00-005)
> --------------------------------------
>
> Patch Available for "Malformed RTF Control Word" Vulnerability
> Originally Posted: January 17, 2000
>
> Summary
> =======
> Microsoft has released a patch that eliminates a security vulnerability in
> the Rich Text Format (RTF) reader that ships as part of Microsoft(r)
> Windows(r) 95 and 98, and Windows NT(r) 4.0. Under certain conditions, the
> vulnerability could be used to cause email programs to crash.
>
> Frequently asked questions regarding this vulnerability can be found at
> http://www.microsoft.com/security/bulletins/MS00-005faq.asp.
>
{SNIP}
>
> Affected Software Versions
> ==========================
> - Microsoft Windows 95
> - Microsoft Windows 98
> - Microsoft Windows 98 Second Edition
> - Microsoft Windows NT 4.0 Workstation
> - Microsoft Windows NT 4.0 Server
> - Microsoft Windows NT 4.0 Server, Enterprise Edition
> - Microsoft Windows NT 4.0 Server, Terminal Server Edition
>
> NOTE: Windows 2000 is not affected by this vulnerability.
>
> Patch Availability
> ==================
> - Windows 95:
> http://www.microsoft.com/windows95/downloads/contents/
> WUCritical/rtfcontrol/default.asp
> - Window 98:
> http://www.microsoft.com/windows98/downloads/contents/
> WUCritical/rtfcontrol/default.asp
> - Windows NT 4.0 Workstation, Windows NT 4.0 Server, and
> Windows NT 4.0 Server, Enterprise Edition:
> Intel:
> http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17510
> Alpha:
> http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17511
> - Windows NT 4.0 Server, Terminal Server Edition:
> To be released shortly.
{SNIP}

• Next message: Jesper M. Johansson: "Re: XML in IE 5.0"
• Previous message: Marc Cozzi: "Re: problem with SNMPc"
• In reply to: Microsoft Product Security: "Microsoft Security Bulletin (MS00-005)"
• Next in thread: Tabor J. Wells: "Re: Microsoft Security Bulletin (MS00-005)"
• Next in thread: Brock Tellier: "Re: Microsoft Security Bulletin (MS00-005)"
• Reply: bugtraqNS.DOOMSDAY.COM: "Re: Microsoft Security Bulletin (MS00-005)"
• Reply: Tabor J. Wells: "Re: Microsoft Security Bulletin (MS00-005)"
• Reply: Matt Davis: "Re: Microsoft Security Bulletin (MS00-005)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Wed Jan 19 2000 - 15:38:53 CST