Forwarded message: >From owner-ntdev@atria.com Sat Oct 21 18:42:05 1995 Message-Id: <01BA9FD0.D58CD320@voyager.stl.dec.com> From: Stephen Thompson <steve@stl.dec.com> To: "'Nicholas Sayer'" <"sayer nick"@a1.bbov01.sno.mts.dec.com>, "'Colin Yandle'" <"yandle colin"@a1.snofs1.sno.mts.dec.com>, "'Bret Hirshman'" <bret@enterprise.stl.dec.com>, "'Des Gordon'" <gordon@blofly.sno.dec.com>, "'Windows NT Distrubtion List'" <ntdev@utopia.com>, "'Steve Ollis'" <ollis@stevo.stl.dec.com> Subject: FW: WinNews Special Issue Date: Sat, 21 Oct 1995 16:17:57 +-1000 Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="---- =_NextPart_000_01BA9FD0.D58CD320" Sender: owner-ntdev@atria.com Precedence: bulk ------ =_NextPart_000_01BA9FD0.D58CD320 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit --- Stephen Thompson Digital Equipment Corporation RSSG Support Group ---------- From: WinNews@microsoft.com[SMTP:WinNews@microsoft.com] Sent: Saturday, October 21, 1995 10:08 AM To: WinNews@microsoft.nwnet.com Subject: WinNews Special Issue Microsoft(R) WinNews Electronic Newsletter Special Issue, October 20, 1995 *********************************************************** Here is some important information on Windows 95 that may affect some of you. Please make certain to read it. UPDATED DRIVERS FOR WINDOWS 95 FILE AND PRINTER SHARING SECURITY ISSUE - October 20, 1995 Microsoft wants its customers to know that it has discovered and fixed a potential security problem with file and printer sharing in Windows 95. Only customers who have enabled file and printer sharing - a non-default option - may have been at risk, and, to the best of our knowledge, no users have been harmed. Nevertheless, Microsoft regards this potential problem with the greatest seriousness and, we have worked hard over the past week to resolve it. Microsoft recommends customers using File and Printer Sharing upgrade to the newer drivers. How do I know if I am affected? Only customers that use the File and Printer Sharing option to share their files with other users on a network are affected. This option is not enabled by default so unless you have manually enabled it, you are not affected by this issue. To determine if File and Printer Sharing is enabled, choose the Networks Option in the Control Panel. If file and printer sharing is enabled, you will see either "File and Printer Sharing for Microsoft Networks" or "File and Printer Sharing for NetWare Networks" in the list of installed network components. What are the issues? File and Printer Sharing for NetWare Networks Microsoft was recently made aware of an issue with File and Printer sharing for NetWare Networks which may affect data security for corporate users. Only users whose environments meet both of the following conditions may be affected: 1. They configure their machine to share files and printers with other users on the network using File and Printer Sharing for NetWare networks (This option is not turned on by default) 2. They enable remote administration or install Microsoft Remote Registry Services (These options are not turned on by default) If your configuration matches that listed above, it is possible for another user on the network to gain read-only access to your machine after the administrator has logged off the machine and until you restart your computer. To correct this problem, Microsoft has issued an updated driver for File and Printer Sharing for NetWare Networks. The updated driver ensures that only valid administrators have access to the computer's drive. File and Printer Sharing for Microsoft Networks (not MSN: The Microsoft Network online service) Microsoft is also issuing an update for a known problem with File and Printer Sharing for Microsoft Networks and a certain UNIX shareware network client (Samba's SMBCLIENT). The update corrects a problem with share-level security documented in the Microsoft Knowledge Base on October 9th. The update also includes a correction for a similar problem with user-level security that Microsoft recently discovered as part of its internal testing of the new driver. Customers whose environments meet all of the conditions below, may have their data susceptible to network or Internet hackers: 1. They configure their machine to share files and printers with other users on the network using File and Printer Sharing for Microsoft Networks (This option is not turned on by default) 2. They share a LAN, Internet, or Dial-Up connection with a UNIX-based computer running Samba's SMBCLIENT software 3. The network administrator does not disable peer services using System Policies The Samba SMB client allows its users to send illegal networking commands over the network. The Samba client is the only known SMB client at this time that does not filter out such illegal commands. SMBCLIENT users do not automatically have access to the Windows 95 drive, and must know the exact steps to send these illegal commands. The updated driver prevents these illegal commands from being executed, preventing SMBCLIENT users from accessing the drive on which sharing is enabled. With the updated driver, the SMBCLIENT user will only have access to those shared folders that the Windows 95 user has designated. How do I get the Updated Drivers? (Please note that this only affects English language versions of Windows 95.) Both drivers are available for immediate download from the Internet (http://www.microsoft.com/windows), The Microsoft Network online service, and is being made available to other online services including CompuServe, America Online, and Prodigy. The updated drivers will also be mailed to any user free of charge if they call Microsoft's FastTips line, 800-936-4200, beginning Monday, October 23rd. Microsoft is committed to providing safe connectivity solutions for customers. Microsoft takes this responsibility seriously and has worked, and will continue to work, with great speed to provide solutions for customer issues. ------ =_NextPart_000_01BA9FD0.D58CD320 Content-Type: application/ms-tnef Content-Transfer-Encoding: base64 eJ8+IhMGAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAENgAQAAgAAAAIAAgABBJAG APgHAAAGAAAADAAAAAMAADAHAAAACwAPDgEAAAACAf8PAQAAAH8AAAAAAAAAtTvCwCx3EBqhvAgA KypWwhUAAABjMilXIcvOEYUNCAArON3TxIAAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAABAE5pY2hv bGFzIFNheWVyAFNNVFAAInNheWVyIG5pY2siQGExLmJib3YwMS5zbm8uTVRTLmRlYy5jb20AAB4A AjABAAAABQAAAFNNVFAAAAAAHgADMAEAAAAnAAAAInNheWVyIG5pY2siQGExLmJib3YwMS5zbm8u TVRTLmRlYy5jb20AAAMAFQwBAAAAAwD+DwYAAAAeAAEwAQAAABEAAAAnTmljaG9sYXMgU2F5ZXIn AAAAAAIBCzABAAAALAAAAFNNVFA6IlNBWUVSIE5JQ0siQEExLkJCT1YwMS5TTk8uTVRTLkRFQy5D T00AAwAAOQAAAAALAEA6AAAAAAIB9g8BAAAABAAAAAAAAAcMAAAAAwAAMAgAAAALAA8OAQAAAAIB /w8BAAAAfwAAAAAAAAC1O8LALHcQGqG8CAArKlbCFQAAAGMyKVchy84RhQ0IACs43dOkgQAAAAAA AIErH6S+oxAZnW4A3QEPVAIAAAEAQ29saW4gWWFuZGxlAFNNVFAAInlhbmRsZSBjb2xpbiJAYTEu c25vZnMxLnNuby5NVFMuZGVjLmNvbQAAHgACMAEAAAAFAAAAU01UUAAAAAAeAAMwAQAAACkAAAAi eWFuZGxlIGNvbGluIkBhMS5zbm9mczEuc25vLk1UUy5kZWMuY29tAAAAAAMAFQwBAAAAAwD+DwYA AAAeAAEwAQAAAA8AAAAnQ29saW4gWWFuZGxlJwAAAgELMAEAAAAuAAAAU01UUDoiWUFORExFIENP TElOIkBBMS5TTk9GUzEuU05PLk1UUy5ERUMuQ09NAAAAAwAAOQAAAAALAEA6AAAAAAIB9g8BAAAA BAAAAAAAAAgMAAAAAwAAMAkAAAALAA8OAQAAAAIB/w8BAAAAcwAAAAAAAAC1O8LALHcQGqG8CAAr KlbCFQAAAGMyKVchy84RhQ0IACs43dNkgAAAAAAAAIErH6S+oxAZnW4A3QEPVAIAAAAAQnJldCBI aXJzaG1hbgBTTVRQAGJyZXRAZW50ZXJwcmlzZS5zdGwuZGVjLmNvbQAAHgACMAEAAAAFAAAAU01U UAAAAAAeAAMwAQAAABwAAABicmV0QGVudGVycHJpc2Uuc3RsLmRlYy5jb20AAwAVDAEAAAADAP4P BgAAAB4AATABAAAAEAAAACdCcmV0IEhpcnNobWFuJwACAQswAQAAACEAAABTTVRQOkJSRVRARU5U RVJQUklTRS5TVEwuREVDLkNPTQAAAAADAAA5AAAAAAsAQDoAAAAAAgH2DwEAAAAEAAAAAAAACQwA AAADAAAwCgAAAAsADw4BAAAAAgH/DwEAAABuAAAAAAAAALU7wsAsdxAaobwIACsqVsIVAAAAYzIp VyHLzhGFDQgAKzjd06SAAAAAAAAAgSsfpL6jEBmdbgDdAQ9UAgAAAABEZXMgR29yZG9uAFNNVFAA Z29yZG9uQGJsb2ZseS5zbm8uZGVjLmNvbQAAAB4AAjABAAAABQAAAFNNVFAAAAAAHgADMAEAAAAa AAAAZ29yZG9uQGJsb2ZseS5zbm8uZGVjLmNvbQAAAAMAFQwBAAAAAwD+DwYAAAAeAAEwAQAAAA0A AAAnRGVzIEdvcmRvbicAAAAAAgELMAEAAAAfAAAAU01UUDpHT1JET05AQkxPRkxZLlNOTy5ERUMu Q09NAAADAAA5AAAAAAsAQDoAAAAAAgH2DwEAAAAEAAAAAAAACgwAAAADAAAwCwAAAAsADw4AAAAA AgH/DwEAAABrAAAAAAAAALU7wsAsdxAaobwIACsqVsIVAAAAYzIpVyHLzhGFDQgAKzjd0+SBAAAA AAAAgSsfpL6jEBmdbgDdAQ9UAgAAAABudGRldkB1dG9waWEuY29tAFNNVFAAbnRkZXZAdXRvcGlh LmNvbQAAHgACMAEAAAAFAAAAU01UUAAAAAAeAAMwAQAAABEAAABudGRldkB1dG9waWEuY29tAAAA AAMAFQwBAAAAAwD+DwYAAAAeAAEwAQAAAB4AAAAnV2luZG93cyBOVCBEaXN0cnVidGlvbiBMaXN0 JwAAAAIBCzABAAAAFgAAAFNNVFA6TlRERVZAVVRPUElBLkNPTQAAAAMAADkAAAAACwBAOgEAAAAC AfYPAQAAAAQAAAAAAAALDAAAAAMAADAMAAAACwAPDgEAAAACAf8PAQAAAG0AAAAAAAAAtTvCwCx3 EBqhvAgAKypWwhUAAABjMilXIcvOEYUNCAArON3TxIEAAAAAAACBKx+kvqMQGZ1uAN0BD1QCAAAA AFN0ZXZlIE9sbGlzAFNNVFAAb2xsaXNAc3Rldm8uc3RsLmRlYy5jb20AAAAAHgACMAEAAAAFAAAA U01UUAAAAAAeAAMwAQAAABgAAABvbGxpc0BzdGV2by5zdGwuZGVjLmNvbQADABUMAQAAAAMA/g8G AAAAHgABMAEAAAAOAAAAJ1N0ZXZlIE9sbGlzJwAAAAIBCzABAAAAHQAAAFNNVFA6T0xMSVNAU1RF Vk8uU1RMLkRFQy5DT00AAAAAAwAAOQAAAAALAEA6AAAAAAIB9g8BAAAABAAAAAAAAAzylAEIgAcA GAAAAElQTS5NaWNyb3NvZnQgTWFpbC5Ob3RlADEIAQSAAQAaAAAARlc6IFdpbk5ld3MgU3BlY2lh bCBJc3N1ZQDMCAEFgAMADgAAAMsHCgAVABAAEQA5AAYAUQEBIIADAA4AAADLBwoAFQAQABEAHQAG ADUBAQmAAQAhAAAARDkxMEUwOUQyMDBCQ0YxMTgxRjE0NDQ1NTM1NDAwMDAA0QYBA5AGAFQNAAAS AAAACwAjAAAAAAADACYAAAAAAAsAKQAAAAAAAwA2AAAAAABAADkAYFQc93yfugEeAHAAAQAAABoA AABGVzogV2luTmV3cyBTcGVjaWFsIElzc3VlAAAAAgFxAAEAAAAWAAAAAbqffPNXneAQ4QsgEc+B 8URFU1QAAAAAHgAeDAEAAAAFAAAAU01UUAAAAAAeAB8MAQAAABIAAABzdGV2ZUBzdGwuZGVjLmNv bQAAAAMABhCEDQqsAwAHEO0QAAAeAAgQAQAAAGUAAAAtLS1TVEVQSEVOVEhPTVBTT05ESUdJVEFM RVFVSVBNRU5UQ09SUE9SQVRJT05SU1NHU1VQUE9SVEdST1VQLS0tLS0tLS0tLUZST006V0lOTkVX U0BNSUNST1NPRlRDT01TTVRQAAAAAAIBCRABAAAA2AsAANQLAACoGgAATFpGdYz5rVT/AAoBDwIV AqgF6wKDAFAC8gkCAGNoCsBzZXQyNwYABsMCgzIDxQIAcHJCcRHic3RlbQKDM3cC5AcTAoB9CoAI zwnZO/EWDzI1NQKACoENsQtg4G5nMTAzFFALChRRNQvyYwBAIAqFCotsacgxNDQC0WktHFMM0HMc UwtZMTYKoANgE9Bj1wVACo8d1jceZy0hIB71ElMT0HBoCfAgVGgZA3BwcwIgHvVEaWfGaQGQAyBF cXUFIAeAJQIwIAhQcnAFsGF0hmkCIBrmUlNTRwYA7HVwJIEFQEcDYCXgGv//HA8dHx4rISEqpR73 KVsMMHUedkYDYTorrh52DIIghlcLgAfBc0BtaQUAFm8ikAGALgWgbVtTsE1UUDovbzByXStPvyxd BmACMC2PLpsGEHQIcEBkYXksIE8ewG8iYgSQIDIxNxAxOYQ5NTfgMDowOBSw5k0yfyxdVG80vy6f MVx4bnduEcAwcjjPM451fGJqHrE67zv/MVEGAHDzBZAHMSBJBBAKUCavGa+LHnZGqU0v9ihSKUK3 XEVsHrEDYAMAYweyc/9IwAJABJBEhjyCNkRDWjcQ7TcoMDfURBwqTf9PD1AfS1CVRIVIBJBlIAQA IP8ikAeAUlAicBWxAHAFQAuAPQIQcgDAJMMk4TzBZG9rQxE4EXQRgHREhQDAeTwgYQ3QHrJSkzBA IHnVCGAuRqBQSMBhEbBVwXprUkBjBJABkAuAVRBv8iAWEGFkUlAwYEQcRIWAVVBEQVRFRCMgMFJJ VkUlgC0wT1LBPLBJTkRPVwXwOBHwRklMRRSwXABXUFswxk5a4FvAU0hBXTElsJEhVkVDVVswVFlD sHUlkFVcwC1MD0QcR2cgnndTQQQgI2AEIGN1E8DnUqERoFiSa25UsFUTWRFqIBGAc0SFZAQABaB2 X1IhWQAAcFkAKFB4ZYIgfySAE9ACMEOCEbBiwAUQdL9V8B5xAmAT4GIQI2BoZeH/SMBEhWWyE1AL gEnRUoARgR0LgGdTcVRpVzFPbmz7VfBiyHciUGRRZVBEhQnw/wGgSMBl0kjAaR9qIl+AZlCJY6Bu LQ2xYXVsBUC+bwUwJNIhRlXSbJIgN3DnIhFkAQUQc2s3EGWxNxD/WKFVIHGyE8BWwghhY4Ntge5n S9BEhWOgIGLQYyJxiPsRgQeAZFcxB8BlUXMxSMDfBBA3EEdnRIUWEGcLEWNB/mhSYWZ4Z6tzMgnB JLBzgX9EhXWBJNBi0D4ABBFys3f7UkBxg3cFsFfwWQARgVkAn2VCcyNEsHORfWBla1iR+3h3IpBs caFZIUdJWMEwgd8kAXkxYshi0GoiRm3VRIX6UGl1U2n1JeAJwFjwUkC/cwU+AH1gZOEFEGVRc1lP f1HEY7FUoEOwY4QGkIjxYfdoAFYUCYA/RIVrbWPjdXH/cyODhoRvcFREhVihaeKMU/5pBcBocmwx aDIekCIABcD/dXQk4W9xEcB94lYAFhBotv+KBVcxIkBSYXBVUmFjoAVA/W1GYlXwb9YikHVga3B3 ke9EhVcBcXQDgXUHQGuBbUb/I2A3EJbyj2KUgon2lTJ5Yv9EhQQBClCTYliwDbBJ0S/g/z4AiWKM v4T2mndtRTcQEXC+bzAgjFQHwJHjBCBPk/W/WIFzQQhQAjADYAMgUABw+3dwhz1JVuBtz2nnBCCe p3+W8mgRl9BnAWzHaDE3gSLfnI+E9lOhYXmf5iJEhQWx96dPqFuf4VePYqnHoNVEhf8n4HOUC4AT wJfBZYGRxjCB3ySAPgBiQYc/RKNXY/KPZfma9HM/GuarD6wfrSlgr39htwQggdEkEWuBAMCFwWH/ YiBSMVbRA5GbA2gUg4Jouf+Edmnmtb+gMmxQL/BoUFXY/2SWJLBmUGcXqOIFoSSDUkB/dXOxDWtj dXRsUVehCfB2/4/QAiAkAgQgB4ARwHHAkLH/VsJzMgIQl9BUsGohRIUFoH9UkCNgJNHEcVXhN3CJ 5zrbRBxGojFXMCJAZWuRAiD9KFBnCHCPhgDBeXCcIY8X/5AEg9hGpqPVkE+RU4YkkeS/gyjMnbR/ vM2RxQQgKJOSf8ydk+w2sT4AfoEDoJVIKf3IyTLJhW1EWMEEYMFBWPB/nAGu0SSlBbGvRcydYYhS /9lU3NAjUNoRVfAGYcPgWCD/BCDUIgeQVrFwY9R+mRbWX//XaaI/VwHGg8ojJLRT0RFw/weRY+Ou wmWCBuBlUDcQZDH3mnckgAQQadkCqOIAcJC4388eWKF5AFhxWNItAiBrgP1otmPeIWND45PK9lYQ aaKfczLZuQWxZGGusG9ndKD/g/YwQMVE7DdlwZYgJMADIL+W8oBhAZAmIeOVInB1SdH7m1PGN3KB 0eCheXNntHfJ/+4jmwNlkoVhv7Hut4bEqNP/tC/Sb60psQbJofYG9uYJ8E9D4IBhY9TqkiB2B0Bp f2WR7WpkhnGD60hzMvH2J/8EIIbDsQ33r6hvqXvUIJSC/Q/QTshGRqL68gPv/OKcEv91gd4C4g1h iFJh/VCV8ZsC/2oi9efntGODkYBnpUSFurdvAl8Db5/YZbJhxjZYNVX4TklYjzS5o6/nJ+AkEmIo NpBtYmEAoTDAQtBDTElFXVAp+n8AAu/zU8xBZ5zLoy3QkGVQZvh9ZJZvYsAkAphioPRhiEu5dEYg QleSJOE3Njm60NcVD6NxCmNuE2B1m7AWov/zNSTSC8TnYC/gPwDnEQyf/3VjGA1j1IE7uORlCGi2 eZH/8WKvEmJSaZJtUHowe6KOA+/FRIZhhrWxDUNrysOfxKL/l8HFJsaoRIXHkMXRNxBxR/+PpL+0 YtBYII5R54JYoZHG3w9QoqYms8SxZGBjV/BjMP/IT8lfym/Lf8yPzZ/Or8+//9DPDj8PT9Pf1O/V /+F/16/3VfA1pGZQTFzgcpAxRnKQxTzxREtRLVVwxpKRwN8fc9tNurNmUBHyLRQQKoD/WQDx9ljA liDZ8GoxE+XbTZ8UZ1KB7MC5okHPIDMzg3+RuO1rVKA2MZSCZQHY83CfxKAwxtumCCWDBlN55bH9 aABQxbAIYBOAtu368hPj/xRSE1aXwWrSYoJ1dI8SgjH/ukCvkenw2zaRxWoigfI2Yf+RUX62kcVM 9FP0E2Wad3My//zzDCRUWvOVcHB2oCMUTrf/aHE8IapW8jAvMb5xVpVYF/+TYUqodXSI0ZSB6tby MIuA/eRhY5fD/v+zEGqYhrRyk89w1oKRiRRzMmV4/0CV0f150HBV+HMxKoFgL1Lf+y7fblB3EStC aR9YVGYq8Azm/8eQndJn0CKh9lFykGyVSQP/YW1ukus1xgj/4mXjkWK+RP+kX3bCZTB69fYfhvGf EP/i/2FcpdT882QPKnF75o9Sr8D/xaGbsIu2ZP3og/UyHsHkIP/Y4JMyh7+IxO6gfFRFUPtU5kSG 1Ip2KFA6kBvSYoHfXcXzs/zzmZQ2QEXGEK7B/2AAIHDGEJewG5Hq1YbyxwPTufFlOC4p4nZCxPL2 9P82QUOS/UAgYeeGIEArgCyw98EyZWFbwG/qYHHkrigxRwAoaHR0cDovL9p3jOAuIFAapS6wYYzQ /WVEKZ8QBlvq1Qc/3fNmM/+UQm9EuUSI5xxg7tam8we8fyaCHpKd0qFQAEHd0uZBQa8qAWORwqLs cSy7S28ssPxnefJya3838qYBClPHkf/sMA3BaPHytrogwuRugcSg7ywC5PDiUBuRaSwjM9Er0osa hwChRhvQdFRpaGADrleXMSA4MDAtOeAzNi00MqAw5lDHkHvdYEjkTSyRx2DmUBxGMvwzcn6OCYtY IrrA+3JWEf8W4cPglWNPYL8ARXfD4BjX/x5AHqDG9MCTKcbycRqI2wD/MgDlIuan8SGwkedh8LAi 4v840R+QKcCDklZh9TITEnAC//BCeOPGoSdh9aBbBlYgExL75lC6s2fqQV+xT8GlKQgB/6eqxjYp xbpEYRLiferVs9KOZLPQIHARwFxmM7WwfnOgsLPQKvBoQPOB6tV9BerQALdwAwAQEAAAAAADABEQ AQAAAEAABzCA6YvmfJ+6AUAACDCA6YvmfJ+6AR4APQABAAAABQAAAEZXOiAAAAAAr4s= ------ =_NextPart_000_01BA9FD0.D58CD320-- -- When cryptography gets outlawed, only outlaws will have privacy. Backwards compatibility is one of the greatest foes of security. "It's broke and we can't fix it!" __________________________________________________________________________ | | | Torsten Sturm: ComputerScience Student University of Erlangen-Nuremburg| | FTP-Administrator for PC / Windows subdirs of ftp.uni-erlangen.de | | | | EMail: tnsturm@cip.informatik.uni-erlangen.de | | WWW: http://wwwcip.informatik.uni-erlangen.de/user/tnsturm/index.htm | |________________________________________________________________________|