BUG Of The Day Tips #14



*1. NW V4.6 FOR WINDOWS NT SERVICE PACK 1         
    
Having trouble with the Novell Client Version 4.6 for Windows NT? 
If so, you need to be aware of a recently released service pack 
for this client--Service Pack 1. This service pack contains 
updates that address a host of known problems with the Novell 
Client Version 4.6 for Windows NT, including 

- During an automatic install with the unattended.txt file 
  option, the process "hangs." 
- You can't execute programs from Start/Run when using a DNS 
  name path. 
- You can't browse directories when opening a connection to the 
  server.  
- The client drops mapping a drive in a DOS box using a 
  DNS name. 
- The remote control option doesn't appear in the custom 
  installation of the Windows 95 and NT clients. 
- An unattended installation with the NWIP-protocol results 
  in an error. 

You'll find the service pack in the file nt46sp1.exe on the 
Novell Technical Support Web site at 

http://support.novell.com/misc/patlst.htm


*2. PATCH FOR MALFORMED FILE HEADER VULNERABILITY        
    
Microsoft recently released a patch that eliminates a 
vulnerability that could allow denial-of-service attacks against 
Microsoft Windows NT servers, workstations, and terminal servers. 
This patch already is available as part of Windows NT Server 
Service Pack 5, but it's being provided as a stand-alone patch 
for the benefit of users who have entered Y2K lockdown on a 
previous service pack.  

The problem occurs if an executable file with a specially 
malformed image header is executed, causing a system failure. 
You have to reboot the affected machine in order to place it 
back in service. Any work that was in progress when the machine 
crashed could be lost.  

Microsoft has released patches that fix the problem. You can 
find the patches for Windows NT Server and Workstation 4.0 at 

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/
usa/nt40/Hotfixes-PostSP4/Kernel-fix/ 

and for Windows NT Server 4.0, Terminal Server Edition, at 

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/
nt40tse/Hotfixes-PostSP4/Kernel-fix/ 

For more information, see the Microsoft Security Bulletin at 

http://www.microsoft.com/security/bulletins/MS99-023.asp 

For additional security-related information about Microsoft 
products, visit the following Microsoft Web site: 

http://www.microsoft.com/security/


*3. NOVELL CLIENT V4.5X FOR WINDOWS NT PATCH        
    
Novell recently released a patch kit for the Novell Client 
Version 4.5x for Windows NT. This patch addresses several known 
problems you may experience with the client, such as: 

- The Windows NT AutoLogon is incompatible with NWIP.  
- The NetWare Client for NT shows USERWHO in the banner.  
- A simultaneous login hangs the Terminal Server/Metaframe.  
- Semaphore is not released when using the API NWClosesemaphore.  
- The Windows NT Client and NAL loads slowly (remote replica).  
- Includes WS registration fix.  
- DOS Error 5 appears during network startup. Timeout and access 
  is denied to tsinst.ovr. 

You can download the patch file, which is named nt451p1.exe, 
from the Novell Technical Support Web site at 

http://support.novell.com/misc/patlst.htm


*4. NOVELL CLIENT FOR WINDOWS 95/98 SERVICE PACK        
    
Novell continuously posts updates to its client files, providing 
updates and fixes for known issues. If you're using the Novell 
Client Version 3.1 for Windows 95/98, you'll want to download the 
latest service pack for this client--Service Pack 1 for the 
Novell Client Version 3.1 for Windows 95/98. The service pack 
addresses all known issues discovered since the release of the 
client, including such problems as 

- Printers disappear. 
- CMD will not work on certain computers. 
- DNS will not work if the DHCP lease has expired. 
- You can't launch applications using Start/Run. 
- The client tries only the first address from a list of IPs.  
- You can't access volumes when opening from Start. 

You can download this service pack--9531sp1.exe--from the Novell 
Technical Support Web site at 

http://support.novell.com/misc/patlst.htm


*5. CSRSS WORKER THREAD EXHAUSTION SECURITY BULLETIN        
    
Microsoft has released a patch that eliminates a vulnerability 
that could be used to create a denial-of-service condition if a
malicious process is run locally or if an improperly written 
service is installed. The patch is fully supported, and 
Microsoft recommends that affected customers download and 
install it, if appropriate.  

This vulnerability affects CSRSS.EXE, the Win32 subsystem. CSRSS 
provides Windows NT services to client processes running on the 
local computer; when a client process requests a Win32 service, 
CSRSS generates a worker thread to service the request. If all 
worker threads are occupied, the request is queued until a 
thread completes its work and then becomes available. You can 
find the patch at  

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/
nt40/Hotfixes-PostSP5/CSRSS-fix/


*6. UPDATES FOR CLIENT V3.0, V3.01 FOR WINDOWS 95/98         
    
Are you running Novell's Client Version 3.0 or 3.01 for Windows 
95/98 on your workstations? If so, you'll be interested in the 
latest patch/update file from Novell. This update, named 
9530p1.exe, includes fixes for several known problems, including 
the following:  

- The NetWare Client for NT shows USERWHO in the banner.  
- You're unable to authenticate on Windows 98 using Dial-Up 
  Networking after the first try.  
- The ZEN Printer policy package duplicates a printer.  
- FoxPro databases were being deleted, and issuing a DEL .* 
  command would delete all files on a network drive. The same 
  command would fail on a local drive with the message 
  FILE NOT FOUND.  

You'll find this patch file on the Novell Technical Support 
Web site at 

http://support.novell.com/misc/patlst.htm


*7. GROUPWISE NT GATEWAY FOR CC:MAIL PATCH        
    
Novell recently released a patch for its GroupWise NT Gateway for 
cc:Mail product. The patch for GroupWise 5.x Gateway for cc:Mail 
on the Microsoft Windows NT platform addresses a few known 
issues, providing the option of verifying GroupWise account 
creation at the destination post office before initiating mailbox 
migration. It also offers control over the GroupWise domains and 
cc:Mail post offices that can participate in directory operations.  

You'll find the patch in the file ccmln1.exe, which is available 
for download from the Novell Technical Support Web site at 

http://support.novell.com/misc/patlst.htm


*8. X.400 GATEWAY PATCH FROM NOVELL        
    
Are you running Novell's X.400 NLM Gateway? If so, you'll be 
interested in downloading a recently released patch, 
x400nlm1.exe, from the Novell Web site. This patch addresses 
several known problems and provides a few updates, including 

- Y2K fix: The gateway now converts two-digit years to 
  four-digit years.  
- Fixed abend in the X.400 gateway. Free called with a memory 
  block that has an invalid resource tag.  
- Fixed abend that occurred when receiving certain types of 
  messages. The running process was ngwx400__P. The cause was 
  a Page Fault Processor Exception.  
- Corrected a daylight savings time problem with the gateway. 
  If an appointment was scheduled through the gateway within a 
  daylight savings time period, the time was off by one hour. 
  The time is now correct.  
- Outbound Status Tracking now works properly. 

You'll find this patch on the Novell Technical Support Web site at 

http://support.novell.com/misc/patlst.htm


*9. BUG/VIRUS ALERT FROM MICROSOFT        
    
Microsoft recently discovered a bug/virus that allows an outsider 
to gain access to your computer. The bug/virus, known as 
BackOrifice 2000 (BO2K), is a malicious program that, when 
installed on a Windows computer, allows the computer to be 
remotely controlled by another user. BO2K is intended to be used 
for malicious purposes and includes stealth behavior that has no 
purpose other than to make it difficult to detect. Like any 
computer program, BO2K must be installed on the target machine; 
it cannot be injected onto your machine. There are only two ways 
it can be installed:  

- You allow the attacker physical access to your logged-on 
  computer. If the attacker learns your password or you leave 
  your logged-on workstation unattended, he or she can install 
  BO2K on your machine.  

- The attacker tricks you into installing the software. This is 
  known as a Trojan horse technique. The attacker might send you 
  an e-mail attachment that appears to be a game but that really 
  installs BackOrifice.  

Microsoft is closely monitoring the situation. For additional 
security-related information about Microsoft products, visit 

http://www.microsoft.com/security/


*10. PATCH AVAILABLE FOR UNPROTECTED IOCTLS VULNERABILITY        
    
Microsoft recently released a patch that eliminates a 
vulnerability that could allow denial-of-service attacks 
against a Microsoft Windows NT workstation, server, or terminal 
server. An unprivileged program can disable the local mouse or 
keyboard on a server or workstation, and it can disable the 
console mouse or keyboard on a terminal server. Affected 
versions include 

- Microsoft Windows NT Server 4.0 
- Microsoft Windows NT Workstation 4.0 
- Microsoft Windows NT Server 4.0, Terminal Server Edition 
- Microsoft Windows NT Server 4.0, Enterprise Edition 

The IOCTLs that are used to obtain services from the keyboard and 
mouse drivers in Windows NT don't require that the calling 
program have administrative privileges. A user-level program 
could use legitimate calls to disable the mouse and keyboard, 
after which the machine would need to be rebooted to restore 
normal service. On a terminal server, such a program could 
disable the keyboard and mouse on the console. 
P 
Microsoft has released patches that fix the problem. You can 
find the patches for Microsoft Windows NT 4.0 Server and 
Workstation at 

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/
nt40/Hotfixes-PostSP5/IOCTL-fix/ 

and for Microsoft Windows NT 4.0 Server, Terminal Server 
Edition, at 

ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/
nt40tse/Hotfixes-PostSP4/IOCTL-fix/ 

For more information, see the Microsoft Security Bulletin at 

http://www.microsoft.com/security/bulletins/MS99-024.asp 

For additional security-related information about Microsoft 
products, visit the following Microsoft Web site: 
