|
October 20, 1995
Microsoft wants its customers to know that it has discovered and fixed a potential
security problem with file and printer sharing in Microsoft« Windows« 95. Only customers who have
enabled file and printer sharingùa non-default optionùmay have been at risk, and, to
the best of our knowledge, no users have been harmed. Nevertheless, Microsoft regards
this potential problem with the greatest seriousness and we have worked hard over the
past week to resolve it. Microsoft recommends that customers using File and Printer Sharing
upgrade to the newer drivers.
How do I know if I am affected?
Only customers who use the File and Printer Sharing option to share their files with
other users on a network are affected. This option is not enabled by default, so unless
you have manually enabled it, you are not affected by this issue. To determine if File
and Printer Sharing is enabled, double-click the Network icon in the Control Panel.
You will see a dialog box similar to one of the following.
What are the issues?
File and Printer Sharing for NetWare Networks
Microsoft was recently made aware of an issue with File and Printer Sharing for NetWare«
Networks which might affect data security for corporate users.
Only users whose environments meet both of the following conditions can be affected:
- They configure their machine to share files and printers with other users on the
network by using File and Printer Sharing for NetWare Networks (this option is not turned
on by default).
- They enable remote administration or install Microsoft Remote Registry Services
(these options are not turned on by default)
If your configuration matches that listed above, it is possible for another user on the
network to gain read-only access to your computer after the administrator has logged
off the machine, until you restart your computer. To correct this problem, Microsoft
has issued an updated driver for File and Printer Sharing for NetWare Networks. The
updated driver ensures that only valid administrators have access to the computerÆs drive.
File and Printer Sharing for Microsoft Networks (not MSN™: The Microsoft Network online
service)
Microsoft is also issuing an update for a known problem with File and Printer Sharing
for Microsoft Networks and a certain UNIX« shareware network client (SambaÆs SMBCLIENT).
The update corrects a problem with share-level security documented in the Microsoft
Knowledge Base on October 9th. The update also includes a correction for a similar
problem with user-level security that Microsoft recently discovered as part of its internal
testing of the new driver.
Customers whose environments meet all of the conditions below might have their data
susceptible to network or Internet hackers:
- They configure their machine to share files and printers with other users on
the network using File and Printer Sharing for Microsoft Networks (this option is not
turned on by default).
- They share a LAN, Internet, or Dial-Up connection with a UNIX-based computer running
Samba's SMBCLIENT software.
- The network administrator does not disable peer services using System Policies.
Windows 95 allows users of the Samba SMB client to access the drive on which
sharing is enabled by accepting certain specific networking commands. The Samba
client is the only known SMB client that sends such networking commands. SMBCLIENT
users do not automatically have access to the Windows 95 drive, and must know the
exact steps to send these commands.
The updated driver prevents Windows 95 from accepting these commands, preventing
SMBCLIENT users from accessing the drive on which sharing is enabled. With the
updated driver, the SMBCLIENT user will only have access to those shared folders
that the Windows 95 user has designated.
How do I get the updated drivers?
Both drivers are available for immediate download below and from The Microsoft Network
online service, and have been made available to other online services
including CompuServe«, America Online«, and Prodigy«. The updated drivers
will also be mailed to any user free of charge if they call Microsoft's FastTips line,
800/936-4200.
Microsoft is committed to providing safe connectivity solutions for customers.
Microsoft takes this responsibility seriously and has worked, and will continue to work,
with great speed to provide solutions for customer issues.
For Users of File and Printer Sharing for Microsoft Networks
Download Instructions:
To update a single desktop computer
- Click the heading below, "Updated Driver for File and Printer Sharing for Microsoft Networks."
- Click Open or Run to install the patch immediately.
- Or -
Choose "Save As" to save the file in an empty folder on your PC.
Once the file is saved, go to the
folder on your hard drive where the file is now located.
Double click on Vservupd.exe to install the patch.
- Restart your computer to complete the update.
For organizations to update multiple desktops
- If you have not installed Windows 95 and you are using server-based setup
- Or -
If you are running a shared installation of Windows 95 on a central server, that is, remote IPL
- Follow the instructions above to update your machine.
- Then copy the file
Vserver.vxd from the \Windows\System directory to the directory on the network.
- If Windows 95 is already installed and runs locally on your client desktops
- Click the heading below, "Updated Driver for File and Printer Sharing for Microsoft Networks."
- Save the file in a publicly available directory.
- For automated distribution of the file, you can choose one of the following:
- Incorporate the Vservupd.exe that you download into a network login script.
- Create a run once policy using System Policies.
- Use Microsoft Systems Management Server (or other automation tool).
For more information on using any of the automation tools, review the Installation
section of the Windows 95 Resource Kit.
|
Updated Driver for File and Printer Sharing for Microsoft Networks
(Download: 144KB, executable file, Published: October 20th, 1995)
Click here for international versions, available in
Danish,
Dutch,
Finnish,
French,
German,
Italian,
Japanese (PC98),
Japanese (PCAT),
Norwegian,
Portuguese (Brazilian),
Spanish, and
Swedish.
|
For Users of File and Printer Sharing for NetWare Networks
Download Instructions:
To update a single desktop computer
- Click the heading below, "Updated Driver for File and Printer Sharing for NetWare Networks."
- Open or Run to install the patch immediately.
- Or -
Choose "Save As" to save the file in an empty folder on your PC.
Once the file is saved, go to the
folder on your hard drive where the file is now located.
Double click on Nwsrvupd.exe to install the patch.
- Restart your computer to complete the update.
For organizations to update multiple desktops
- If you have not installed Windows 95 and you are using server-based setup
- Or -
If you are running a shared installation of Windows 95 on a central server, that is, remote IPL
- Follow the instructions above to update your machine.
- Then copy the file
Nwserver.vxd from the \Windows\System directory to the directory on the network.
- If Windows 95 is already installed and runs locally on your client desktops
- Click the heading below, "Updated Driver for File and Printer Sharing for Netware Networks."
- Save the file in a publicly available directory.
- For automated distribution of the file, you can choose one of the following:
- Incorporate the Nwsrvupd.exe that you download into a network login script.
- Create a run once policy using System Policies.
- Use Microsoft Systems Management Server (or other automation tool).
For more information on using any of the automation tools, review the Installation
section of the Windows 95 Resource Kit.
|
|
Updated Driver for File and Printer Sharing for NetWare Networks
(Download: 153KB, executable file, Published: October 20th, 1995)
Click here for international versions, available in
Danish,
Dutch,
Finnish,
French,
German,
Italian,
Japanese (PC98),
Japanese (PCAT),
Norwegian,
Portuguese (Brazilian),
Spanish, and
Swedish.
|
|
