COMMAND

    Palace

SYSTEMS AFFECTED

    Win 9x, NT

PROBLEM

    Following is based on the Palace announcement.  Over the September
    26th weekend,  Electric Communities  became aware  of a  potential
    serious security problem with  the Windows 95/98/NT Palace  Client
    software.   They confirmed  a bug  that would  permit a  malicious
    Palace  server  operator  to  force  a  Windows  Palace  client to
    DOWNLOAD AND EXECUTE an  arbitrary program on the  client machine.
    This  bug  could  be  used  to  deliver  and run software viruses,
    personal  information  sniffers,  and  other  potentially damaging
    software.

SOLUTION

    In response to  this security bug,  Palace released a  new Windiws
    95/98/NT  palace  client  update.   This  update  prevents  Palace
    servers  from  attempting  to  execute  software  on  the   client
    machine.   If  you  do  not  upgrade  your client, your machine is
    vulnerable  to  this  bug  being  exploited  by  malicious  server
    operators.  Visit:

        http://www.thepalace.com/products/client/downloads.html

    to get the latest full version of the Windows Client software.  If
    you are  currently using  version 3.4  (any build)  of the  palace
    client, you  may instead  download one  of the  following, smaller
    updates instead of the full installer:

        ftp://ftp.thepalace.com/pub/palace/client/Windows_95orNT/3.4/AutoUpgradeFor3.4Users.exe if you are using the latest version of 3.4 and don't have

    multiple versions installed (about 1 meg).

        ftp://ftp.thepalace.com/pub/palace/client/Windows_95orNT/3.4/ManualUpgrade.exe

    if you know where you have the palace installed, or have  multiple
    installations (about 400 k).