COMMAND

    TCP/IP

SYSTEMS AFFECTED

    WinNT 4.0 (Srv, Wks, TSE, EE)

PROBLEM

    Following is based on Microsoft Security Bulletin.  The ISNs  used
    in TCP/IP  sessions should  be as  random as  possible in order to
    prevent  attacks  such   as   IP  address  spoofing  and   session
    hijacking.   Patch below  improves the  randomness of  the Windows
    NT 4.0 TCP/IP ISN generation, providing 15 bits of entropy.

SOLUTION

    In November, Microsoft withdrew  a previously released patch  that
    improved the randomness of TCP initial sequence numbers in Windows
    NT 4.0.   The patch  was withdrawn  because it  contained the same
    regression  error  that  was  present  in  Windows NT 4.0 SP6.  MS
    eliminated the regression  error and re-released  the patch.   All
    versions of  the original  patch were  affected by  the regression
    error,  although  the  error  only  manifested  itself  in certain
    situations.  When  applying the new  patch, it's not  necessary to
    uninstall the  original patch  first.   Just install  the patch as
    normal.  Here's how to determine which patch to apply:

    - If you are running Windows NT 4.0 SP4 or SP5 on an Intel
      machine, go to

        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763

      and select q243835sp5i.exe.

    - If you are running Windows NT 4.0 SP6 on an Intel machine, go to

        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764

      and select q243835i.exe.

    - If  you  are  running  Windows  NT  4.0  SP4 or SP5 on an  Alpha
      machine, go to

        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763

      and select q243835sp5a.exe.

    - If you are running Windows NT 4.0 SP6 on an Alpha machine, go to

        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764

    and select q243835a.exe.