Security 10808 Published by

Microsoft has re-released this Bulletin to update important
information in the Patch Availability section.

Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability in the telnet client that ships with Microsoft(r)
Windows 2000. The vulnerability could, under certain circumstances,
allow a malicious user to obtain cryptographically protected logon
credentials from another user.

Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-067.asp

Patch Availability
==================

- Microsoft Windows 2000:

Due to continuing operational issues with the Microsoft.com download
servers, the final patch for this issue was not uploaded to the
download servers. Instead, a beta version of the patch was made
available. This patch has subsequently been removed.

Those who have downloaded and applied the beta patch are protected
>from the vulnerability discussed in this Bulletin. The beta patch
will prompt users before passing NTLM credentials to the remote
server and
will only present NTLM credentials if approved by the user, as
discussed in the FAQ.

A bug exists in the beta patch wherein the telnet client may crash
while requesting an NTLM authentication session with a non-Windows
2000 NTLM enabled telnet server. At no time will NTLM credentials be
passed to the remote server if the user does not specifically choose
to send the credentials.

The correct version of the patch will uploaded to the download center
shortly. Users who have installed the beta patch can overwrite that
version with the soon to be released final version.

Users without the beta patch can perform the following workaround
until such time as the final patch can be made available.

To disable NTLM authentication, perform the following steps:

- Type ´telnet´ at the command prompt.
- Type ´unset ntlm´ and hit Enter.
- Type ´quit´ to exit telnet and save your preferences.

To determine what form of authentication you are currently using,
perform the following steps:
- Type ´telnet´ at a command prompt.
- Type ´display´ at the telnet prompt.
- A value of ´Will Auth (NTLM Authentication)´ means telnet will
use NTLM authentication by default.
- A value of ´Not Auth (NTLM Authentication)´ means telnet will
not use NTLM authentication.