News

Microsoft Releases Patch to Improve TCP Initial Sequence Number Randomness

Microsoft has released a patch that significantly improves the randomness of the TCP initial sequence numbers (ISNs) generated by the TCP/IP stack in Windows NT 4.0. Improving the randomness of ISNs eliminates a class of potential attacks against Windows NT 4.0 systems.

The ISNs used in TCP/IP sessions should be as random as possible in order to prevent attacks such as IP address spoofing and session hijacking. The patch offered by Microsoft improves the randomness of the Windows NT 4.0 TCP/IP ISN generation, providing 15 bits of entropy.

The patch works with Windows NT 4.0 Workstation, Server, Server Enterprise Edition and Server Terminal Edition. The patch is available at for x86 versions at download.microsoft.com/download/winntsrv40/patch/4.0.1381.7014/nt4/en-us/q24385.exe or for Alpha versions at download.microsoft.com/download/winntsrv40/patch/4.0.1381.7014/alpha/en-us/q243835.exe.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus