> From: Dr Stephen Henson [mailto:[EMAIL PROTECTED]]
> I've got NT SP6A somewhere but I haven't installed it yet. I
> can do some tests on that. Is the "OffloadModExpo" string in the CSPs
> affected so I can do a simple initial check?
The "OffloadModExpo" string is easily found in the W2K CSPs, but I can't
find it under 128-bit NT4 SP6A. Tried again with some quick code.. works for
W2K but doesn't get called under NT4.
Curious, it's really not like MS to miss an opportunity to announce that
"most customers will not be affected.." but instead we have a focus on NT4
and in their FAQ explicitly says:
"The Base CSPs provided as part of all Microsoft platforms use
OffloadModExpo()and are therefor affected by this vulnerability."
Perhaps they're using as yet unreleased versions of their CSPs.
-Alan-
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
