I've provided answers inline below.
Sergio Tabanelli
-Original Message-
From: Dr Stephen Henson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: giovedì 13 aprile 2000 16.55
Subject: Re: A new Microsoft security bulletin and the OffloadModExpo
funct
Sorry but I've realized that I was not clear enough, so
> Does this also work with "unexportable" private
>keys?
Yes.
Sergio Tabanelli
__
OpenSSL Project http://www.openssl.org
User Support Mail
Sorry but I've realized that I was not clear enough, so
> Does this also work with "unexportable" private
>keys?
Yes.
Sergio Tabanelli
__
OpenSSL Project http://www.openssl.org
User Support Mail
> From: Dr Stephen Henson [mailto:[EMAIL PROTECTED]]
> I've got NT SP6A somewhere but I haven't installed it yet. I
> can do some tests on that. Is the "OffloadModExpo" string in the CSPs
> affected so I can do a simple initial check?
The "OffloadModExpo" string is easily found in the W2K CSPs
Yes I saw the docs on that a few months and thought it was incredibly
stupid. I did some tests on the OSes I has at the time and it didn't
seem to be implemented so I left it at that.
However as your tests indicate it seems MS have actually gone and done
this.
Have you done some checks on what i
Microsoft has released a new security bulletin
(http://www.microsoft.com/technet/security/bulletin/ms00-024.asp)
about a vulnerability in the NT registry permission setting for a
functionality called OffloadModExpo. I thanks Microsoft and Scott Culp for
the Acnowledgments.
This is the full story:
