DOCUMENT:Q244599 TITLE :Fixes Required in TCSEC C2 Security Evaluation Configuration for Windows NT 4.0 Service Pack 6a PRODUCT :Windows NT PROD/VER:4.0 OPER/SYS:WINDOWS NT KEYWORD :kbbug4.00 kbfix4.00 ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Server version 4.0 - Microsoft Windows NT Server, Enterprise Edition version 4.0 - Microsoft Windows NT Workstation version 4.0 ------------------------------------------------------------------------------- SUMMARY ======= The Administrator's and User's Security Guide for Windows NT 4.0 (http://www.microsoft.com/security/issues/C2Evaluation.asp) is the official document that specifies the exact procedures to configure Windows NT 4.0 as a Trusted Computer System Evaluation Criteria (TCSEC) C2 compliant system. These procedures include the installation of Windows NT 4.0 Service Pack 6a and a Post-SP6a hotfix called C2 Update. MORE INFORMATION ================ C2 Update corrects the following problems in Windows NT 4.0: - NetBT disallows unprivileged user mode applications from sharing TCP and UDP ports that are opened by NetBT. For additional information, click the article number below to view the article in the Microsoft Knowledge Base: Q241041 Enabling NetBT to Open TCP and UDP Ports Exclusively - Device drivers create their corresponding DeviceObject with FILE_DEVICE_SECURE_OPEN DeviceCharacteristics. For additional information, click the article number below to view the article in the Microsoft Knowledge Base: Q243405 Device Drivers Create Their Corresponding DeviceObject with FILE_DEVICE_SECURE_OPEN DeviceCharacteristics - Jet500 creates events and semaphores objects with non-NULL ACLs. For additional information, click the article number below to view the article in the Microsoft Knowledge Base: Q243404 ACLs Associated with Events and Semaphores Created by JET500.DLL The following files are available for download from the Microsoft Download Center or Microsoft's FTP site. Click the file names below to download the appropriate file: English: x86: Microsoft Download Center: Q244599i.exe (http://download.microsoft.com/download/winntsp/Patch/SP6a_C2/NT4/EN-US/Q244599i.exe) FTP: Q244599i.exe (ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postsp6a/c2-fix/Q244599i.exe) Alpha: Microsoft Download Center: Q244599a.exe (http://download.microsoft.com/download/winntsp/Patch/SP6a_C2/ALPHA/EN-US/Q244599a.exe) FTP: Q244599a.exe (ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postsp6a/c2-fix/Q244599a.exe) French: x86: FTP: Q244599i.exe (ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/frn/nt40/hotfixes-postsp6a/c2-fix/Q244599i.exe) Alpha: FTP: Q244599a.exe (ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/frn/nt40/hotfixes-postsp6a/c2-fix/Q244599a.exe) Spanish: x86: FTP: Q244599i.exe (ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/spa/nt40/hotfixes-postsp6a/c2-fix/Q244599i.exe) Alpha: FTP: Q244599a.exe (ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/spa/nt40/hotfixes-postsp6a/c2-fix/Q244599a.exe) For more information about how to download files from the Microsoft Download Center, please visit the Download Center at the following Web address http://www.microsoft.com/downloads/search.asp and then click "How to use the Microsoft Download Center". NOTE: C2 Update also includes the binary files required in the Spooler-fix described in the following article in the Microsoft Knowledge Base: Q243649 Unchecked Print Spooler Buffer May Expose System Vulnerability Additional query words: c2 security_patch ============================================================================ THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.