The NT Compatible message forum is back online. Only a few older postings (>30 days) are temporary unavailable. Sorry.
Message Forum
Message Forum
Patch Available for "SQL Server 7.0 Service Pack Password"
Vulnerability
Originally posted: May 30, 2000
Updated: June 15, 2000
Summary
=======
On May 30, 2000, Microsoft released the original version of this
bulletin, to announce the availability of a patch that eliminates a
security vulnerability in Microsoft(r) SQL Server(r) 7.0 Service Packs
1 and 2 installation routine. When run on a machine that is configured
in a non-recommended mode, the routines record the administrator
password in a log file, where it could be read by any user who could
log onto the server at the keyboard.
On June 15, 2000, the bulletin was updated to note that, under the
same conditions as originally reported, the password also is recorded
in a second file. A new version of the patch is available that
prevents the password from being recorded in either file.
Frequently asked questions regarding this vulnerability and the
patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-035.asp
Issue
=====
When SQL Server 7.0 Service Packs 1 or 2 are installed on a machine
that is configured to perform authentication using Mixed Mode, the
password for the SQL Server standard security System Administrator
(sa) account is recorded in plaintext in the files %TEMP%sqlsp.log
and %WINNT%setup.iss. The default permissions on the files would
allow any user to read them who could log onto the server
interactively.
The password is only recorded if Mixed Mode is used, and even then,
only if the adminstrator chose to use SQL Server Authentication when
installing the service pack. Microsoft has long recommended that SQL
servers be configured to use the more secure Windows NT Authentication
Mode, and customers who have followed this recommendation would not be
affected. Even on affected machines, the password could not be
compromised if, per normal security recommendations, normal users are
prevented from logging onto the machine interactively.
Download
Vulnerability
Originally posted: May 30, 2000
Updated: June 15, 2000
Summary
=======
On May 30, 2000, Microsoft released the original version of this
bulletin, to announce the availability of a patch that eliminates a
security vulnerability in Microsoft(r) SQL Server(r) 7.0 Service Packs
1 and 2 installation routine. When run on a machine that is configured
in a non-recommended mode, the routines record the administrator
password in a log file, where it could be read by any user who could
log onto the server at the keyboard.
On June 15, 2000, the bulletin was updated to note that, under the
same conditions as originally reported, the password also is recorded
in a second file. A new version of the patch is available that
prevents the password from being recorded in either file.
Frequently asked questions regarding this vulnerability and the
patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-035.asp
Issue
=====
When SQL Server 7.0 Service Packs 1 or 2 are installed on a machine
that is configured to perform authentication using Mixed Mode, the
password for the SQL Server standard security System Administrator
(sa) account is recorded in plaintext in the files %TEMP%sqlsp.log
and %WINNT%setup.iss. The default permissions on the files would
allow any user to read them who could log onto the server
interactively.
The password is only recorded if Mixed Mode is used, and even then,
only if the adminstrator chose to use SQL Server Authentication when
installing the service pack. Microsoft has long recommended that SQL
servers be configured to use the more secure Windows NT Authentication
Mode, and customers who have followed this recommendation would not be
affected. Even on affected machines, the password could not be
compromised if, per normal security recommendations, normal users are
prevented from logging onto the machine interactively.
Download
Patch Available for "Desktop Separation" Vulnerability
Originally Posted: June 15, 2000
Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Windows(r) 2000. The vulnerability
could allow a malicious user to gain additional privileges on a
machine that he could log onto at the keyboard.
Frequently asked questions regarding this vulnerability
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-020.asp.
Issue
=====
In the Windows 2000 security model, a hierarchy of container objects
is used to separate processes. Every session contains one or more
windows stations; every windows station contains one or more desktops.
By design, processes are constrained to run within a windows station,
and the threads in the process run in one or more desktops. A process
in one windows station should not be able to access desktops
belonging to another windows station. However, due to an
implementation error, this could happen under very specific
circumstances. This could allow a process belonging to a low-privilege
user to view inputs or output that belong to another desktop within
the same session, and potentially obtain information such as
passwords.
The vulnerability only affects desktops within the same session. As a
result, a malicious user could only interfere with processes on the
same local machine, and only if he could interactively log onto it.
Security best practices strongly militate against allowing normal
users to interactively log onto security-sensitive servers, and if
this practice has been followed, machines such as domain controllers,
print and file servers, ERP servers, database servers, and others
would not be at risk. In addition, other security best practices, if
followed, would prevent a malicious user from launching the processes
in a way that allows them to exploit this vulnerability. Windows 2000
Terminal Servers are not affected by this vulnerability, because
every user runs in his own session.
Download
Originally Posted: June 15, 2000
Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Windows(r) 2000. The vulnerability
could allow a malicious user to gain additional privileges on a
machine that he could log onto at the keyboard.
Frequently asked questions regarding this vulnerability
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-020.asp.
Issue
=====
In the Windows 2000 security model, a hierarchy of container objects
is used to separate processes. Every session contains one or more
windows stations; every windows station contains one or more desktops.
By design, processes are constrained to run within a windows station,
and the threads in the process run in one or more desktops. A process
in one windows station should not be able to access desktops
belonging to another windows station. However, due to an
implementation error, this could happen under very specific
circumstances. This could allow a process belonging to a low-privilege
user to view inputs or output that belong to another desktop within
the same session, and potentially obtain information such as
passwords.
The vulnerability only affects desktops within the same session. As a
result, a malicious user could only interfere with processes on the
same local machine, and only if he could interactively log onto it.
Security best practices strongly militate against allowing normal
users to interactively log onto security-sensitive servers, and if
this practice has been followed, machines such as domain controllers,
print and file servers, ERP servers, database servers, and others
would not be at risk. In addition, other security best practices, if
followed, would prevent a malicious user from launching the processes
in a way that allows them to exploit this vulnerability. Windows 2000
Terminal Servers are not affected by this vulnerability, because
every user runs in his own session.
Download
Hitachi, Ltd. and Microsoft Corporation today announced that the two companies had reached an agreement to establish a global relationship that will focus on the development of a core set of replicable Microsoft Windows 2000-based enterprise solutions as well as the formation of a joint venture in October of this year. Hitachi and Microsoft will fill key executive positions in the joint venture. Both the relationship and the joint venture will initially be focused in the Japanese market with plans to expand globally.
Read more
Read more
3D Spotlight has posted a Windows 2000 services tweak guide. Here a clip:
Dynalink has posted ISDN drivers for Windows 2000
Download for systems with USB
Download for systems without USB
Download for systems with USB
Download for systems without USB
Officials for Intel Corporation let slip this week that the point release follow-up to Windows 2000, code-named Whistler, will feature industry-standard "Bluetooth" wireless functionality when it ships in the first half of 2001. In the meantime, the company will work to improve Bluetooth support for Microsoft´s existing OSes, such as Windows 98 and Windows 2000, which feature rudimentary wireless features for synchronizing files and the like.
Read more
Read more
A number of HP insiders have kindly responded to our questions earlier this week about the continuing lack of Windows 2000 drivers HP Win2K OfficeJet drivers slip again.
Some point to mysterious gaps in the San Diego parking lot once occupied by the vehicles of the folks who had been working on the older 500, 600 and 700 series OfficeJet all-in-ones, while others suggest these engineers have been reassigned to work on the newer T, R and G ranges which "marketing really like as they are far superior to their predecessors in every way but price."
Read more
Some point to mysterious gaps in the San Diego parking lot once occupied by the vehicles of the folks who had been working on the older 500, 600 and 700 series OfficeJet all-in-ones, while others suggest these engineers have been reassigned to work on the newer T, R and G ranges which "marketing really like as they are far superior to their predecessors in every way but price."
Read more
Creative has released drivers for Graphics Blaster RIVA TNT, 3D Blaster RIVA TNT2 3D Blaster RIVA TNT2 Ultra Graphics Blaster RIVA TNT2 Value (32Mb) 3D Blaster GeForce/3D Blaster GeForce Pro 3D Blaster GeForce2 GTS under Windows NT 4.0 and Windows 2000.
This release is based on the NVIDIA build 522 set.
This release includes :-
- optimized 3D performance
- supports Full Scene Anti-aliasing, makes games even at low resolution appears more beautiful
Note: Users are also advised to download the latest BlasterControl version 4 bcsetup.exe to enable Full Scene Anti-aliasing support as well as feature optimizing for OpenGL, Direct3D games.
Download
This release is based on the NVIDIA build 522 set.
This release includes :-
- optimized 3D performance
- supports Full Scene Anti-aliasing, makes games even at low resolution appears more beautiful
Note: Users are also advised to download the latest BlasterControl version 4 bcsetup.exe to enable Full Scene Anti-aliasing support as well as feature optimizing for OpenGL, Direct3D games.
Download
Creative has released Web Cam 3 USB drivers.
This release includes:-
Windows 2000 support.
Improved support for DirectShow applications.
Download
This release includes:-
Windows 2000 support.
Improved support for DirectShow applications.
Download
NT Compatible is now on the new Gamefan server. There is still a problem with the message forum but I hope this will be fixed soon.
Microsoft has released a patch that eliminates a security vulnerability in a component that ships with Microsoft(r) SQL Server
7.0. If the component is configured improperly, the vulnerability
could allow passwords to be compromised.
Frequently asked questions regarding this vulnerability and the patch
can be found at http://www.microsoft.com/technet/security/bulletin/fq00-041.asp
Download
7.0. If the component is configured improperly, the vulnerability
could allow passwords to be compromised.
Frequently asked questions regarding this vulnerability and the patch
can be found at http://www.microsoft.com/technet/security/bulletin/fq00-041.asp
Download
AVM has posted new Windows 2000 drivers (Version 3.9.2.2000) for their AVM Fritz! Card PCI.
Download
Download
Chinmonster has posted a beta bios for the 3D Prophet II video card:
Intel Corporation and Microsoft Corp. today announced they are developing a road map to provide native support of the Bluetooth wireless technology for the Microsoft
Windows operating system during the first half of 2001. The companies are also working on a standard method for PC platforms to interface with the Bluetooth technology that the PC industry can implement in their products.
Read more
Windows operating system during the first half of 2001. The companies are also working on a standard method for PC platforms to interface with the Bluetooth technology that the PC industry can implement in their products.Read more
Thanks to Gerbu for informing me that a new version of Blackice Defender with official Windows 2000 support is available.
Download
Download
