Daniel S. Otis-Vigil of MooSoft send words that a new build of The Cleaner is available.
Microsoft has re-released this Bulletin to update important
information in the Patch Availability section.
Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability in the telnet client that ships with Microsoft(r)
Windows 2000. The vulnerability could, under certain circumstances,
allow a malicious user to obtain cryptographically protected logon
credentials from another user.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-067.asp
Patch Availability
==================
- Microsoft Windows 2000:
Due to continuing operational issues with the Microsoft.com download
servers, the final patch for this issue was not uploaded to the
download servers. Instead, a beta version of the patch was made
available. This patch has subsequently been removed.
Those who have downloaded and applied the beta patch are protected
>from the vulnerability discussed in this Bulletin. The beta patch
will prompt users before passing NTLM credentials to the remote
server and
will only present NTLM credentials if approved by the user, as
discussed in the FAQ.
A bug exists in the beta patch wherein the telnet client may crash
while requesting an NTLM authentication session with a non-Windows
2000 NTLM enabled telnet server. At no time will NTLM credentials be
passed to the remote server if the user does not specifically choose
to send the credentials.
The correct version of the patch will uploaded to the download center
shortly. Users who have installed the beta patch can overwrite that
version with the soon to be released final version.
Users without the beta patch can perform the following workaround
until such time as the final patch can be made available.
To disable NTLM authentication, perform the following steps:
- Type ´telnet´ at the command prompt.
- Type ´unset ntlm´ and hit Enter.
- Type ´quit´ to exit telnet and save your preferences.
To determine what form of authentication you are currently using,
perform the following steps:
- Type ´telnet´ at a command prompt.
- Type ´display´ at the telnet prompt.
- A value of ´Will Auth (NTLM Authentication)´ means telnet will
use NTLM authentication by default.
- A value of ´Not Auth (NTLM Authentication)´ means telnet will
not use NTLM authentication.
information in the Patch Availability section.
Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability in the telnet client that ships with Microsoft(r)
Windows 2000. The vulnerability could, under certain circumstances,
allow a malicious user to obtain cryptographically protected logon
credentials from another user.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-067.asp
Patch Availability
==================
- Microsoft Windows 2000:
Due to continuing operational issues with the Microsoft.com download
servers, the final patch for this issue was not uploaded to the
download servers. Instead, a beta version of the patch was made
available. This patch has subsequently been removed.
Those who have downloaded and applied the beta patch are protected
>from the vulnerability discussed in this Bulletin. The beta patch
will prompt users before passing NTLM credentials to the remote
server and
will only present NTLM credentials if approved by the user, as
discussed in the FAQ.
A bug exists in the beta patch wherein the telnet client may crash
while requesting an NTLM authentication session with a non-Windows
2000 NTLM enabled telnet server. At no time will NTLM credentials be
passed to the remote server if the user does not specifically choose
to send the credentials.
The correct version of the patch will uploaded to the download center
shortly. Users who have installed the beta patch can overwrite that
version with the soon to be released final version.
Users without the beta patch can perform the following workaround
until such time as the final patch can be made available.
To disable NTLM authentication, perform the following steps:
- Type ´telnet´ at the command prompt.
- Type ´unset ntlm´ and hit Enter.
- Type ´quit´ to exit telnet and save your preferences.
To determine what form of authentication you are currently using,
perform the following steps:
- Type ´telnet´ at a command prompt.
- Type ´display´ at the telnet prompt.
- A value of ´Will Auth (NTLM Authentication)´ means telnet will
use NTLM authentication by default.
- A value of ´Not Auth (NTLM Authentication)´ means telnet will
not use NTLM authentication.
Microsoft has released a patch that eliminates a security
vulnerability in the telnet client that ships with Microsoft(r)
Windows 2000. The vulnerability could, under certain circumstances,
allow a malicious user to obtain cryptographically protected logon
credentials from another user.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-067.asp
Affected Software Versions
==========================
- Microsoft Windows 2000
Patch Availability
==================
- Microsoft Windows 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24319
Note: The above URL may not be accessible.
If this is the case, please download the patch from
here.
vulnerability in the telnet client that ships with Microsoft(r)
Windows 2000. The vulnerability could, under certain circumstances,
allow a malicious user to obtain cryptographically protected logon
credentials from another user.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-067.asp
Affected Software Versions
==========================
- Microsoft Windows 2000
Patch Availability
==================
- Microsoft Windows 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24319
Note: The above URL may not be accessible.
If this is the case, please download the patch from
here.
Microsoft has released a patch that eliminates a security vulnerability in Microsoft(r) Windows 2000. The vulnerability could allow a malicious user to cause a Denial of Service on a Windows 2000 computer.
Frequently asked questions regarding this vulnerability and the patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-066.asp
Affected Software Versions
===========================
- Microsoft Windows 2000 All Versions
Note: Microsoft Windows NT 4.0 is not affected by this vulnerability.
Patch Availability
==================
Microsoft Windows 2000:
- http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24229
- This patch will also be included in the next Service Pack for Windows 2000 -- it can be applied to a computer with or without Service Pack 1.
Frequently asked questions regarding this vulnerability and the patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-066.asp
Affected Software Versions
===========================
- Microsoft Windows 2000 All Versions
Note: Microsoft Windows NT 4.0 is not affected by this vulnerability.
Patch Availability
==================
Microsoft Windows 2000:
- http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24229
- This patch will also be included in the next Service Pack for Windows 2000 -- it can be applied to a computer with or without Service Pack 1.
Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Windows 2000. The vulnerability could
allow a user logged onto a Windows 2000 machine from the keyboard to
become an administrator on the machine.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-065.asp
Affected Software Versions
==========================
- Microsoft Windows 2000
Patch Availability
==================
- Microsoft Windows 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24200
vulnerability in Microsoft(r) Windows 2000. The vulnerability could
allow a user logged onto a Windows 2000 machine from the keyboard to
become an administrator on the machine.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-065.asp
Affected Software Versions
==========================
- Microsoft Windows 2000
Patch Availability
==================
- Microsoft Windows 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24200
Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Windows Media(tm) Services. The
vulnerability could allow a malicious user to prevent an affected
server from providing useful service.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-064.asp
Affected Software Versions
==========================
- Microsoft Windows Media Services 4.0
- Microsoft Windows Media Services 4.1
Patch Availability
==================
- Microsoft Windows Media Services 4.1:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24167
vulnerability in Microsoft(r) Windows Media(tm) Services. The
vulnerability could allow a malicious user to prevent an affected
server from providing useful service.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-064.asp
Affected Software Versions
==========================
- Microsoft Windows Media Services 4.0
- Microsoft Windows Media Services 4.1
Patch Availability
==================
- Microsoft Windows Media Services 4.1:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24167
The discovery of the first virus to exploit the file stream feature of Windows 2000 to infect PCs has provoked a fierce debate about the adequacy of antivirus software in combating such infection.
The W2K/Streams virus, an executable file virus that only affects Windows 2000 systems, has been described by antivirus vendors as more of interest as a ´proof of concept´ than a threat. Antivirus vendors have, however, updated their software to detect the virus.
Read more
The W2K/Streams virus, an executable file virus that only affects Windows 2000 systems, has been described by antivirus vendors as more of interest as a ´proof of concept´ than a threat. Antivirus vendors have, however, updated their software to detect the virus.
Read more
Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Internet Information Server (IIS). The
vulnerability could enable a malicious user to prevent an affected
web server from providing useful service.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-063.asp
Affected Software Versions
==========================
- Microsoft Internet Information Server 4.0
Note: As noted above in "Issue", the root cause of this vulnerability
lies in Windows NT 4.0, and Microsoft recommends that customers
using Windows NT 4.0 consider applying the patch.
Patch Availability
==================
- Microsoft Windows NT 4.0 Workstation, Server and Server,
Enterprise Edition:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24079
- Microsoft Windows NT 4.0 Server, Terminal Server Edition: To be
released shortly
vulnerability in Microsoft(r) Internet Information Server (IIS). The
vulnerability could enable a malicious user to prevent an affected
web server from providing useful service.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-063.asp
Affected Software Versions
==========================
- Microsoft Internet Information Server 4.0
Note: As noted above in "Issue", the root cause of this vulnerability
lies in Windows NT 4.0, and Microsoft recommends that customers
using Windows NT 4.0 consider applying the patch.
Patch Availability
==================
- Microsoft Windows NT 4.0 Workstation, Server and Server,
Enterprise Edition:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24079
- Microsoft Windows NT 4.0 Server, Terminal Server Edition: To be
released shortly
Microsoft has released a Hotfix Checking Tool for IIS 5.0.
This tool enables IIS 5.0 administrators to to ensure that their servers are up to date on all security patches. The tool can be run continuously or periodically, against the local machine or a remote one, using either a database on the Microsoft web site or a locally-hosted copy. When the tool finds a patch that hasn´t been installed, it can display or dialogue or write a warning to the event log.
Download
This tool enables IIS 5.0 administrators to to ensure that their servers are up to date on all security patches. The tool can be run continuously or periodically, against the local machine or a remote one, using either a database on the Microsoft web site or a locally-hosted copy. When the tool finds a patch that hasn´t been installed, it can display or dialogue or write a warning to the event log.
Download
Microsoft has released a beta of Advanced Security Privacy for Internet Explorer 5.5