Security 10967 Published by Philipp Esselbach 0

Microsoft has released a patch that eliminates a security
vulnerability in NetMeeting, an application that ships with
Microsoft(r) Windows 2000 and is also available as a separate
download for Windows NT 4.0. The vulnerability could allow a
malicious user to temporarily prevent an affected machine from
providing any NetMeeting services and possibly consume 100% CPU
utilization during an attack.

Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-077.asp

Affected Software Versions
==========================
NetMeeting Version 3.01 (4.4.3385) on Windows 2000 or Windows NT 4.0.

Patch Availability
==================
- Windows 2000 and Windows NT 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25029

Security 10967 Published by Philipp Esselbach 0

Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Internet Explorer. Under a daunting
set of conditions, the vulnerability could enable a malicious user to
obtain another user´s userid and password to a web site.

Frequently asked questions regarding this vulnerability
and the patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-076.asp

Affected Software Versions
==========================
- Microsoft Internet Explorer 4.x
- Microsoft Internet Explorer 5.x prior to version 5.5

Note: Internet Explorer 5.5 is not affected by this vulnerability.
Customers using IE 5.5 do not need to take any action.

Patch Availability
==================
- http://www.microsoft.com/windows/ie/download/critical/q273868.htm

Note: The patch requires IE 5.01 SP1 to install. Customers who
install this patch on other versions may receive a message reading
"This update does not need to be installed on this system". This
message is incorrect. More information is available in KB article
Q273868.

Note: As discussed in Affected Software Versions, this vulnerability
does not affect IE 5.5.

Security 10967 Published by Philipp Esselbach 0

Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) virtual machine (Microsoft VM). If a
malicious web site operator were able to coax a user into visiting
his site, the vulnerability could allow him to take any desired
action on a visiting user´s machine.

Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-075.asp

Affected Software Versions
==========================
Versions of the Microsoft VM are identified by build numbers, which
can be determined using the JVIEW tool, as discussed in the FAQ. The
following builds of the Microsoft VM are affected:

- All builds in the 2000 series.
- All builds in the 3100 series.
- All builds in the 3200 series.
- All builds in the 3300 series.

Patch Availability
==================
- 2000-series Microsoft VM customers will be provided with an update
soon.
- 3100-series Microsoft VM customers upgrade to build 3318 or later
from:
http://www.microsoft.com/java/vm/dl_vm40.htm
- 3200-series Microsoft VM customers upgrade to build 3318 or later
from:
http://www.microsoft.com/java/vm/dl_vm40.htm
- 3300-series Microsoft VM customers upgrade to build 3318 or later
from:
http://www.microsoft.com/java/vm/dl_vm40.htm

Security 10967 Published by Philipp Esselbach 0

Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Word 2000 and 97. The vulnerability
could allow a malicious user to run arbitrary code on a victim´s
computer without their approval.

Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-071.asp

Affected Software Versions
==========================
- Microsoft Word 2000
- Microsoft Word 97

Patch Availability
==================
- Microsoft Word 2000:
http://officeupdate.microsoft.com/2000/downloadDetails/wrdacc.htm
- Microsoft Word 97: Patch will be available shortly.

Note Additional security patches are available at the Microsoft
Download Center

Security 10967 Published by Philipp Esselbach 0

Microsoft has released a patch that eliminates several security
vulnerabilities in Microsoft(r) Windows NT(r) 4.0 and Windows(r)
2000. The vulnerabilities could allow a range of effects, from denial
of service attacks to, in some cases, privilege elevation.

Frequently asked questions regarding this vulnerability and the
patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-070.asp

Affected Software Versions
==========================
- Microsoft Windows NT 4.0 Workstation
- Microsoft Windows NT 4.0 Server
- Microsoft Windows NT 4.0 Server, Enterprise Edition
- Microsoft Windows NT 4.0 Server, Terminal Server Edition
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server

Patch Availability
==================
- Microsoft Windows NT 4.0 Workstation, Server, and Server,
Enterprise Edition:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24650
- Microsoft Windows NT 4.0 Server, Terminal Server Edition:
To be released shortly
- Microsoft Windows 2000 Professional, Server, Advanced Server,
and Datacenter Server:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24649

Note: The Windows NT 4.0 patch can be installed on systems running
Service Pack 6a, and will be included in Service Pack 7. The Windows
2000 patch can be installed on systems with or without Service Pack
1, and will be included in Service Pack 2.

Security 10967 Published by Philipp Esselbach 0

Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Windows(r) 2000. The vulnerability
could allow a malicious user to gain complete control over an
affected machine.

Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-069.asp

Affected Software Versions
==========================
- Microsoft Windows 2000

Note: Only the Simplified Chinese version of Windows 2000 is affected
by default. Customers running any other language version of Windows
2000 only need to take action if they installed a Simplified Chinese
IME during system setup.

Patch Availability
==================
- Microsoft Windows 2000, Simplified Chinese version:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24631
- Microsoft Windows 2000, English version:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24627

Security 10967 Published by Philipp Esselbach 0

The Outlook:registered: 2000 SR-1 E-mail Security Update for the MultiLanguage Pack ensures that the Outlook 2000 SR-1 E-mail Security Update performs with complete functionality when you use an Office 2000 MultiLanguage Pack.

Note - For the Outlook 2000 SR-1 E-mail Security Update for the MultiLanguage Pack to work correctly, you must have installed the Office 2000 Service Release 1 (or Office 2000 Service Release 1a (SR-1a)), the Outlook 2000 SR-1 E-mail Security Update & the Office 2000 MultiLanguage Pack Service Release 1 for the language you are using.

Read more/Download

Security 10967 Published by Philipp Esselbach 0

MooSoft has posted a updated database for The Cleaner.

To update simply go to Start->Programs->The Cleaner->MooLive

Database v3169 09-29-2000
----------------------------
Added Keylog Trojan
Added Magic Horse

Updated InCommand
Updated MTX
Updated NetBus

Security 10967 Published by Philipp Esselbach 0

Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Windows Media Player (WMP) 7 but
primarily affects e-mail applications. The net effect of the
vulnerability is that it could enable a malicious user to create an
e-mail that, when closed after being read, could cause the e-mail
application to fail.

Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-068.asp

Affected Software Versions
===========================
- Microsoft Windows Media Player 7

Patch Availability
==================
- Microsoft Windows Media Player 7
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24421

Security 10967 Published by Philipp Esselbach 0

Symantec has released a new virus definitions update for Norton AntiVirus.

This update will work on the following products:

NAV for Lotus Notes (Intel)
NAV for MS Exchange (Intel)
NAV 4.0, 5.0 and 2000 for Win9x
NAV 4.0, 5.0 and 2000 for WinNT
NAV 2000 for Win2000
NAV for Firewalls
pcAnywhere32 7.5 and higher for WinNT
Norton Utilities for Windows 95/98 (all versions)
Norton SystemWorks (all versions)

Download

Security 10967 Published by Philipp Esselbach 0

Microsoft has updated the "Windows 2000 Telnet Client NTLM Authentication" Vulnerability Patch.

Summary
=======
On September 14, 2000, Microsoft released the original version of
this bulletin, which was revised the following day to advise of a
problem with the patch. On September 21, 2000, a new version of the
patch was released, and the bulletin was updated to advise of its
availability. Microsoft recommends that all customers, including
those who applied the original version of the patch, apply the new
version.

The patch eliminates a security vulnerability in the telnet client
that ships with Microsoft(r) Windows 2000. The vulnerability could,
under certain circumstances, allow a malicious user to obtain
cryptographically protected logon credentials from another user.

Frequently asked questions regarding this vulnerability and
the patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-067.asp

Patch Availability
==================
- Microsoft Windows 2000:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24399

Note: Customers who applied the original version of the patch should
consider applying the current version. The original version
eliminated the vulnerability; however, if a malicious user attempted
to exploit the vulnerability, the patch caused the Telnet client to
fail. The current version of the patch eliminates the vulnerability
without interfering with Telnet connections.

Note: This patch will also be included in the next Service Pack for
Windows 2000. It can be applied to computers with or without Service
Pack 1.

Security 10967 Published by Philipp Esselbach 0

Moosoft has updated their trojan definitions database for The Cleaner.

To update simply go to Start->Programs->The Cleaner->MooLive

Database v3161 09-19-2000
-------------------------
Added Cyber Takeover
Added Fuse
Added Happy2000
Added WinLoop
Added Zoory

Updated DTSE
Updated NetBus
Updated PsychWard
Updated Sockets de Troie
Updated SubSeven