Symantec has posted a new virus definitions update for Norton Antivirus.
Microsoft has released a patch that eliminates a security vulnerability in a component that ships with Microsoft
Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a web server.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq01-001.asp
Affected Software Versions
Microsoft Office 2000
Microsoft Windows 2000
Microsoft Windows Me
Patch Availability
Microsoft Office 2000 (All Platforms):
http://officeupdate.microsoft.com/2000/downloaddetails/wecsec.htm
Microsoft Windows 2000 (Without Office 2000):
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26889
Microsoft Windows Me (Without Office 2000):
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26705
Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a web server.Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq01-001.asp
Affected Software Versions
Microsoft Office 2000
Microsoft Windows 2000
Microsoft Windows Me
Patch Availability
Microsoft Office 2000 (All Platforms):
http://officeupdate.microsoft.com/2000/downloaddetails/wecsec.htm
Microsoft Windows 2000 (Without Office 2000):
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26889
Microsoft Windows Me (Without Office 2000):
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26705
A new build of The Cleaner is out.
Last year saw Windows NT steaming ahead yet again as the most hacked web server operating system, with the majority of defaced pages sitting on compromised NT boxes.
Read more
Read more
MooSoft has posted a new trojan definitions database update for The Cleaner.
Symantec has posted a new virus definitions update for Norton Antivirus.
Symantec has posted a new virus definitions update for Norton Antivirus.
Microsoft has released a patch that eliminates a security vulnerability in a component that ships as part of Microsoft Internet Information Server. The vulnerability could potentially allow an attacker to prevent an affected web server from providing useful service.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-100.asp
Affected Software Versions
Microsoft IIS 4.0
Microsoft IIS 5.0
Patch Availability
Microsoft IIS 5.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26277
Microsoft IIS 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26704
Note: The IIS 5.0 patch can be applied atop system running either Windows 2000 Gold or Service Pack 1. It will be included in Windows 2000 Service Pack 2.
Note: The IIS 4.0 patch can be applied atop system running Windows NT 4.0 Service Pack 6a or 5. It will be included in Windows NT 4.0 Service Pack 7.
Note: IIS users who have removed the FPSE are not affected by this vulnerability and do not need to take further action.
Internet Information Server. The vulnerability could potentially allow an attacker to prevent an affected web server from providing useful service.Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-100.asp
Affected Software Versions
Microsoft IIS 4.0
Microsoft IIS 5.0
Patch Availability
Microsoft IIS 5.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26277
Microsoft IIS 4.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26704
Note: The IIS 5.0 patch can be applied atop system running either Windows 2000 Gold or Service Pack 1. It will be included in Windows 2000 Service Pack 2.
Note: The IIS 4.0 patch can be applied atop system running Windows NT 4.0 Service Pack 6a or 5. It will be included in Windows NT 4.0 Service Pack 7.
Note: IIS users who have removed the FPSE are not affected by this vulnerability and do not need to take further action.
Microsoft has released a patch that eliminates a security vulnerability affecting Microsoft Windows 2000 domain controllers. The vulnerability could allow a malicious user with physical access to a domain controller to install malicious software on it.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-099.asp
Affected Software Versions
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Note: Windows 2000 workstations are unaffected by this vulnerability.
Patch Availability
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26483
Note: On Windows 2000 Server and Advanced Server systems, this patch can be installed atop either the Gold version or Service Pack 1. It will be included in Windows Server and Advanced Server, Service Pack 2.
Windows 2000 domain controllers. The vulnerability could allow a malicious user with physical access to a domain controller to install malicious software on it.Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-099.asp
Affected Software Versions
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Note: Windows 2000 workstations are unaffected by this vulnerability.
Patch Availability
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26483
Note: On Windows 2000 Server and Advanced Server systems, this patch can be installed atop either the Gold version or Service Pack 1. It will be included in Windows Server and Advanced Server, Service Pack 2.
Microsoft has released a patch that eliminates a security vulnerability in a component that ships as part of Microsoft Windows 2000. The vulnerability could a malicious web site operator to learn the names and properties of file and folders on the machine of a visiting user.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-098.asp
Affected Software Versions
Index Server 2.0
Indexing Service 3.0
Note: Index Server 2.0 ships as part of the Windows NT 4.0 Option Pack. Indexing Service 3.0 ships as part of all versions of Windows 2000.
Patch Availability
Indexing Service 3.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26595
Note: As discussed in the FAQ, a patch has not been provided for Index Server 2.0, because this product should only be installed on web servers, which should never be used for browsing the Internet.
Note: This patch can be applied to systems running Windows 2000 Gold or Service Pack 1. It will be included in Windows 2000 Service Pack 3.
Windows 2000. The vulnerability could a malicious web site operator to learn the names and properties of file and folders on the machine of a visiting user.Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-098.asp
Affected Software Versions
Index Server 2.0
Indexing Service 3.0
Note: Index Server 2.0 ships as part of the Windows NT 4.0 Option Pack. Indexing Service 3.0 ships as part of all versions of Windows 2000.
Patch Availability
Indexing Service 3.0:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26595
Note: As discussed in the FAQ, a patch has not been provided for Index Server 2.0, because this product should only be installed on web servers, which should never be used for browsing the Internet.
Note: This patch can be applied to systems running Windows 2000 Gold or Service Pack 1. It will be included in Windows 2000 Service Pack 3.
MooSoft has posted a new trojan definitions database update for the Cleaner.
Symantec has posted a new virus definitions update for Norton Antivirus.
Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows Media Services. The vulnerability could allow a malicious user to degrade the performance of a Windows Media server, possibly to the point where it could no longer provide useful service.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-097.asp
Affected Software Versions
Microsoft Windows Media Services 4.0
Microsoft Windows Media Services 4.1
Patch Availability
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26470
Note: Windows Media Services 4.1 ships as part of Windows 2000, and the patch for Windows Media Services 4.1 can be applied atop Windows 2000 Gold or SP1. The fix will be incorporated into Windows 2000 SP3.
Note: Windows Media Services 4.0 does not ship as part of any other product. The patch for Windows Media Services 4.0 can be applied to any machine already running the product, and will not be included in any other product´s future service packs.
Windows Media Services. The vulnerability could allow a malicious user to degrade the performance of a Windows Media server, possibly to the point where it could no longer provide useful service.Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-097.asp
Affected Software Versions
Microsoft Windows Media Services 4.0
Microsoft Windows Media Services 4.1
Patch Availability
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26470
Note: Windows Media Services 4.1 ships as part of Windows 2000, and the patch for Windows Media Services 4.1 can be applied atop Windows 2000 Gold or SP1. The fix will be incorporated into Windows 2000 SP3.
Note: Windows Media Services 4.0 does not ship as part of any other product. The patch for Windows Media Services 4.0 can be applied to any machine already running the product, and will not be included in any other product´s future service packs.
MooSoft has posted a new trojan definitions update for The Cleaner
Symantec has released a new virus definitions update for Norton Antivirus.
MooSfot has posted a new trojan definitions database update for The Cleaner.
Symantec has updated the Norton AntiVirus virus definitions.
Microsoft has released a tool that corrects the permissions on several registry values in Microsoft Windows 2000. The default permissions could allow a malicious user to monitor or reconfigure certain devices on a network.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-096.asp
Affected Software Versions
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Patch Availability
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24500
Note: The Security Configuration and Analysis template provided in the patch can be applied to any Windows 2000 system.
Windows 2000. The default permissions could allow a malicious user to monitor or reconfigure certain devices on a network.Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-096.asp
Affected Software Versions
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Patch Availability
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24500
Note: The Security Configuration and Analysis template provided in the patch can be applied to any Windows 2000 system.
Microsoft has released a tool that corrects the permissions on several registry values in Microsoft Windows NT 4.0. The default permissions could allow a malicious user to gain additional privileges on an affected machine.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-095.asp
Affected Software Versions
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Enterprise Edition
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Patch Availability
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24501
Note: The version of the tool in this bulletin also includes all changes discussed in Security Bulletins MS00-008 and MS00-024.
Note: This tool may be run on machines running Windows NT 4.0 Service Packs 5 and 6a.
Windows NT 4.0. The default permissions could allow a malicious user to gain additional privileges on an affected machine.Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-095.asp
Affected Software Versions
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Enterprise Edition
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Patch Availability
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24501
Note: The version of the tool in this bulletin also includes all changes discussed in Security Bulletins MS00-008 and MS00-024.
Note: This tool may be run on machines running Windows NT 4.0 Service Packs 5 and 6a.
MooSoft has posted a new trojan definitions update for "The Cleaner".
