|
|
The Computer Guys Miami to Fort Lauderdale Since 1994 |
|
|
|
|
We Build the Best & Repair the Rest! © |
|
|
|
|
|
Originally posted: March 28, 2001 MS01-019 : Passwords for Compressed Folders are Recoverable SummaryWho should read this bulletin: Impact of vulnerability: Recommendation:
MS01-017 : Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard SummaryWho should read this bulletin: Impact of vulnerability:
Originally posted: November 30, 2000 MS00-091 : Incomplete TCP/IP Packet Vulnerability SummaryMicrosoft has released a patch that eliminates a security vulnerability in Microsoft® Windows NT 4.0 and a recommended workaround for Windows 95, 98, 98 Second Edition, and Windows Me. The vulnerability could allow a malicious user to temporarily prevent an affected machine from providing any networking services or cause it to stop responding entirely. Affected Software: Windows NT 4.0 Windows 95, 98, 98 Second Edition, and Windows Me Note: Windows 2000 is not affected by this vulnerability
Originally posted: October 25, 2000 MS00-081 : New Variant of VM File Reading Vulnerability SummaryOn October 25, 2000, Microsoft released this bulletin, to advise customers of the availability of a patch that eliminates a new variant of a security vulnerability affecting the Microsoft® virtual machine (Microsoft VM). On October 27, 2000, we updated the bulletin to advise that fewer versions of the VM are affected than originally reported. The original variant of the vulnerability was discussed in Microsoft Security Bulletin MS00-011. Like the original vulnerability, the new variant could enable a malicious web site operator to read files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site was visited by a computer from within that intranet. Originally posted: October 18, 2000 MS00-079 : HyperTerminal Buffer Overflow Vulnerability SummaryOn October 18, 2000, Microsoft released the original version of this security bulletin, to advise of the availability of a patch that eliminates a security vulnerability in the HyperTerminal application that ships with Microsoft® Windows® 98, Windows 98 Second Edition, Windows Me and Windows 2000. On May 24, 2001, we re-released the bulletin to advise of the availability of a new patch that corrects both this vulnerability and a subsequently discovered variant. The scope of both the original and the new vulnerabilities is the same. Both could, under certain conditions, allow a malicious user to execute arbitrary code on another user's system. This would enable the malicious user to compromise data or take action on the other user's system Originally posted: October 11, 2000 MS00-074 : WebTV for Windows Denial of Service Vulnerability SummaryMicrosoft has released a patch that eliminates a security vulnerability in Microsoft® WebTV for Windows. The vulnerability could allow a malicious user to remotely crash systems running WebTV for Windows. Affected Software:
Vulnerability Identifier: CVE-2000-0830
Originally posted: October 11, 2000 MS00-073 : Malformed IPX NMPI Packet Vulnerability SummaryMicrosoft has released a patch that eliminates a security vulnerability in Microsoft® Windows 95, Windows 98, 98 Second Edition and Windows Me. The vulnerability could be used to cause an affected system to fail, and depending on the number of affected machines on a network, potentially could be used to flood the network with superfluous data. The affected system component normally is present only if it has been deliberately installed. Affected Software:
Vulnerability Identifier: CVE-2000-0980
Microsoft Security Bulletin (MS00-059)Patch Available for 'Java VM Applet' VulnerabilityOriginally posted: August 21, 2000 SummaryMicrosoft has released a patch that eliminates a security vulnerability in the Microsoft® virtual machine (Microsoft VM). If a malicious web site operator were able to coax a user into visiting his site, the vulnerability could allow him to masquerade as the user, visit other sites using his identity, and relay the information back to his site. Affected Software:
Microsoft Security Bulletin (MS00-054)Patch Available for 'Malformed IPX Ping Packet' VulnerabilityDate Published: August 03, 2000 SummaryMicrosoft has released a patch that eliminates a security vulnerability in Microsoft® Windows 95, 98 and 98 Second Edition. The vulnerability could be used to cause an affected system to fail, and depending on the number of affected machines on a network, potentially could be used to flood the network with superfluous data. The affected system component generally is present only if it has been deliberately installed. Affected Software:
Vulnerability Identifier: CVE-2000-0742
Microsoft Security Bulletin (MS00-029)Patch Available for "IP Fragment Reassembly" VulnerabilityOriginally Posted: May 19, 2000 SummaryMicrosoft has released a patch that eliminates a security vulnerability in Microsoft® Windows® 95, Windows 98, Windows NT® 4.0 and Windows 2000. The vulnerability could be used to cause an affected machine to temporarily stop performing useful work. Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-029.mspx
Microsoft Security Bulletin (MS00-017)Patch Available for "DOS Device in Path Name" VulnerabilityOriginally Posted: March 16, 2000 SummaryMicrosoft has released a patch that eliminates a security vulnerability in Microsoft® Windows® 95, Windows 98, and Windows 98 Second Edition. The vulnerability could cause a user's system to crash, if they attempted to access a file or folder whose path contained certain reserved words. Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/technet/security/bulletin/fq00-017.mspx
Microsoft Security Bulletin (MS00-011)Patch Available for "VM File Reading" VulnerabilityOriginally Posted: February 18, 2000 SummaryMicrosoft has released a patch that eliminates a security vulnerability in the Microsoft® virtual machine (Microsoft VM). The vulnerability could enable a malicious web site operator to read files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet. In both cases the malicious applet would have to know the exact name and location of the files. Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq00-011.mspx
Microsoft Security Bulletin (MS00-005)Patch Available for "Malformed RTF Control Word" VulnerabilityOriginally Posted: January 17, 2000 SummaryMicrosoft has released a patch that eliminates a security vulnerability in the Rich Text Format (RTF) reader that ships as part of Microsoft® Windows® 95 and 98, and Windows NT® 4.0. Under certain conditions, the vulnerability could be used to cause email programs to crash. Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/technet/security/bulletin/fq00-005.mspx
Microsoft Security Bulletin (MS99-052)Patch Available for "Legacy Credential Caching" VulnerabilityOriginally Posted: November 29, 1999 Summary Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Windows® 95 and 98 caused by a legacy mechanism for caching network security credentials. The vulnerability could allow a user's plaintext network password to be retrieved from the cache. Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/security/bulletins/fq99-052.mspx. Microsoft Security Bulletin (MS99-049)Patch Available for "File Access URL" VulnerabilityOriginally Posted: November 12, 1999 Summary Microsoft has released a patch that eliminates a vulnerability in Microsoft Windows 95 or Windows 98. The vulnerability could allow a malicious web site or e-mail message to cause the Windows machine to crash, or to run arbitrary code. Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/technet/security/bulletins/fq99-049.mspx.
Microsoft Security Program: Microsoft Security Bulletin (MS99-045)Patch Available "Virtual Machine Verifier" VulnerabilityPatch Availability Information Updated: March 21, 2003 Summary Microsoft has released a new version of the Microsoft® virtual machine (Microsoft VM) that eliminates a security vulnerability that could allow a Java applet to take unauthorized actions on the computer of a web site visitor. Although no standard Java compiler can generate such an applet, a Java applet constructed by hand with a Java bytecode assembler could bypass the sandbox and take virtually any action on the computer that the user would be capable of taking. Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/technet/security/bulletin/fq99-045.mspx
Microsoft Security Program: Microsoft Security Bulletin (MS99-033)Patch Available for "Malformed Telnet Argument" VulnerabilityOriginally Posted: September 09, 1999 Summary Microsoft has released a patch that eliminates a vulnerability in the Telnet client that ships as part of Microsoft® Windows® 95 and 98. The vulnerability could allow arbitrary code to be executed on the user's computer. Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/technet/security/bulletin/fq99-033.mspx Microsoft Security Program: Microsoft Security Bulletin (MS99-034)Patch Available for "Fragmented IGMP Packet" VulnerabilityPatch Availability Information Updated: March 21, 2003 Summary Microsoft has released a patch that eliminates a vulnerability in the TCP/IP stack implementations of Microsoft® Windows® 95, Windows 98® and Windows NT® 4.0. Fragmented IGMP packets can cause a variety of problems in Windows 95 and 98, up to and including causing the machine to crash. Windows NT 4.0 contains the same vulnerability, but other system mechanisms make a successful attack much more difficult. Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/technet/security/bulletin/fq99-034.mspx
Microsoft Security Program: Microsoft Security Bulletin (MS99-031)Patch Available for "Virtual Machine Sandbox" VulnerabilityVersion Availability Updated: March 21, 2003 Summary Microsoft has released a new version of the Microsoft® virtual machine (Microsoft VM) that eliminates a security vulnerability that could allow a Java applet to take unauthorized actions on the computer of a web site visitor. Frequently asked questions regarding this vulnerability can be found at http://www.microsoft.com/technet/security/bulletin/fq99-031.mspx
Microsoft Security Advisor Program: Microsoft Security Bulletin (MS98-012)Updates available for Security Vulnerabilities in Microsoft PPTPPatch Availability Information Updated: March 10, 2003 Summary Microsoft has released a set of patches that fix several security issues with implementations of the Point-to-Point Tunneling Protocol (PPTP) used in Microsoft Virtual Private Networking (VPN) products. Customers using affected software listed below to secure communcations over a public network (i.e. the Internet) should download and apply these patches as soon as possible. Customers who are not using PPTP for network security are not affected by this issue. Issue The Microsoft implementation of PPTP uses MS-CHAP for user authentication and Microsoft Point-to-Point Encryption (MPPE) to protect the confidentiality of user data. Potential vulnerabilities addressed by these updates include:
While there have not been any reports of customers being adversely affected by these problems, Microsoft is releasing these patches to address the implied risks posed by these issues. Affected Software Versions The following software is affected by this vulnerability:
Microsoft Security Advisor Program: Microsoft Security Bulletin (MS98-010)Information on the "Back Orifice" ProgramLast Revision: August 12, 1998 Summary On July 21, a self-described hacker group known as the Cult of the Dead Cow released a program called "Back Orifice," and suggested that users of the Microsoft® Windows® operating system were somehow at risk from unauthorized attacks. Microsoft takes security seriously, and has issued this bulletin to advise customers that users of Windows 95 and Windows 98 following safe computing practices (including not installing software from unknown and untrusted sources) are not at risk. Additionally, users of the Microsoft Windows NT® operating system and the Microsoft BackOffice® suite of products are not threatened in any way by this tool, because it does not even run on Windows NT Server. |
|
|
