Mssecure - 2002-04-04 (JPN)
Source: stksecure.exe
Data Updated: 4/4/2002
Data Version: 1.0.1.241
MSBA/Tool Version: 3.32
MS98-001 - Disabling Creation of Local Groups on a Domain by Non-Administrative Users
Posted: 1998/06/01
The ability for non-administrative users to create aliases on the domain could be abused if they create a large number of local groups in the domain and cause the size of the account database to grow without restrictions. Unlimited local group creation could crash the domain controller and lead to excessive network traffic due to the replication of local group information to backup domain controllers.
Q169556
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: CREATALS_x86.exe
MS98-002 - Error Message Vulnerability Against Secured Internet Servers
Posted: 1998/06/26
Due to the large number of messages needed, a Web site operator could detect an attack through observations such as abnormal network or CPU utilization.
Q148427
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Exchange Server 5.5
- Exchange Server 5.5 Gold
- Exchange Server 5.5 SP1
Patch: ssl-fixi.exe
MS98-003 - File Access Issue with Windows NT Internet Information Server
Posted: 1998/07/02
The issue is a result of the way IIS parses file names. The fix involves IIS supporting NTFS alternate data streams by asking Windows NT to make the file name canonical.
Q188806
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
Patch: iis3fixi.exe
Q188806
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Personal Web Server 4.0
Patch: iis4fixi.exe
MS98-004 - Unauthorized ODBC Data Access with RDS and IIS
Posted: 1998/07/14
The risk of security vulnerability caused by the DataFactory is even greater if newer OLE DB Providers are installed on the server. "Microsoft DataShape Provider" and "Microsoft JET OLE DB provider" (which ship with MDAC 2.0 in Visual Studio? 98) allow shell commands to be executed. If the DataFactory is enabled on such a server, Internet clients can use these providers to execute shell commands, which can potentially bring down the server or otherwise severely affect its performance.
Q184375
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q184375
MS98-005 - Unwanted Data Issue with Office 98 for the Macintosh
Posted: 1998/07/17
The Mac OS, like many other Operating System (OS) file systems does not erase files when you delete them, it simply removes a reference to them in the disk's catalog, and marks the space they occupied as free. Office 98 does not clear the disk space when the Mac OS allocates it during a File Save operation. Instead, Office 98 simply writes the file contents to the allocated disk space, overwriting any random data that physically existed on the disk. Since the Mac OS allocates the disk space in set chucks, called clusters, the small amount of unused space at the end of the file's last cluster may contain random data from previously deleted files. The data cannot be viewed when opened as a native Office file. However, an ASCII text editor can be used to view the extraneous data. The chance that sensitive data will be transferred through this bug is unlikely, since multiple unusual scenarios must occur.
Affected Products:
- Office 98 for Macintosh
- Office 98 for Macintosh Gold
Patch: 98-005
MS98-006 - Potential Denial-of-Service in IIS FTP Server due to Passive Connections
Posted: 1998/07/23
When multiple passive connections are made to a single FTP server through the PASV FTP command, it is possible to use up all available system threads for servicing clients. Once this happens, requests for additional connections will fail as discussed above, and will continue to fail until a client thread is again available. Further, the FTP and WWW services on a computer share a common thread pool, and exhausting the FTP thread pool will also cause a failure in connection requests for the WWW service.
Q189262
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
Patch: ftpfix4i.exe
Q189262
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
Patch: ftpfix3i.exe
MS98-007 - Potential SMTP and NNTP Denial-of-Service Vulnerabilities
Posted: 1998/07/24
This issue involves a denial of service vulnerability that can potentially be used by someone with malicious intent to unexpectedly cause multiple components of the Microsoft Exchange Server to stop.
Q188341
Affected Products:
- Exchange Server 5.0
- Exchange Server 5.0 SP1
- Exchange Server 5.0 SP2
Patch: psp2stri.exe
Q188341
Affected Products:
- Exchange Server 5.0
- Exchange Server 5.0 SP1
- Exchange Server 5.0 SP2
Patch: psp2imsi.exe
Q188341
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 Gold
Patch: MS98-007
MS98-008 - Long file name Security Issue affecting Microsoft Outlook 98 and Microsoft Outlook Express 4.x
Posted: 1998/07/27
When the email client receives a malicious mail or news message that contains an attachment with a very long filename, it could cause the email client to shut down unexpectedly. These very long filenames do not normally occur in mail or news messages, and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious email message to run arbitrary computer code contained in the long string.
Affected Products:
- Outlook 98
- Outlook 98 Gold
Patch: outptch2.exe
Affected Products:
- Outlook Express 4.01
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 Gold
Patch: oelong
MS98-009 - Windows NT Privilege Elevation Attack
Posted: 1998/07/27
In this attack, a non-administrative user obtains administrative access to the system by virtue of being able to gain debug-level access on a system process.
Q190288
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
Patch: privfixi.exe
MS98-010 - Information on the Back Orifice Program
Posted: 1998/08/04
It is unclear from the author's statements what "Back Orifice" is intended to do. In the press release that accompanied its release, "Back Orifice" is alternately described as an administrative tool or as something that demonstrates some security vulnerability in the Windows platform. Potential threads: Remotely controlling and monitoring a computer running Windows Reading everything that the user types at the keyboard Capturing images that are displayed on the monitor Uploading and downloading files remotely Redirecting information to a remote Internet site
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: MS98-010
MS98-011 - Window.External JScript Vulnerability in Microsoft Internet Explorer 4.0
Posted: 1998/08/17
Microsoft Internet Explorer 4.0, 4.01, and 4.01 SP1 use the JScript Scripting Engine version 3.1 to process scripts on a Web page. When Internet Explorer encounters a web page that uses JScript script to invoke the Window.External function with a very long string, Internet Explorer could terminate. Long strings do not normally occur in scripts and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious script message to run arbitrary computer code contained in the long string.
Q191200
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
Patch: jscript.asp
Posted: 1998/09/04
The Cross Frame Navigate issue involves a vulnerability in Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for a malicious Web site operator to read the contents of files on your computer.
Q168485
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
Patch: xframe.asp
MS98-015 - Untrusted Scripted Paste Issue in Microsoft Internet Explorer 4.01
Posted: 1998/10/16
The "Untrusted Scripted Paste" issue involves a vulnerability in Internet Explorer that could allow a malicious web site operator to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for the operator to read the contents of a file on the user's computer if he knows the exact name and path of the targeted file. This could also be used to view the contents of a file on the user's network, if the user has access to it and the malicious operator knows its direct path name
Q169245
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
Patch: paste.asp
MS98-016 - Dotless IP Address Issue in Microsoft Internet Explorer 4
Posted: 1998/10/23
The "Dotless IP Address" issue involves a vulnerability in Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for a malicious web site operator to misrepresent the URL of an Internet web site and make it appear as if the machine is on the user's "Local Intranet Zone". Internet Explorer has the ability to set security settings differently between different zones. By this means, a malicious site could potentially perform actions that had been disabled in the Internet Zone or Restricted Sites Zone, but is permitted in the Local Intranet Zone
Q168617
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP1
Patch: dotless.asp
MS98-019 - IIS GET Vulnerability
Posted: 1998/12/21
This vulnerability involves the HTTP GET method, which is used to obtain information from an IIS web server. Specially-malformed GET requests can create a denial of service situation that consumes all server resources, causing a server to "hang." In some cases, the server can be put back into service by stopping and restarting IIS; in others, the server may need to be rebooted.
Q192296
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
Patch: infget4i.exe
Q192296
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 4
Patch: infget3i.exe
MS98-018 - Excel CALL Vulnerability
Posted: 1998/12/10
Excel generates a warning to the user before running macros, including those containing the CALL function, and allows the user to decide whether or not to run them. However, Excel does not generate a warning before executing worksheet functions, and if used in this manner, CALL could be used to call an external DLL without a warning to the user. An attacker could exploit this functionality by embedding a CALL function within an Excel spreadsheet and sending it to an unwary user. The attacker would be able to control whether the CALL function fired when the victim opened the spreadsheet or when another event occurred.
Q196791
Affected Products:
- Office 97
- Office 97 SR-2/SR-2b
- Excel 97
- Office 97 SR-2/SR-2b
Patch: Xl8p9pkg
MS98-020 - Frame Spoof Vulnerability
Posted: 1998/12/23
This vulnerability exists because Internet Explorer's cross domain protection does not extend to navigation of frames. This makes it possible for a malicious web site to insert content into a frame within another web site's window. If done properly, the user might not be able to tell that the frame contents were not from the legitimate site, and could be tricked into providing personal data to the malicious site. Non-secure (HTTP) and secure (HTTPS) sites are equally at risk from this vulnerability.
Q167614
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP1
Patch: spoof.asp
MS98-017 - Named Pipes Over RPC Vulnerability
Posted: 1998/11/19
The underlying problem is the way that Windows NT 4.0 attempts to shut down invalid named pipe RPC connections. An attacker could exploit this problem to create a denial of service condition by opening multiple named pipe connections and sending random data. When the RPC service attempts to close the invalid connections, the service consumes all CPU resources and memory use grows considerably, which may result in the system hanging. This is a denial of service vulnerability only; there is no risk of compromise or loss of data from the attacked system.
Q195733
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: nprpcfxi.exe
- ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP4/archive/nprpc-fix/
MS98-012 - Updates available for Security Vulnerabilities in Microsoft PPTP
Posted: 1998/08/18
The Microsoft implementation of PPTP uses MS-CHAP for user authentication and Microsoft Point-to-Point Encryption (MPPE) to protect the confidentiality of user data. Potential vulnerabilities addressed by these updates include: Dictionary attack against the LAN Manager authentication information Password theft PPTP server spoofing Reuse of MPPE session keys
Q154091
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
Patch: dun40.exe
Q154091
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
Patch: pptpfixi.exe
Q154091
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
Patch: rrasfixi.exe
Q154091
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: msdun13.exe
MS98-014 - RPC Spoofing Denial of Service on Windows NT
Posted: 1998/09/29
It is possible for a malicious attacker to send spoofed RPC datagrams to UDP destination port 135 so that it appears as if one RPC server sent bad data to another RPC server. The second server returns a REJECT packet and the first server (the spoofed server) replies with another REJECT packet creating a loop that is not broken until a packet is dropped, which could take a few minutes. If this spoofed UDP packet is sent to multiple computers, a loop could possibly be created, consuming processor resources and network bandwidth
Q193233
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
Patch: snk-fixi.exe
Q193233
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT 4 Terminal Server Gold
Patch: Snk-fixi.exe
MS99-001 - Exposure in Forms 2.0 TextBox Control that allows data to be read from user's Clipboard
Posted: 1999/01/21
A malicious hacker could use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a web site set up by the malicious hacker or opens a HTML email created by the malicious hacker.
Q214757
Affected Products:
- Office 97
- Office 97 SR-2/SR-2b
- Outlook 98
- Office 97 SR-2/SR-2b
- Project 98
- Office 97 SR-2/SR-2b
- Visual Basic 5.0
- Visual Basic 5.0 Gold
- Word 97
- Office 97 SR-2/SR-2b
- Excel 97
- Office 97 SR-2/SR-2b
- PowerPoint 97
- Office 97 SR-2/SR-2b
Patch: fm2paste.exe
MS99-002 - Word 97 Template Vulnerability
Posted: 1999/01/21
A standard safety feature of Word 97 is that it warns users when a document containing macros is opened; however, if that document does not itself contain macros, but rather is linked to a template that does contains macros, no warning is issued. A malicious hacker could exploit this vulnerability to cause malicious macro code to run without warning if a user opens a Word document attached to an email sent by the malicious hacker, or if the user opens a Word document on a web site controlled by the malicious hacker. This malicious macro could possibly be used to damage or retrieve data on a user's system.
Q214652
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: Wd97SP.EXE
MS99-003 - IIS Malformed FTP List Request Vulnerability
Posted: 1999/02/03
It is noteworthy that the "list" command is only available to users after they have authenticated to the server. As a result, only users who are authorized to use the server would be able to mount such an attack, and their presence on the server could be logged if the owner of the site chose to do so. However, many sites provide guest accounts, and this could allow a malicious user to attack the server anonymously.
Q188348
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
Patch: ftpls3i.exe
Q188348
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
Patch: ftpls4i.exe
MS99-007 - Taskpads Scripting Vulnerability
Posted: 1999/02/22
A vulnerability exists because certain methods provided by Taskpads are incorrectly marked as "safe for scripting" and can be misused by a web site operator to invoke executables on a visiting user's workstation without their knowledge or permission.
Q218619
Affected Products:
- Windows 98 Resource Kit
- Windows 98 Resource Kit Gold
- Windows 98 Resource Kit Sampler
- Windows 98 Resource Kit Sampler Gold
Patch: tmcpatch.exe
Q218619
Affected Products:
- BackOffice Resource Kit SE
- BackOffice Resource Kit SE Gold
Patch: itmcpatch.exe
MS99-010 - File Access Vulnerability in Personal Web Server
Posted: 1999/03/26
This vulnerability allows a file request that uses a non-standard URL to bypass the server's normal file access controls. The file must be specifically requested by name, so the requester would need to know the name of the file or correctly guess it. The vulnerability would allow files on the server to be read, but not changed or deleted, and would not allow new files to be written to the server.
Q216453 (FP98)
Affected Products:
- Personal Web Server 4.0
- Personal Web Server 4.0 Gold
Patch: Pwssecup.exe
Q216453 (FP98)
Affected Products:
- FrontPage 98 Personal Web Server 1.0
Patch: fppws98.exe
Q216453 (FP98)
Affected Products:
- FrontPage 97 Personal Web Server 1.0
- FrontPage 97 Personal Web Server 1.0 Gold
Patch: Q217765
MS99-005 - BackOffice Server 4.0 Does Not Delete Installation Setup File
Posted: 1999/02/12
When a user chooses to install SQL Server, Exchange Server or Microsoft Transaction Server as part of a BackOffice 4.0 installation, the BackOffice installer program requests the name and password for the accounts associated with these services. Specifically, it asks for the account name and password for the SQL Executive Logon account, the Exchange Services Account, and the MTS Remote Administration Account. These values are stored in %systemdrive>\Program Files\Microsoft Backoffice\Reboot.ini, and used to install the associated services. BackOffice Server does not erase this file when the installation process is completed. This is true regardless of whether the installation process completes successfully or unsuccessful
Q217004
Affected Products:
- BackOffice Server 4.0
Patch: Q217004
MS99-004 - Authentication Processing Error in Windows NT 4.0 Service Pack 4
Posted: 1999/02/08
The logic error in Service Pack 4 incorrectly allows a null "NT hash" value to be used for authentication from Windows NT systems. The result is that if a user account's password was last changed from a DOS, Windows 3.1, Windows for Workgroups, OS/2 or Macintosh client, a user can logon into that account from a Windows NT system using a blank password.By far the most likely machines to be affected by this vulnerability would be domain controllers running Windows NT 4.0 SP 4, in networks that contain any of the downlevel clients listed above. However, any server or workstation running Windows NT 4.0 SP 4 that contains a SAM database with active users who communicate from downlevel clients would be vulnerable to this problem.
Q214840
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: msv-fixi.exe
MS99-006 - Windows NT Known DLLs List Vulnerability
Posted: 1999/02/19
In Windows NT, core operating system DLLs are kept in virtual memory and shared between the programs running on the system. This is done to avoid having redundant copies of the DLLs in memory, and improves memory usage and system performance. When a program calls a function provided by one of these DLLs, the operating system references a data structure called the KnownDLLs list to determine the location of the DLL in virtual memory. The Windows NT security architecture protects in-memory DLLs against modification, but by default it allows all users to read from and write to the KnownDLLs list. This is the root problem underlying the vulnerability.A user can programmatically load into memory a malicious DLL that has the same name as a system DLL, then change the entry in the KnownDLLs list to point to the malicious copy. From that point forward, programs that request the system DLL will instead be directed to the malicious copy. When called by a program with sufficiently high privileges, it could take any desired action, such as adding the malicious user to the Administrators group.It is important to understand that the user must able to run exploitation code on a machine in order to elevate their privileges. There are two types of machines at risk:Machines that allow non-administrative users to interactively log on. Workstation and terminal servers typically do allow this, but, per standard security practices, most other servers only allow administrators to interactively log on.
Q218473
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: Smss-fixi
MS99-008 - Windows NT Screen Saver Vulnerability
Posted: 1999/03/12
Windows NT provides a screen saver feature, in which a user-selected screen saver program is run when the machine has been idle for a specified length of time. Windows NT initially launches a screen saver in the local system context, then immediately changes its security context to match that of the user. However, Windows NT does not check whether this context change was successfully made. This is the underlying problem in this vulnerability. If the context change can be made to fail, the screen saver will remain running in a highly-privileged state. The risk is that a malicious user could develop a screen saver program that, for example, uses the elevated privileges to add the author to the Administrators group.It is important to understand that the user must able to run exploitation code on a machine in order to elevate their privileges.
Q221991
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: ScrnSav-fix
MS99-009 - Malformed Bind Request Vulnerability
Posted: 1999/03/16
The Bind function in the Exchange 5.5 Directory Service has an unchecked buffer that poses two threats to safe operation. The first is a denial of service threat. A malformed Bind request could overflow the buffer, causing the Exchange Directory service to crash. The server would not need to be rebooted, but the Exchange Directory service, and possibly dependent services as well, would need to be restarted in order to resume messaging service. The second threat is more esoteric and would be far more difficult to exploit. A carefully-constructed Bind request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither attack could occur accidentally.
Q221989
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP2
Patch: PSP2DIRI.EXE
MS99-013 - File Viewers Vulnerability
Posted: 1999/05/07
Microsoft Site Server and Internet Information Server include tools that allow web site visitors to view selected files on the server. These are installed by default under Site Server, but must be explicitly installed under IIS. These tools are provided to allow users to view the source code of sample files as a learning exercise, and are not intended to be deployed on production web servers. The underlying problem in this vulnerability is that the tools do not restrict which files a web site visitor can view.
Q232449
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
Patch: fix2450i.exe
Q231368
Affected Products:
- Site Server 3.0, Commerce Edition
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
Patch: viewfixi.exe
MS99-015 - Malformed Help File Vulnerability
Posted: 1999/05/17
The Windows Help utility parses and displays help information for applications. The help information is contained in files of several types that are generated by the Help Compiler (part of the AppWizard utility), and is stored by default in the WINNT\help folder. By default, users can write to this folder. An unchecked buffer exists in the Help utility, and a help file that has been carefully modified could be used to execute arbitrary code on the local machine via a classic buffer overrun technique. Because the Help Compiler's output files do not generate the specific malformation at issue here, this vulnerability could not be accidentally exploited.
Q231605
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: winhlp-i.exe
MS99-016 - Malformed Phonebook Entry Vulnerability
Posted: 1999/05/20
The component of the RAS client that processes phonebook entries has an unchecked buffer. This results in a vulnerability that poses two threats to safe operation. The first is a denial of service threat; a malformed phonebook entry could overflow the buffer, causing the RAS client service to crash. The second is more esoteric and would be far more difficult to exploit. A carefully-constructed phonebook entry could cause arbitrary code to execute on the client via a classic buffer overrun technique. Neither variant could be exploited accidentally.It is important to stress that the vulnerability affects RAS client machines, not RAS servers, and that the user must have permission to add or modify phonebook entries in order to mount the attack. (Permissions can be set via the phonebook's ACL). The machines primarily at risk from this vulnerability are workstations that are configured to dial out to other systems, because servers, including terminal servers, are not typically configured to act as RAS clients. It also is important to note that this vulnerability would affect only the local machine; there is no capability to directly attack a remote machine via this vulnerability.
Q230677
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
Patch: rasffixi.exe
MS99-017 - RAS and RRAS Password Vulnerability
Posted: 1999/05/27
When the client software for Microsoft RAS or RRAS is used to dial into a server, a dialogue requests the user's userid and password for the server. On the same dialogue is a checkbox whose caption reads ";Save password"; and which is intended to provide the user with the option to cache their security credentials if desired. However, the implemented client functionality actually caches the user's credentials regardless of whether the checkbox is selected or de-selected.Cached security credentials, which include the password, are stored and encrypted in the registry and protected by ACLs whose default values authorize only local administrators and the owner of the credentials to access them. Windows NT 4.0 Service Pack 4 also provides the ability to strongly encrypts the password data stored in the registry using the SYSKEY feature
Q230681
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: raspassword-fix
Q233303
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: rpwdfixi.exe
MS99-020 - Malformed LSA Request Vulnerability
Posted: 1999/06/23
Windows NT provides the ability to manage user privileges programmatically via the Local Security Authority (LSA) API. The API allows a program to query user names, modify privileges, and change other elements of the security policy, subject to the program's authorizations. Calls to the LSA API can be made from either the local machine or remotely via RPC.Certain API methods do not correctly handle certain types of invalid arguments. The vulnerability is a denial of service threat only, and service can be restored by restarting the machine. There is no capability to use this vulnerability to obtain unauthorized services from LSA.
Q231457
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
Patch: lsareqi.exe
MS99-021 - CSRSS Worker Thread Exhaustion Vulnerability
Posted: 1999/06/23
If all worker threads in CSRSS.EXE are occupied awaiting user input, no other requests can be serviced, effectively causing the server to hang. When user input is provided, processing returns to normal.
Q233323
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: csrssfxi.exe
MS99-023 - Malformed Image Header Vulnerability
Posted: 1999/06/30
If an executable file with a specially-malformed image header is executed, it will cause a system failure. The affected machine will need to be rebooted in order to place it back in service. Any work that was in progress when the machine crashed could be lost.
Q234557
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: krnlifxi.exe
MS99-024 - Unprotected IOCTLs Vulnerability
Posted: 1999/07/06
On a terminal server, such a program could disable the keyboard and mouse on the console.
Q236359
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: ioctlfxi.exe
MS99-025 - Unauthorized Access to IIS Servers through ODBC Data Access with RDS
Posted: 1999/07/17
The RDS DataFactory object, a component of Microsoft Data Access Components (MDAC), exposes unsafe methods. When installed on a system running Internet Information Server 3.0 or 4.0, the DataFactory object may permit an otherwise unauthorized web user to perform privileged actions, including: Allowing unauthorized users to execute shell commands on the IIS system as a privileged user. On a multi-homed Internet-connected IIS system, using MDAC to tunnel SQL and other ODBC data requests through the public connection to a private back-end network. Allowing unauthorized accessing to secured, non-published files on the IIS system.
Q184375
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q184375
MS99-026 - Malformed Dialer Entry Vulnerability
Posted: 1999/07/29
Dialer.exe has an unchecked buffer in the portion of the program that processes the dialer.ini file. This vulnerability could be used to run arbitrary code via a classic buffer overrun technique.The circumstances of this vulnerability require a fairly complicated attack scenario that limits its scope. Dialer.exe runs in the security context of the user, so it would not benefit an attacker to simply modify a dialer.ini file and run it, as he or she would not gain additional privileges. Instead, the attacker would need to modify the dialer.ini file of another user who had higher privileges, then wait for that user to run Dialer.Although the unchecked buffer is present in all versions of Windows NT 4.0, the attack scenario would result in workstations that have dial-out capability being chiefly at risk. The FAQ discusses this in greater det
Q237185
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: dialrfxi.exe
MS99-027 - Encapsulated SMTP Address Vulnerability
Posted: 1999/08/06
Exchange Server implements features designed to defeat "mail relaying", a practice in which an attacker causes an e-mail server to forward mail from the attacker, as though the server were the sender of the mail. However, a vulnerability exists in this feature, and could allow an attacker to circumvent the anti-relaying features in an Internet-connected Exchange Server. The vulnerability lies in the way that site-to-site relaying is performed via SMTP. Encapsulated SMTP addresses could be used to send mail to any desired e-mail address.
Q237927
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP2
Patch: psp2imci.zip
MS99-028 - Terminal Server Connection Request Flooding Vulnerability
Posted: 1999/08/09
When a request to open a new terminal connection is received by a Terminal Server, the server undertakes a resource-intensive series of operations to prepare for the connection. It does this before authenticating the request. This would allow an attacker to mount a denial of service attack by levying a large number of bogus connection requests and consuming all memory on the Terminal Server. This vulnerability could be exploited remotely if connection requests are not filtered. In extreme cases, the server could crash in the face of such an attack; in other cases, normal processing would return when the attack ceased. The patch works by causing the server to require authentication before processing the connection request.
Q228724
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: tsmemfxi.exe
MS99-029 - Malformed HTTP Request Header Vulnerability
Posted: 1999/08/11
If multiple HTTP requests containing specially-malformed headers are sent to an affected server, IIS may consume all memory on the server. If this happens, IIS would be unable to service requests until either the clients that issued the requests were closed, or the IIS service were stopped and restarted. Once either of these actions have occurred, normal service would be restored.
Q238606
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: vdext4i.exe
MS99-031 - 「仮想マシン サンドボックス」の脆弱性に対する対策
Posted: 1999/8/25
J049939
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: msjavx86.exe
MS99-034 - 「断片化された IGMP パケット」の脆弱性に対する対策
Posted: 2000/3/16
JP238329
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: igmpfixi.exe
JP238329
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: Igmpfixi.exe
JP238329
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 238453US5.exe
JP238329
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 238453US8.EXE
MS99-036 - 「Windows NT 4.0 が無人インストール ファイルを削除しない」ことによる脆弱性に対する対策
Posted: 1999/9/10
J043376
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: MS99-036
MS99-038 - 「パケットの不正情報によりソースルーティングが有効になる」脆弱性に対する対策
Posted: 2000/4/6
JP238453
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
Patch: ipsrfixi.exe
MS99-039 - 「ドメイン解決」、「FTPダウンロード」の脆弱性に対する対策
Posted: 1999/9/23
JP241805
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: iprftp4i.exe
J050253
Affected Products:
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.5 Gold
Patch: q242559.exe
MS99-041 - 「RASMAN セキュリティ記述子」の脆弱性に対する対策
Posted: 1999/9/30
JP242294
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT4 Terminal Server Service Pack 5
Patch: fixrasi.exe
MS99-045 - 「仮想マシン ベリファイア」の脆弱性に対する対策
Posted: 1999/10/21
JP244283
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: msjavx86.exe
MS99-046 - 「TCP/IP のシーケンス番号が予測できてしまう」脆弱性 に対する対策
Posted: 2000/3/30
JP243835
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q243835i.exe
JP243835
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: Q243835i.EXE
MS99-047 - 「改ざんされたスプーラ リクエスト」の脆弱性に対する対策
Posted: 1999/11/4
JP243649
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q243649.exe
MS99-050 - 「サーバー側参照リダイレクト」の脆弱性に対する対策
Posted: 2000/1/5
JP246094
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q246094.exe
JP256094
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q246094.exe
MS99-055 - 「リソース カタログ要求に対し改ざんされた引数が渡された場合」の脆弱性に対する対策
Posted: 2000/2/28
JP246045
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q246045.EXE
MS99-056 - 「 Syskey がキーストリームを再使用する」の脆弱性に対する対策
Posted: 2000/2/28
JP248183
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q248183.EXE
MS99-057 - 「SID に無効な引数が渡された場合」の脆弱性に対する対策
Posted: 2000/2/28
JP248185
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q248183.EXE
MS00-001 - 「不正な IMAP リクエスト 」の脆弱性に対する対策
Posted: 2000/1/6
J051919
Affected Products:
- Microsoft Commercial Internet System 2.0
- Microsoft Commercial Internet System 2.0 Gold
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.5 Gold
Patch: q246731engi.EXE
MS00-002 - 「不正なコンバージョン データ」の脆弱性に対する対策
Posted: 2000/1/21
J052251
Affected Products:
- Word 98
- Word 98 Gold
- PowerPoint 98
- PowerPoint 98 Gold
- Word 97
- Word 97 Gold
Patch: WW5Pkg.exe
J052251
Affected Products:
- Word 2000
- Word 2000 Gold
- PowerPoint 2000
- PowerPoint 2000 Gold
Patch: WW5pkg.exe
MS00-003 - 「偽装 LPC ポート リクエスト」の脆弱性に対する対策
Posted: 2000/2/28
JP247869
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q247869i.EXE
MS00-004 - 「RDISK レジストリ情報ファイル」の脆弱性に対する対策
Posted: 2000/1/31
JP249108
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Terminal Server Service Pack 4
Patch: Q249108i.exe
JP249108
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q249108i.EXE
MS00-005 - 「RTF のコントロール ワードが改ざんされた場合」の脆弱性に対する対策
Posted: 2000/3/6
JP249973
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q249973i.EXE
JP249973
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.5
- Windows 95 SR 2.1
Patch: 249973USA5.exe
JP249973
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 249973USA8.exe
MS00-006 - 「Hit-Highlighting 引数の形式不良」の脆弱性に対する対策
Posted: 2000/2/1
JP251170
Affected Products:
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: Q251170_W2K_SP1_X86_en.EXE
JP252463
Affected Products:
- Index Server 2.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q252463i.EXE
MS00-007 - 「ごみ箱作成に伴う」脆弱性に対する対策
Posted: 2000/3/6
JP248399
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: q248399i.exe
MS00-008 - 「レジストリ値のアクセス権」の脆弱性に対する対策
Posted: 2000/3/10
JP259496
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q259496i.exe
MS00-011 - 「VM ファイル参照 問題」の脆弱性に対する対策
Posted: 2000/2/21
JP253562
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: msjavx86.exe
JP287030
Affected Products:
- Microsoft Virtual Machine (VM)
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_en.EXE
MS00-021 - 「改ざんされた TCP/IP 印刷リクエスト」の脆弱性 に対する対策
Posted: 2000/4/3
JP257870
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q257870i.EXE
JP257870
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: Q257870_W2K_SP1_x86_en.EXE
MS00-020 - 「デスクトップの分割による」脆弱性に対する対策
Posted: 2000/6/20
JP260197
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: q260197_w2k_sp1_x86_en.exe
MS00-026 - 「オブジェクトに対する属性」の脆弱性に対する対策
Posted: 2000/4/25
J053255
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: q259401_w2k_sp1_x86_en.exe
MS00-027 - 「極端に長い環境文字列を生成する引数が指定された場合」の脆弱性 に対する対策
Posted: 2000/4/25
JP259622
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q259622i.exe
JP259622
Affected Products:
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: q259622_w2k_sp1_x86_en.exe
MS00-029 - 「断片化された IP パケットの組み立てなおし」の脆弱性に対する対策
Posted: 2000/5/26
JP259728
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q259728i.EXE
JP259728
Affected Products:
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
Patch: Q259728_W2K_SP1_x86_en.EXE
JP259728
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q259728i.EXE
JP259728
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 259728USA5.EXE
JP259728
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 259728USA8.EXE
MS00-032 - 「Protected Store のキー暗号化」の脆弱性に対する対策
Posted: 2000/6/6
J053999
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: q260219_w2k_sp1_x86_en.exe
MS00-036 - 「ブラウザからの過度なアナウンス」の脆弱性に対する対策
Posted: 2000/5/30
JP262694
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q262694i.EXE
JP262694
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q262694_W2K_SP2_x86_en.EXE
MS00-040 - 「リモート レジストリ アクセス認証」の脆弱性に対する対策
Posted: 2000/6/12
JP264684
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q264684i.EXE
MS00-047 - 「NetBIOS Name Server Protocol Spoofing」の脆弱性に対する対策
Posted: 2000/8/7
JP269239
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: q269239i.exe
JP269239
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q269239_W2K_SP2_x86_en.EXE
JP269239
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q269239i.exe
MS00-052 - 「Shell の相対パス」の脆弱性に対する対策
Posted: 2000/8/9
JP269049
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q269049i.EXE
JP269049
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q269049i.exe
JP269049
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q269049_w2k_sp2_x86_en.exe
MS00-053 - 「サービス コントロール マネージャの名前付きパイプを利用したなりすまし」の脆弱性に対する対策
Posted: 2000/8/10
JP269523
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269523_W2K_SP2_x86_en.EXE
MS00-057 - 「正規化エラーによる、ファイルへの誤ったアクセス権の適用」の脆弱性に対する対策
Posted: 2000/8/15
JP269862
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: prmcan4i.exe
JP269862
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269862_W2K_SP2_x86_en.EXE
MS00-059 - 「Java VM アプレット」の脆弱性に対する対策
Posted: 2000/9/4
JP271752
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: msjavx86.exe
JP287030
Affected Products:
- Microsoft Virtual Machine (VM)
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_en.EXE
MS00-060 - 「IIS クロスサイト スクリプティング」に対する脆弱性を解決する修正プログラム
Posted: 2000/8/30
JP260347
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: crsscri.exe
JP275657
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q275657_W2K_SP2_x86_en.EXE
MS00-062 - 「ローカル セキュリティ ポリシーの破壊」の脆弱性を解決する修正プログラム
Posted: 2000/9/8
JP269609
Affected Products:
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
Patch: Q269609_W2K_SP1_x86_en.EXE
MS00-063 - 「無効な URL」の脆弱性に対する対策
Posted: 2000/9/8
JP271652
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q271652i.EXE
JP271652
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q271652I.EXE
MS00-065 - 「静止画像サービスを利用した権限の昇格」の脆弱性に対する対策
Posted: 2000/9/14
JP272736
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q272736_w2k_sp2_x86_en.exe
MS00-066 - 「無効な RPC パケット」の脆弱性に対する対策
Posted: 2000/9/26
JP272303
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q272303_w2k_sp2_x86_en.exe
MS00-067 - 「Windows 2000 Telnet クライアントの NTLM 認証」の脆弱性に対する対策
Posted: 2000/9/26
JP272743
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q272743_w2k_sp2_x86_en.exe
MS00-068 - 「OCX コントロールの電子メールへの添付」の脆弱性に対する対策
Posted: 2000/9/29
JP274303
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: WMSU28412.EXE
MS00-069 - 「簡体字中国語用 IME の状態認識」の脆弱性に対する対策
Posted: 2000/10/3
JP270676
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q270676_w2k_sp2_x86_en.exe
MS00-070 - 「LPC 呼び出しおよび LPC ポート」の複数にわたる脆弱性に対する対策
Posted: 2000/10/6
JP266433
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q266433i.exe
JP266433
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q266433_w2k_sp2_x86_en.exe
MS00-072 - 「共有レベルのアクセス制限パスワード」の脆弱性に対する対策
Posted: 2000/10/26
JP273991
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 273991usam.exe
JP273991
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SE
- Windows 98se Gold
Patch: 273991USA8.EXE
JP273991
Affected Products:
- Windows 95
Patch: 273991USA5.EXE
MS00-073 - 「不正な IPX NMPI パケット」 の脆弱性に対する対策
Posted: 2000/10/25
JP273727
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 273727USAM.EXE
JP273727
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 273727USA8.EXE
JP273727
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 273727USA5.EXE
MS00-074 - 「WebTV for Windows のサービス拒否」 の脆弱性に対する対策
Posted: 2000/10/25
JP274113
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 274113usam.exe
JP274113
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 274113USA8.EXE
MS00-076 - 「キャッシュされた Web アカウント情報」の脆弱性に対する対策
Posted: 2000/10/16
JP273868
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q273868.exe
MS00-077 - 「NetMeeting リモート デスクトップ共有」の脆弱性に対する対策
Posted: 2000/10/23
JP273854
Affected Products:
- NetMeeting
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: NM30.EXE
JP299796
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q299796_W2k_SP3_x86_en.exe
MS00-078 - 「Web サーバー フォルダへの侵入」の脆弱性に対する対策
Posted: 2000/10/20
JP276489
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: prmcan4i.exe
JP276489
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269862_W2K_SP2_x86_en.EXE
MS00-079 - 「ハイパーターミナルのバッファ オーバーフロー」の脆弱性に対する対策
Posted: 2000/10/26
JP274548
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 274548usam.exe
JP274548
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 274548USA8.EXE
JP276471
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q276471_W2K_SP3_x86_en.EXE
JP304158
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q304158i.exe
MS00-080 - 「セッション ID クッキーのマーキング」の脆弱性に対する対策
Posted: 2000/11/1
JP274149
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: secsesi.exe
JP274149
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q274149_W2K_SP2_x86_en.EXE
MS00-081 - 「VM のファイルの読み取り」の脆弱性に対する対策
Posted: 2000/10/30
JP287030
Affected Products:
- Microsoft Virtual Machine (VM)
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_en.EXE
JP277014
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: msjavx86.exe
MS00-082 - 「無効な MIME ヘッダー」の脆弱性に対する対策
Posted: 2000/11/30
JP275714
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP3
Patch: Q248838engI.EXE
MS00-083 - 「Netmon のプロトコル解析」の脆弱性に対する対策
Posted: 2000/11/7
JP274835
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q274835i.EXE
JP274835
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q274835_W2K_SP2_x86_en.EXE
JP273476
Affected Products:
- Systems Management Server 1.2
- Systems Management Server 1.2 SP4
Patch: Q273476c.EXE
JP273476
Affected Products:
- Systems Management Server 2.0
- Systems Management Server 2.0 Gold
- Systems Management Server 2.0 SP1
- Systems Management Server 2.0 SP2
Patch: Q273476c.exe
MS00-084 - 「インデックス サービスのクロスサイト スクリプティング」の脆弱性に対する対策
Posted: 2000/11/7
JP278499
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q278499_W2K_SP2_x86_en.EXE
MS00-085 - 「ActiveX におけるパラメータ照合」の脆弱性に対する対策
Posted: 2000/11/8
JP278511
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q278511_W2K_SP2_x86_en.EXE
MS00-086 - 「Web サーバーによるファイル要求の解析」の脆弱性に対する対策
Posted: 2000/11/8
JP277873
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: arbexei.exe
JP277873
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q277873_W2K_SP2_x86_en.EXE
MS00-087 - 「ターミナル サーバーへのログオンで発生するバッファ オーバーフロー」の脆弱性に対する対策
Posted: 2000/11/15
JP277910
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q277910i.exe
MS00-088 - 「Exchange ユーザー アカウント」の脆弱性に対する対策
Posted: 2000/11/22
JP278523
Affected Products:
- Exchange 2000 Server
- Exchange 2000 Gold
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
Patch: Q278523ENGI.EXE
MS00-089 - 「ドメイン アカウント ロックアウト」の脆弱性に対する対策
Posted: 2000/11/22
JP274372
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
Patch: q274372_w2k_sp2_x86_en.exe
MS00-090 - 「.ASX バッファ オーバーラン」と「.WMS スクリプト 実行」の脆弱性に対する対策
Posted: 2000/11/27
JP280419
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wmsu34419.EXE
JP280419
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
Patch: wmsu33995.exe
MS00-091 - 「不完全な TCP/IP パケット」の脆弱性に対する対策
Posted: 2000/12/1
JP275567
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: q275567i.exe
MS00-092 - 「拡張ストアド プロシージャ パラメータ解析」の脆弱性に対する対策
Posted: 2000/12/4
JP280380
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP2
Patch: s70918i.exe
JP280380
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 Gold
Patch: s80233i.exe
MS00-093 - 「印刷テンプレート」と「フォームによるファイル アップロード」の脆弱性に対する対策
Posted: 2000/12/7
JP279328
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q279328.exe
JP279328
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q279328.exe
JP279328
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q279328.exe
MS00-094 - 「電話帳サービス バッファ オーバーフロー」の脆弱性に対する対策
Posted: 2000/12/5
JP276575
Affected Products:
- Connection Manager
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q276575_W2K_SP2_x86_en.EXE
JP276575
Affected Products:
- Connection Manager
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: q276575i.exe
MS00-095 - 「レジストリのアクセス権」の脆弱性を解決するツール
Posted: 2000/12/7
JP265714
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q265714i.EXE
JP265714
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q265714i.exe
MS00-096 - 「SNMP パラメータ」の脆弱性を解決するツール
Posted: 2000/12/7
JP266794
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q266794_W2K_SP2_x86_en.EXE
MS00-097 - 「Windows Media サーバーに対する接続の切断」の脆弱性を解決する修正プログラム
Posted: 2000/12/18
J056842
Affected Products:
- Windows Media Services 4.1
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows Media Services 4.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: WMSU35924.EXE
MS00-098 - 「インデックス サービス ファイル列挙」の脆弱性に対する対策
Posted: 2000/12/20
JP280838
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q280838_W2K_SP2_x86_en.EXE
MS00-099 - 「ディレクトリ サービス復元モードのパスワード」の脆弱性に対する対策
Posted: 2000/12/21
JP271641
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q271641_W2K_SP2_x86_en.EXE
MS00-100 - 「無効なWeb フォームの提出」の脆弱性に対する対策
Posted: 2000/12/25
JP280322
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q280322_W2K_SP2_x86_en.EXE
JP280322
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q280322i.EXE
MS01-001 - Web クライアントが セキュリティの設定に関わらず NTLM 認証をしてしまう
Posted: 2001/1/16
JP282132
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 282132usam.exe
JP282132
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q282132_W2K_SP2_x86_en
JP282132
Affected Products:
- Office 2000
- Office 2000 SR-1a
- Office 2000 SR-1
- Office 2000 Service Pack 2
Patch: fpwec
MS01-002 - PowerPoint 2000 ファイル パーサーが問題のあるバッファを含む
Posted: 2001/1/23
JP285978
Affected Products:
- PowerPoint 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000 Service Pack 2
Patch: ppt2ksec.exe
MS01-003 - Winsock Mutex の弱いアクセス権によりサービスにエラーが発生する
Posted: 2001/1/25
JP279336
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q279336i.EXE
JP279336
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q279336i.exe
MS01-004 - 不正な .HTR リクエストがファイル フラグメントを読み取ってしまう
Posted: 2001/1/30
JP285985
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: frgvuli.exe
JP285985
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q285985_W2K_SP3_x86_en.EXE
MS01-005 - Packaging Anomaly Could Cause Hotfixes to be Removed
Posted: 2001/01/30
Microsoft packages all Windows 2000 hotfixes (including security patches) with a catalog file that lists all of the valid hotfixes that have been issued to date. The catalog is digitally signed to ensure its integrity, and Windows File Protection uses the signed catalog to determine which hotfixes are valid. An error in the production of the catalog files for English language Windows 2000 Post Service Pack 1 hotfixes made available through December 18, 2000 could, under very unlikely circumstances, cause Windows File Protection to remove a valid hotfix from a system. The removal of a hotfix could cause a customer?s system to revert to a version of a Windows 2000 module that contained a security vulnerability. Windows File Protection will only remove valid hotfixes from a Windows 2000 system under a very restrictive set of circumstances
Q281767
Affected Products:
Patch: Q281767_W2K_SP2_x86_en.EXE
Q285083
Affected Products:
Patch: Q285083_W2K_SP2_x86_en.EXE
MS01-006 - 無効な RDP データが Terminal Server を異常終了させる
Posted: 2001/2/1
JP286132
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q286132_W2K_SP2_x86_en.EXE
MS01-007 - Network DDE Agent の要求が、システム コンテキストでコードを実行してしまう
Posted: 2001/2/6
JP285851
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q285851_W2K_SP3_x86_en.EXE
MS01-008 - 不正な NTLMSSP リクエストによりシステム特権でコードが実行される
Posted: 2001/2/8
JP280119
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q280119i.EXE
JP280119
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q280119i.exe
MS00-009 - 「Image Source Redirect」の脆弱性に対する対策
Posted: 2000/2/23
J052547
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: Q251109.exe
J052547
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: q251109.exe
MS01-009 - 無効な PPTP パケット ストリームがカーネルを枯渇させてしまう
Posted: 2001/2/14
JP283001
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q283001i.exe
MS01-010 - Windows Media Player スキン ファイルが Java コードを実行してしまう
Posted: 2001/2/15
JP287045
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wmsu38041
- %windir%\system
MS01-011 - ドメイン コントローラへの無効なリクエストが CPU を使い果たす
Posted: 2001/2/21
JP299687
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q299687_W2K_SP3_x86_en.EXE
MS00-075 - 「Microsoft VM による ActiveX コンポーネントの制御」 の脆弱性に対する対策
Posted: 2000/10/16
JP275609
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: msjavx86.exe
JP287030
Affected Products:
- Microsoft Virtual Machine (VM)
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_en.EXE
MS00-071 - 「Word の差し込み印刷機能」の脆弱性に対する対策
Posted: 2000/10/10
JP272749
Affected Products:
- Word 2000
- Office 2000 SR-1a
Patch: wrdacc.exe
JP272749
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: wdac97.exe
MS00-044 - 「ディレクトリ ブラウザ引数の不在」脆弱性に対する対策
Posted: 2000/7/18
JP267559
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: htrdos4i.exe
JP267559
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q267559_W2K_SP2_x86_en.EXE
MS00-045 - 「メールとブラウザがリンクしつづけてしまう」脆弱性に対する対策
Posted: 2000/7/28
JP261255
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
- Outlook Express 5.01
- Internet Explorer 5.01 Gold
Patch: q261255.exe
JP261255
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Outlook Express 4.01
- Internet Explorer 4.01 SP2
Patch: Q261255.exe
MS00-046 - 「キャッシュ バイパス」の脆弱性に対する対策
Posted: 2000/7/28
JP247638
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
- Outlook Express 5.01
- Internet Explorer 5.01 Gold
Patch: q261255.exe
JP247638
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Outlook Express 4.01
- Internet Explorer 4.01 SP2
Patch: Q261255.exe
MS00-048 - 「ストアドプロシージャの権限」脆弱性に対する対策
Posted: 2000/7/21
JP266766
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
- SQL Server 7.0 SP2
- SQL Server Desktop Engine (MSDE) 1.0
- SQL Server 7.0 SP1
- SQL Server 7.0 SP2
Patch: s70918i.exe
MS00-051 - 「Excel REGISTER.ID 関数の脆弱性」に対する対策
Posted: 2000/8/1
J055000
Affected Products:
- Excel 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: xl9p3pkg.exe
J055000
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: xl8p10pkg.exe
MS00-054 - 「無効な IPX Ping パケット」の脆弱性に対する対策
Posted: 2000/8/10
JP265334
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 265334US5.EXE
JP265334
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 265334USA8.EXE
MS00-056 - 「Microsoft Office HTML Object Tag」の脆弱性に対する対策
Posted: 2000/8/15
J054842
Affected Products:
- Office 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- PowerPoint 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Word 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Excel 2000
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: Of9data.exe
MS00-058 - 「特殊化したヘッダ」の脆弱性に対する対策
Posted: 2000/8/16
JP256888
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q256888_W2K_SP1_x86_en.EXE
MS00-061 - 「Microsoft(R) Money のパスワード」に関する弱点を解決する修正プログラム
Posted: 2000/9/1
JP272232
Affected Products:
- Money 2000
- Money 2000 Gold
- Money 2001
- Money 2001 Gold
Patch: Update Internet Information
- On the Tools menu, click Update Internet Information.
MS00-042 - 「アクティブ セットアップ ダウンロード」脆弱性に対する対策
Posted: 2000/6/29
JP269368
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q269368.Exe
JP265258
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q265258.exe
JP265258
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q265258.exe
JP265258
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q265258.Exe
MS00-043 - 「改ざんされた電子メール ヘッダ」の脆弱性に対する対策
Posted: 2000/7/27
JP261255
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
- Outlook Express 5.01
- Internet Explorer 5.01 Gold
Patch: q261255.exe
JP267884
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Outlook Express 4.01
- Internet Explorer 4.01 SP2
Patch: Q261255.exe
MS00-064 - 「ユニキャスト サービスの競合状態」の脆弱性に対する対策
Posted: 2000/9/8
JP273014
Affected Products:
- Windows Media Services 4.0
- Windows Media Services 4.0 Gold
- Windows Media Services 4.1
- Windows Media Services 4.1 Gold
Patch: WMSU27678.EXE
MS00-033 - 「フレームのドメイン照合」、「権限のない cookie アクセス」、「コンポーネント属性の変形」の脆弱性に対する対策
Posted: 2000/5/17
JP269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
JP269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
MS00-039 - 「SSL 証明確認」の脆弱性に対する対策
Posted: 2000/6/5
JP269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
JP269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
MS00-041 - 「DTS パスワード」の脆弱性に対する対策
Posted: 2000/7/18
JP264880
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
- SQL Server 7.0 SP2
Patch: s70918i.exe
MS00-049 - 「Office HTML Script および IE Script」の脆弱性に対する対策
Posted: 2000/7/24
JP268365
Affected Products:
- Excel 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- PowerPoint 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: Addinsec.exe
J054902
Affected Products:
- PowerPoint 97
- PowerPoint 97 Gold
- Office 97
- Office 97 Gold
Patch: ppt97sec.EXE
JP269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
JP269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
JP269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q269368.Exe
JP269368
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q269368.Exe
MS00-050 - 「Telnet Server Flooding」 の脆弱性に対する対策
Posted: 2000/8/2
JP267843
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: q267843_w2k_sp2_x86_en.exe
MS00-055 - 「Scriptlet によるレンダリング」の脆弱性に対する対策
Posted: 2000/8/16
JP269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
JP269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
JP269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q269368.Exe
JP269368
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q269368.Exe
MS00-034 - Microsoft Office 2000 および Office 2000 ファミリー製品の脆弱性に対する対策
Posted: 2000/5/21
J054567
Affected Products:
- Office 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- PowerPoint 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Outlook 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Word 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Excel 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Photo Draw 2000 Version 2
- Photo Draw 2000 Version 2 Gold
- Photo Draw 2000 Version 1
- PictureIt 2000 Gold
- Photo Draw 2000 Version 1 Gold
- Publisher 2000
- Publisher 2000 Gold
- Project 2000
- Project 2000 Gold
- FrontPage 2000
- Front Page 2000 Gold
- Works 2000
- Works 2000 Gold
- Access 2000
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: Uactlsec.exe
MS00-035 - 「SQL Server 7.0 Service Pack のパスワード」の脆弱性に対する対策
Posted: 2000/5/31
JP263968
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
- SQL Server 7.0 SP2
- SQL Server 7.0 SP3
Patch: sqlsp.exe
MS00-037 - 「HTML Help File Code Execution」の脆弱性に対する対策
Posted: 2000/6/2
J055079
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: hhupd.exe
J055079
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q259166_W2K_SP1_x86_en.EXE
MS00-038 - 「Windows Media Encoder の異常な形式の要求」の脆弱性に対する対策
Posted: 2000/5/30
JP264133
Affected Products:
- Windows Media Encoder 4.0
- Windows Media Encoder 4.0 Gold
- Windows Media Encoder 4.1
- Windows Media Encoder 4.1 Gold
Patch: WMSU20935a.EXE
MS00-010 - 「サイト ウィザード入力確認」の脆弱性に対する対策
Posted: 2000/2/22
J052525
Affected Products:
- Site Server 3.0, Commerce Edition
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
- Site Server 3.0 SP3
- Site Server 3.0 SP4
Patch: Q252614.zip
MS00-012 - 「リモート エージェントのアクセス許可」の脆弱性に対する対策
Posted: 2000/3/21
Affected Products:
- Systems Management Server 2.0
- Systems Management Server 2.0 Gold
- Systems Management Server 2.0 SP1
Patch: Q249847i.EXE
MS00-013 - 「Windows Media サービス ハンドシェイクの順序不良」の脆弱性に対する対策
Posted: 2000/3/14
JP253943
Affected Products:
- Windows Media Services 4.0
- Windows Media Services 4.0 Gold
- Windows Media Services 4.1
- Windows Media Services 4.1 Gold
Patch: WMSU4954_NT4.EXE
JP253943
Affected Products:
- Windows Media Services 4.1
- Windows Media Services 4.1 Gold
- Windows Media Services 4.0
- Windows Media Services 4.0 Gold
Patch: WMSU4954_Win2000.EXE
MS00-014 - 「SQL クエリー」の脆弱性に対する対策
Posted: 2000/3/8
J053553
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
- SQL Server 7.0 Gold
- SQL Server Desktop Engine (MSDE) 1.0
- SQL Server 7.0 Gold
- SQL Server 7.0 SP1
Patch: s70780i.exe
MS00-015 - 「Microsoft Clip Art Gallery」における脆弱性に対する対策
Posted: 2000/3/8
J052983
Affected Products:
- Office 2000
- Office 2000 Gold
- Works 2000
- Works 2000 Gold
- PictureIt 2000
- PictureIt 2000 Gold
- Home Publishing 2000
- Home Publishing 2000 Gold
- Publisher 99
- Publisher 99 Gold
- Photo Draw 2000 Version 1
- Photo Draw 2000 Version 1 Gold
- Greetings 2000
- Greetings 2000 Gold
Patch: cilupdt.exe
MS00-016 - 「改ざんされたメディア ライセンス要求」の脆弱性に対する対策
Posted: 2000/3/17
JP257200
Affected Products:
- Windows Media Rights Manager 1
- Windows Media Rights Manager 1 Gold
Patch: WMRMU8912_NT4.EXE
MS00-017 - 「パスに DOS デバイス名が含まれる場合」の脆弱性に対する対策
Posted: 2000/7/18
JP256015
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 256015USA5.EXE
JP256015
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 256015USA8.EXE
MS00-018 - 「チャンクエンコーディングされたポスト」の脆弱性に対する対策
Posted: 2000/3/29
JP252693
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: chkenc4i.exe
MS00-019 - 「仮想化された UNC シェア」の脆弱性に対する対策
Posted: 2000/4/3
JP249599
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: uncsec4i.exe
JP249599
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q249599_W2K_SP1_X86_en.EXE
MS00-022 - 「XLM Text Macro」の脆弱性に対する対策
Posted: 2000/4/3
J053267
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: xl8p9pkg.exe
MS00-023 - 「無数のエスケープ文字」の脆弱性に対する対策
Posted: 2000/4/12
JP254142
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: escseq4i.exe
JP254142
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q254142_W2K_SP1_x86_en.EXE
MS00-024 - 「改ざんされたレジストリが暗号キーに与える影響」の脆弱性に対する対策
Posted: 2000/4/12
JP259496
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q259496i.exe
MS00-025 - 「Link View サーバー側コンポーネント」の脆弱性に対する対策
Posted: 2000/4/20
JP259799
Affected Products:
- FrontPage 98 Server Extensions
- FrontPage 98 Server Extensions Gold
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Personal Web Server 4.0
- Personal Web Server 4.0 Gold
Patch: Q259799
MS00-028 - 「サーバー側イメージ マップ コンポーネント」の脆弱性に対する対策
Posted: 2000/4/27
J053654
Affected Products:
- FrontPage 97 Server Extensions
- FrontPage 97 Server Extensions Gold
- FrontPage 98 Server Extensions
- FrontPage 98 Server Extensions Gold
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Personal Web Server 4.0
- Personal Web Server 4.0 Gold
Patch: Q260267
MS00-030 - 「URL 内の変形された拡張子データ」の脆弱性に対する対策
Posted: 2000/5/12
JP260205
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: myrdot4i.exe
JP260205
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q260205_W2K_SP1_x86_en.EXE
MS00-031 - 「区切り文字なしの .HTR リクエスト」 および 「.HTR 経由のファイル フラグメントの読み取り」の脆弱性に対する対策
Posted: 2000/5/12
JP267559
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: q267559_w2k_sp2_x86_en.exe
JP260838
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: ismpst4i.exe
MS99-053 - 「マルチスレッド SSL ISAPI フィルタ」の脆弱性に対する対策
Posted: 1999/12/3
JP244613
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
Patch: sslune4i.exe
MS99-054 - 「WPAD Spoofing」の脆弱性に対する対策
Posted: 1999/12/1
JP247333
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q247333
MS99-058 - 「仮想ディレクトリの名前」の脆弱性
Posted: 1999/12/21
JP238606
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
Patch: vrdcon4i.exe
MS99-059 - 「不正なTDSパケット ヘッダ」の脆弱性に対する対策
Posted: 1999/12/20
J053551
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
Patch: S70761i.exe
MS99-060 - 「HTML メール添付ファイル」の脆弱性に対する対策
Posted: 1999/12/24
J051863
Affected Products:
- Outlook Express 5 for Macintosh
- Outlook Express 5 for Macintosh Gold
- Internet Explorer 4.5 for Macintosh
- Internet Explorer 4.5 for Macintosh Gold
Patch: MacFiles
MS99-061 - 「エスケープ文字解析」の脆弱性に対する対策
Posted: 1999/12/24
JP246401
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: unschx4i.exe
MS99-052 - 「パスワードをキャッシュするレガシ メカニズムが与える」脆弱性に対する対策
Posted: 2000/4/18
JP168115
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 168115us5.exe
JP168115
Affected Products:
- Windows 98
- Windows 98 Gold
Patch: 168115us8.exe
MS99-051 - 「IE タスク スケジューラ」の脆弱性に対する対策
Posted: 1999/11/29
J051680
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q246972
MS99-049 - 「URL を用いたファイルアクセス」の脆弱性に対する対策
Posted: 2000/4/18
JP245729
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 245729us5.exe
JP245729
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
Patch: 245729us8.exe
MS99-048 - 「Active Setup Control」の脆弱性に対する対策
Posted: 1999/12/24
JP244540
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q244540.exe
JP244540
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q244540.exe
MS99-044 - 「Excel SYLK」の脆弱性に対する対策
Posted: 2000/11/17
J051700
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: xl8p9pkg.exe
J051700
Affected Products:
- Excel 2000
- Office 2000 Gold
- Office 2000
- Office 2000 Gold
Patch: xl9p2pkg.exe
MS99-043 - 「Javascript リダイレクト」の脆弱性に対する対策
Posted: 1999/12/7
J053009
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q244356.exe
J053009
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q244357.exe
MS99-042 - 「IFRAME ExecCommand」の脆弱性に対する対策
Posted: 1999/10/15
J051103
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q243638.exe
MS99-040 - IE 5 「ダウンロード動作」の脆弱性に対する対策
Posted: 1999/9/28
JP242542
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q243638.exe
MS99-037 - 「ImportExportFavorites」 の脆弱性に対する対策
Posted: 1999/9/10
J051213
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q241361.exe
J051213
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: Q241361.exe
MS99-035 - 「Set Cookie ヘッダによるキャッシュ」の脆弱性に対する対策
Posted: 1999/9/10
J050066
Affected Products:
- Site Server 3.0
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
- Site Server 3.0, Commerce Edition
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
- Microsoft Commercial Internet System 2.0
- Microsoft Commercial Internet System 2.0 Gold
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.5 Gold
Patch: q238647x86eng.exe
MS99-033 - 「改ざんされた Telnet 引数」の脆弱性に対する対策
Posted: 1999/9/9
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: telnet95.exe
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: TelnetUp.EXE
MS99-032 - 「Scriptlet.typlib/Eyedog」の脆弱性に対する対策
Posted: 1999/8/31
JP240308
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 5
- Internet Explorer 5 Gold
- Outlook Express 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
Patch: q240308.exe
MS99-030 - Office 「ODBC ドライバ」の脆弱性に対する対策
Posted: 1999/8/20
J050041
Affected Products:
- Office 95
- Office 95 Gold
Patch: Jet30Pkg.exe
J050041
Affected Products:
- Office 97
- Office 97 Gold
- Office 97 SR-1
- Office 97 SR-2/SR-2b
Patch: jetCopkg.exe
J050041
Affected Products:
- Office 2000
- Office 2000 Gold
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: JetcoPkg.exe
MS99-022 - Double Byte Code Page Vulnerability
Posted: 1999/06/24
When IIS is run on a machine on which a double-byte character set code page is used (i.e., the default language on the server is set to Chinese, Japanese, or Korean), and a specific URL construction is used to request a file in a virtual directory, normal server-side processing is bypassed. As a result, the file is simply delivered as text to the browser, thereby allowing the source code to be viewed.
JP233335
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: fesrc3i.exe
JP233335
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 3
Patch: fesrc4i.exe
MS99-019 - Malformed HTR Request Vulnerability
Posted: 1999/06/15
The vulnerability involves an unchecked buffer in the filter DLLs for these file types. This poses two threats to safe operation. The first is a denial of service threat. A malformed request for an .HTR, .STM or .IDC file could overflow the buffer, causing IIS to crash. The server would not need to be rebooted, but IIS would need to be rebooted in order to resume service. The second threat is that a carefully-constructed file request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither attack could occur accidentally. The vulnerability is present regardless of whether .HTR, .STM or .IDC files are present on the server.
JP234905
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: extfixi.exe
MS99-018 - Malformed Favorites Icon Vulnerability
Posted: 1999/05/27
The "Malformed Favorites Icon" vulnerability. The Favorites feature allows IE users to keep a list of their favorite web sites. In IE 5, the Favorites list can contain icons that are supplied by the associated web sites. However, there is an unchecked buffer in the implementation. A specially-malformed icon could overrun the buffer and be used to run arbitrary code on the user's computer. This vulnerability only affects IE 5 when run on Windows 95 or 98; it does not affect Windows NT systems. The "Legacy ActiveX Control" vulnerability. An ActiveX control that was used by previous versions of IE also was included in IE 4.0 and IE 5 even though it is not used by either. It could be misused to allow a web site to read the user's local hard drive. The update eliminates the vulnerability by removing the control.
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q241361.exe
Affected Products:
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
Patch: q241361.exe
MS99-014 - Excel 97 Virus Warning Vulnerabilities
Posted: 1999/05/07
Microsoft Excel 97 provides a feature that warns the user before launching an external file that could potentially contain a virus or other malicious software. However, certain scenarios have been identified that could be misused to bypass the warning mechanism. In general, they require the use of infrequently-combined features and commands, and are unlikely to be encountered in normal use.
Affected Products:
- Office 97
- Office 97 SR-2/SR-2b
- Excel 97
- Office 97 SR-2/SR-2b
Patch: Xl8p9pkg.exe
MS99-012 - MSHTML Update Available for Internet Explorer
Posted: 1999/04/21
The first vulnerability is a new variant of a previously-identified cross-frame security vulnerability. A particular malformed URL could be used to execute scripts in the security context of a different domain. This could allow a malicious web site operator to execute a script on the web site, and gain privileges on visiting users' machines that are normally granted only to their trusted sites. The second vulnerability affects only Internet Explorer 5.0, and is a new variant of a previously-identified untrusted scripted paste vulnerability. The vulnerability would allow a script to paste a filename into the file upload intrinsic control. This should only be possible by explicit user action. Once the filename has been pasted into the control, a subsequent form submission could send the file to a remote web site. If the user has disabled the default warning that is displayed when submitting unencrypted forms, the file would be sent without any warning to the user. The third vulnerability is a privacy issue involving the processing of the "IMG SRC" tag in HTML files. This tag identifies and loads image sources - image files that are to be displayed as part of a web page. The vulnerability results because the tag can be used to point to files of any type, rather than only image files, after which point the document object model methods can be used to determine information about them. A malicious web site operator could use this vulnerability to determine the size and MIME type of files on the computer of a visiting user.
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: mshtml5.exe
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
Patch: mshtml4.exe
MS99-011 - DHTML Edit Vulnerability
Posted: 1999/04/21
The root cause of the vulnerability lies in the fact that a web site that hosts the "safe for scripting" version of the control is able to upload any data entered into the control. A malicious web site operator could trick a user into entering sensitive data into a DHTML Edit control hosted on a web page from the operator's site, and then upload the data. In addition, if the malicious web site operator knows the name of a file on the user's local drive, it is possible for the operator to programmatically load the file into the control and then upload it.
Affected Products:
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: DHTMLED5.EXE
MS01-012 - Outlook と Outlook Express の vCard ハンドラが問題のあるバッファを含む
Posted: 2001/2/23
JP283908
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
- Outlook Express 5.5
- Internet Explorer 5.5 SP1
Patch: q283908.exe
JP283908
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
- Outlook Express 5.01
- Internet Explorer 5.01 SP1
Patch: Q283908.exe
MS01-013 - Windows 2000 イベント ビューアが問題のあるバッファを含む
Posted: 2001/2/27
JP285156
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q285156_W2K_SP3_x86_en.EXE
MS01-014 - 不正な URL により IIS 5.0 及び Exchange 2000 のサービスにエラーが発生する
Posted: 2001/3/2
JP286818
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q286818_W2K_SP3_x86_en.EXE
JP287678
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
- Exchange 2000 Server
- Exchange 2000 Gold
Patch: Q287678engi386.EXE
MS01-015 - Internet Explorer がキャッシュされたコンテンツの場所を漏えいしてしまう
Posted: 2001/3/9
JP279328
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q279328.exe
JP286045
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q286045.exe
JP286043
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q286043.exe
JP280768
Affected Products:
- Windows Script 5.1
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: scripten.exe
JP280768
Affected Products:
- Windows Script 5.1
- Windows 95 SR 2.5
- Windows 95 SR 2.1
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 98 Gold
- Windows 98 SP1
Patch: ste51en.exe
JP280768
Affected Products:
- Windows Script 5.5
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Scripten.exe
JP280768
Affected Products:
- Windows Script 5.5
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98 Gold
- Windows 98 SP1
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Scr55en.exe
MS01-016 - 不正な WebDAV リクエストにより IIS が CPU リソースを使い果たす
Posted: 2001/3/9
JP291845
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q291845_W2K_SP2_x86_en.EXE
MS01-017 - VeriSign 発行の誤ったデジタル証明書による、なりすましの危険性
Posted: 2001/3/23
JP293818
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: Crlupd.exe
JP293818
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: crlupd.exe
MS01-018 - Visual Studio 6.0 VB T-SQL オブジェクトが問題のあるバッファを含む
Posted: 2001/3/28
Affected Products:
- Visual Studio 6.0
- Visual Studio 6.0 SP 5
- Visual Basic 6.0
- Visual Basic 6.0 Gold
Patch: Q281297.EXE
MS01-019 - 圧縮フォルダのパスワードが復元されてしまう
Posted: 2001/3/29
JP252694
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 252694usa8.exe
JP252694
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 252694usam.exe
MS01-020 - 不適切な MIME ヘッダーが原因で Internet Explorer が電子メールの添付ファイルを実行する
Posted: 2001/3/30
JP290108
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: Q290108.exe
JP290108
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q290108.exe
MS01-021 - Web 公開時に異常なリクエストによって Web Proxy サービスが停止する
Posted: 2001/4/17
JP295279
Affected Products:
- ISA Server 2000
- ISA Server 2000 Gold
Patch: isahf63.exe
MS01-022 - WebDAV Service Provider によりスクリプトがユーザーとしてリクエストを行う
Posted: 2001/4/19
JP296441
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows Me
- Windows Me Gold
Patch: rbupdate.exe
JP296441
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Rbupdate.exe
MS01-023 - ISAPI エクステンションの未チェックのバッファにより IIS 5.0 サーバーのセキュリティが侵害される
Posted: 2001/5/2
JP296576
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q296576_W2K_SP2_x86_en.EXE
MS01-024 - ドメイン コントローラへの不正なリクエストがメモリを使い果たす
Posted: 2001/5/9
JP299687
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q299687_W2K_SP3_x86_en.EXE
MS01-025 - Index Server の検索機能が未チェックのバッファを含む
Posted: 2001/5/11
JP294472
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Index Server 2.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q294472i.exe
JP296185
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Index Server 2.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q296185i.exe
JP296185
Affected Products:
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q296185_W2K_SP3_x86_en.EXE
MS01-026 - 不要なデコーディング操作により IIS でコマンドが実行される
Posted: 2001/5/15
JP293826
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q293826_W2K_SP3_x86_en.EXE
JP295534
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q295534i.exe
MS01-027 - Web サーバー証明書検証の問題により Web サイトの偽装が可能になる
Posted: 2001/5/17
JP295106
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q295106.exe
JP299618
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q299618.exe
MS01-028 - テンプレートにリンクしている RTF 文書が警告なしでマクロを実行する
Posted: 2001/5/22
JP288266
Affected Products:
- Word 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000 Service Pack 2
Patch: wd2kmsec.exe
JP288266
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: wd97mcrs.exe
MS01-029 - Windows Media Player .ASX プロセッサが未チェックのバッファを含む
Posted: 2001/5/24
JP296138
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
Patch: WMSU47357.exe
JP296138
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: mp71.exe
MS01-030 - Exchange 2000 Outlook Web Access Service で添付ファイルの不正処理によりスクリプトが実行される
Posted: 2001/6/7
JP299535
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q301361i386.EXE
JP299535
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
- Exchange 2000 Server
- Exchange 2000 Gold
Patch: Q299535engi386.EXE
MS01-031 - 推測可能な名前付きパイプが Telnet 経由でアクセス権の昇格を可能にする
Posted: 2001/6/8
JP299553
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q299553_W2K_SP3_x86_en.EXE
MS01-032 - SQL クエリ方法により、キャッシュされた管理者接続が再使用される
Posted: 2001/6/13
JP299717
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 Gold
Patch: s80296i.exe
JP299717
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
Patch: s70996i.exe
MS01-033 - Index Server ISAPI エクステンションの未チェックのバッファにより Web サーバーが攻撃される
Posted: 2001/6/19
JP300972
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q300972_W2K_SP3_x86_en.EXE
JP300972
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Index Server 2.0
- Windows NT4 Service Pack 6a
Patch: Q300972i.exe
MS01-034 - 不正な Word 文書が自動的にマクロを実行する
Posted: 2001/6/25
JP288266
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: wd97mcrs.exe
JP288266
Affected Products:
- Word 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000 Service Pack 2
Patch: wd2kmsec.exe
JP302294
Affected Products:
- Word 2002
- Word 2002 Gold
Patch: WRD1001.exe
MS01-035 - FrontPage Server Extension のサブコンポーネントが未チェックのバッファを含む
Posted: 2001/6/25
JP300477
Affected Products:
- Front Page 2000 Server Extensions
- Windows 2000 Service Pack 2
Patch: Q300477_W2K_SP3_x86_en.EXE
JP300477
Affected Products:
- Front Page 2000 Server Extensions
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q300477.exe
MS01-036 - LDAP SSL で公開される機能がパスワードの変更を可能にする
Posted: 2001/6/26
JP299687
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q299687_W2K_SP3_x86_en.EXE
MS01-037 - SMTP サービスの認証エラーがメールの中継を可能にする
Posted: 2001/7/6
JP302755
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q302755_W2k_SP3_x86_en.exe
MS01-038 - Outlook ビュー コントロールにより、安全でない機能が利用できる
Posted: 2001/7/13
JP303833
Affected Products:
- Outlook 2000
- Office 2000 Service Pack 2
Patch: outlctlx.exe
JP303833
Affected Products:
- Outlook 2002
- Outlook 2002 Gold
Patch: olk1003.exe
MS01-039 - Services for Unix 2.0 の Telnet および NFS サービスでメモリ リークが発生する
Posted: 2001/7/25
JP294380
Affected Products:
- Services for Unix 2.0 (NT)
- Services for Unix 2.0 (NT) Gold
Patch: q294380_sfu_2_x86.exe
JP294380
Affected Products:
- Services for Unix 2.0 (NT)
- Services for Unix 2.0 (NT) Gold
Patch: q301514_sfu_2_x86.exe
JP294380
Affected Products:
- Services for Unix 2.0 (Win2K)
- Services for Unix 2.0 (Win2K) Gold
Patch: q294380_sfu_2_x86.Exe
JP301514
Affected Products:
- Services for Unix 2.0 (Win2K)
- Services for Unix 2.0 (Win2K) Gold
Patch: q301514_sfu_2_x86.Exe
MS01-040 - 無効な RDP データの受信により、ターミナル サービスでメモリ リークが発生する場合がある
Posted: 2001/7/26
JP292435
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q292435_w2k_sp3_x86_en.exe
JP292435
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Service Pack 6a
Patch: q292435i.exe
MS01-041 - 不正な RPC リクエストがサービスを異常終了させる
Posted: 2001/7/27
JP299444
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q299444i.exe
JP299444
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q299444I.exe
JP298012
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q298012_w2k_sp3_x86_en.exe
JP298012
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
Patch: q298012_sql2000_x86_en.exe
JP298012
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP2
Patch: q298012_sql70sp2_x86_en.exe
JP304062
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: q304062engi386.exe
JP304062
Affected Products:
- Exchange 2000 Server
- Exchange 2000 Gold
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
Patch: q304063engi386.exe
MS01-042 - Windows Media Player .NSC ファイル処理に未チェックのバッファが含まれる
Posted: 2001/7/27
JP304404
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: wmsu55362.exe
MS01-043 - NNTP サービスでメモリ リークが発生する
Posted: 2001/8/15
JP303984
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q304876engi386.exe
JP303984
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Exchange 2000 Server
- Exchange 2000 Gold
- Exchange 2000 SP1
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
- Exchange 2000 SP1
Patch: q303984_w2k_sp3_x86_en.exe
MS01-044 - 2001 年 8 月 15 日 IIS 用の累積的な修正プログラム
Posted: 2001/8/16
JP301625
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: q301625i.exe
JP301625
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q301625_w2k_sp3_x86_en.exe
MS01-045 - H.323 ゲートキーパーと Web Proxy のメモリーリーク及びクロスサイトスクリプティングの脆弱性
Posted: 2001/8/17
JP289503
Affected Products:
- ISA Server 2000
- ISA Server 2000 Gold
Patch: isahf68.exe
MS01-046 - Windows 2000 赤外線デバイスドライバでのアクセス違反により、システムが再起動する
Posted: 2001/8/22
JP252795
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q252795_W2K_SP3_x86_en.EXE
MS01-047 - OWA 機能により、認証されていないユーザーがグローバル アドレス一覧を列挙することができる
Posted: 2001/9/7
JP307195
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q307195engi386.EXE
MS01-048 - RPC Endpoint Mapper への不正なリクエストにより、RPC サービスが異常終了する
Posted: 2001/9/11
JP305399
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q305399i.exe
MS01-049 - 深くネスト化した OWA リクエストによりサーバーの CPU が消費される
Posted: 2001/9/27
JP303451
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 SP1
- Exchange 2000 Server
- Exchange 2000 SP1
Patch: Q303451engi386.EXE
MS01-050 - 不正な Excel または PowerPoint の文書がマクロのセキュリティを無視する
Posted: 2001/10/5
JP306603
Affected Products:
- Excel 2000
- Office 2000 SR-1a
- Office 2000 Service Pack 2
Patch: xl2000
JP306603
Affected Products:
- Excel 2002
- Office 2002 Gold
Patch: xl2002
JP306603
Affected Products:
- PowerPoint 2000
- Office 2000 SR-1a
- Office 2000 Service Pack 2
Patch: Ppt2000
JP306603
Affected Products:
- PowerPoint 2002
- Office 2002 Gold
Patch: Ppt2002
MS01-051 - 不正なドットなし IP アドレスにより Web ページがイントラネット ゾーンで処理されてしまう
Posted: 2001/10/11
JP306121
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q306121.exe
JP306121
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q306121.exe
JP306121
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q306121.Exe
MS01-052 - 無効な RDP データが Terminal Service を異常終了させる
Posted: 2001/10/18
JP307454
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q307454i.exe
JP307454
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q307454_W2K_SP3_x86_en.exe
MS01-053 - ダウンロードされたアプリケーションが OS X の Internet Explorer 5.1 for Mac で実行される
Posted: 2001/10/23
JP311052
Affected Products:
- IE 5.1 for Macintosh
- IE 5.1 for Macintosh Gold
Patch: MacIE501
MS01-054 - 無効なユニバーサル プラグ アンド プレイのリクエストがシステムのオペレーションを妨害する
Posted: 2001/11/01
Q311311
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 309073USA8.EXE
Q311311
Affected Products:
- Windows Me
- Windows Me Gold
Patch: WinMEUPnP
JP309521
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WinXPUPnP
MS01-055 - 2001 年 11 月 13 日 Internet Explorer 用の累積的な修正プログラム
Posted: 2001/11/08
JP312461
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q312461.exe
JP312461
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q312461.exe
MS01-056 - Windows Media Player の .ASF ファイル処理に、未チェックのバッファが含まれる
Posted: 2001/11/20
JP308567
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
Patch: wm308567.exe
JP309521
Affected Products:
- Windows Media Player for Windows XP
- Windows Media Player for Windows XP Gold
Patch: WinXPUPnP
MS01-057 - 特別な形式の HTML メールのスクリプトが Exchange 5.5 OWA で実行される
Posted: 2001/12/06
JP313576
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q313576i386.exe
MS01-058 - 2001 年 12 月 13 日 Internet Explorer 用の累積的な修正プログラム
Posted: 2001/12/13
JP313675
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q313675.exe
JP313675
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q313675.exe
MS01-059 - ユニバーサル プラグ アンド プレイに含まれる未チェックのバッファによりシステムが侵害される
Posted: 2001/12/19
JP315000
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q315000_WXP_SP1_x86_ENU.exe
Q315000
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
Patch: 314941USA8.EXE
Q315000
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 314757USAM.EXE
MS01-060 - SQL Server テキスト フォーマット機能が未チェックのバッファを含む
Posted: 2001/12/20
JP304850
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP1
Patch: s80428i.exe
JP304851
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
Patch: sql7
MS02-001 - 信頼するドメインが認証データ内の SID (セキュリティ ID) のドメイン メンバシップを確認しない
Posted: 2002/01/22
JP311401
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
Patch: Win2KSRP1.exe
JP311401
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
Patch: w2kSP2SRP1.exe
MS02-002 - 不正なネットワーク リクエストにより Office v. X for Mac が異常終了する
Posted: 2002/02/06
JP317879
Affected Products:
- Office v. X for Mac
- Office v. X for Mac Gold
Patch: MacPatch
MS02-003 - Exchange 2000 System Attendant がレジストリ リモート アクセス権を不適切に設定する
Posted: 2002/02/07
JP316056
Affected Products:
- Exchange 2000 Server
- Exchange 2000 SP2
- Exchange 2000 Enterprise Server
- Exchange 2000 SP2
Patch: Q316056engi386.EXE
MS02-004 - Telnet Server に含まれる未チェックのバッファにより、任意のコードが実行される
Posted: 2002/02/07
JP307298
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Interix 2.2
- Interix 2.2 Gold
Patch: Q316056engi386.EXE
MS02-005 - 2002 年 2 月 11 日 Internet Explorer の累積的な修正プログラム
Posted: 2002/02/11
JP316059
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q316059.exe
JP316059
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q316059.exe
JP316059
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q316059.Exe
JP316059
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: Q316059.Exe
MS02-006 - SNMP サービスに含まれる未チェックのバッファにより、任意のコードが実行される
Posted: 2002/02/12
JP314147
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q314147i.exe
JP314147
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98se Gold
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: nopatch
JP314147
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q314147_W2K_SP3_X86_EN.exe
JP314147
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Home Edition
- Windows XP Gold
Patch: Q314147_WXP_SP1_x86_ENU.exe
MS02-007 - SQL Server のリモート データ ソース関数に未チェックのバッファが含まれる
Posted: 2002/02/20
JP316333
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- SQL Server Desktop Engine (MSDE) 2000
- SQL Server Desktop Engine (MSDE) 2000 SP2
Patch: 8.00.0578.exe
JP318268
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
- SQL Server Desktop Engine (MSDE) 1.0
- SQL Server 7.0 SP3
Patch: s71021a.exe
MS02-008 - XMLHTTP コントロールにより、ローカル ファイルにアクセスすることができる
Posted: 2002/02/21
Q318202
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q318202_MSXML20_x86_en.exe
Q318203
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q318203_MSXML30_x86_en.exe
Q317244
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: msxml4qfe.exe
MS02-009 - Internet Explorer の不正な VBScript 処理により Web ページがローカル ファイルを読み取る
Posted: 2002/02/21
JP318089
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: vbs51nen.exe
JP318089
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: vbs55nen.exe
JP318089
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Vbs55nen.exe
JP318089
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: vbs56nen.exe
MS02-010 - ISAPI フィルタの未チェックのバッファにより、Commerce Server が攻撃を受ける
Posted: 2002/02/21
JP317615
Affected Products:
- Commerce Server 2000
- Commerce Server 2000 SP2
Patch: tempcs
MS02-011 - 認証問題により、承認されていないユーザーが SMTP サービスに認証することができる
Posted: 2002/02/27
JP313450
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
Patch: Q313450_W2K_SP3_X86_EN.Exe
JP289258
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q289258engi386.EXE
MS02-012 - 不正なデータ送信リクエストにより Windows SMTP サービスが異常終了する
Posted: 2002/02/27
JP313450
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
Patch: Q313450_W2K_SP3_X86_EN.exe
JP313450
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Internet Information Services 5.1
- Windows XP Gold
Patch: Q313450_WXP_SP1_x86_ENU.exe
MS02-013 - Java アプレットがブラウザ トラフィックをリダイレクトする
Posted: 2002/03/04
JP300845
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Home Edition
- Windows XP Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 98 SE
- Windows 98se Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: msjavx86.exe
JP300845
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
Patch: Q300845_W2K_SP3_X86_EN.exe
MS02-014 - Windows Shell の未チェックのバッファにより、コードが実行される
Posted: 2002/03/07
JP313829
Affected Products:
- Windows 98 SE
- Windows 98se Gold
- Windows 98
- Windows 98 SP1
- Windows 98 Gold
Patch: win9802-014
JPQ313829
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q313829i.exe
JPQ313829
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q313829i.exe
JPQ313829
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
Patch: Q313829_W2K_SP3_X86_EN.exe
MS02-015 - 2002年3月28日 Internet Explorer 用の累積的な修正プログラム
Posted: 2002/03/28
Q319182
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q319182.exe
Q319182
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: Q319182.exe
Q319182
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q319182.Exe
Q319182
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q319182.EXE
