Mssecure - 2002-08-21 (JPN)

Source: stksecure.exe

Data Updated: 8/21/2002

Data Version: 1.0.1.363

MSBA/Tool Version: 1.0 3.32

---

MS98-001 - Disabling Creation of Local Groups on a Domain by Non-Administrative Users

Posted: 1998/06/01

The ability for non-administrative users to create aliases on the domain could be abused if they create a large number of local groups in the domain and cause the size of the account database to grow without restrictions. Unlimited local group creation could crash the domain controller and lead to excessive network traffic due to the replication of local group information to backup domain controllers.

Q169556

Affected Products:

• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: CREATALS_x86.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/CREATALS_x86.exe

---

MS98-002 - Error Message Vulnerability Against Secured Internet Servers

Posted: 1998/06/26

Due to the large number of messages needed, a Web site operator could detect an attack through observations such as abnormal network or CPU utilization.

Q148427

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 3
• Internet Information Server 3.0
  • Windows NT4 Service Pack 3
• Exchange Server 5.5
  • Exchange Server 5.5 Gold
  • Exchange Server 5.5 SP1

Patch: ssl-fixi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/ssl-fix/

---

MS98-003 - File Access Issue with Windows NT Internet Information Server

Posted: 1998/07/02

The issue is a result of the way IIS parses file names. The fix involves IIS supporting NTFS alternate data streams by asking Windows NT to make the file name canonical.

Q188806

Affected Products:

• Internet Information Server 3.0
  • Windows NT4 Service Pack 3

Patch: iis3fixi.exe

• ftp://ftp.microsoft.com/bussys/IIS/iis-public/fixes/usa/security/

Q188806

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 3
• Personal Web Server 4.0

Patch: iis4fixi.exe

• ftp://ftp.microsoft.com/bussys/IIS/iis-public/fixes/usa/security/

---

MS98-004 - Unauthorized ODBC Data Access with RDS and IIS

Posted: 1998/07/14

The risk of security vulnerability caused by the DataFactory is even greater if newer OLE DB Providers are installed on the server. "Microsoft DataShape Provider" and "Microsoft JET OLE DB provider" (which ship with MDAC 2.0 in Visual Studio? 98) allow shell commands to be executed. If the DataFactory is enabled on such a server, Internet clients can use these providers to execute shell commands, which can potentially bring down the server or otherwise severely affect its performance.

Q184375

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Internet Information Server 3.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Q184375

• http://support.microsoft.com/support/kb/articles/q184/3/75.asp

---

MS98-005 - Unwanted Data Issue with Office 98 for the Macintosh

Posted: 1998/07/17

The Mac OS, like many other Operating System (OS) file systems does not erase files when you delete them, it simply removes a reference to them in the disk's catalog, and marks the space they occupied as free. Office 98 does not clear the disk space when the Mac OS allocates it during a File Save operation. Instead, Office 98 simply writes the file contents to the allocated disk space, overwriting any random data that physically existed on the disk. Since the Mac OS allocates the disk space in set chucks, called clusters, the small amount of unused space at the end of the file's last cluster may contain random data from previously deleted files. The data cannot be viewed when opened as a native Office file. However, an ASCII text editor can be used to view the extraneous data. The chance that sensitive data will be transferred through this bug is unlikely, since multiple unusual scenarios must occur.

Affected Products:

• Office 98 for Macintosh
  • Office 98 for Macintosh Gold

Patch: 98-005

• http://www.microsoft.com/technet/security/bulletin/ms98-005.asp

---

MS98-006 - Potential Denial-of-Service in IIS FTP Server due to Passive Connections

Posted: 1998/07/23

When multiple passive connections are made to a single FTP server through the PASV FTP command, it is possible to use up all available system threads for servicing clients. Once this happens, requests for additional connections will fail as discussed above, and will continue to fail until a client thread is again available. Further, the FTP and WWW services on a computer share a common thread pool, and exhausting the FTP thread pool will also cause a failure in connection requests for the WWW service.

Q189262

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 3

Patch: ftpfix4i.exe

• ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/iis4-ftpfix/ftpfix4i.exe

Q189262

Affected Products:

• Internet Information Server 3.0
  • Windows NT4 Service Pack 3

Patch: ftpfix3i.exe

• ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/ftp-fix/ftpfix3i.exe

---

MS98-007 - Potential SMTP and NNTP Denial-of-Service Vulnerabilities

Posted: 1998/07/24

This issue involves a denial of service vulnerability that can potentially be used by someone with malicious intent to unexpectedly cause multiple components of the Microsoft Exchange Server to stop.

Q188369

Affected Products:

• Exchange Server 5.0
  • Exchange Server 5.0 SP1
  • Exchange Server 5.0 SP2

Patch: psp2stri.exe

• ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.0/Post-SP2-STORE/

Q188341

Affected Products:

• Exchange Server 5.0
  • Exchange Server 5.0 SP1
  • Exchange Server 5.0 SP2

Patch: psp2imsi.exe

• ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.0/Post-SP2-IMS/

Q188341

Affected Products:

• Exchange Server 5.5
  • Exchange Server 5.5 Gold

Patch: MS98-007

• http://www.microsoft.com/technet/security/bulletin/ms98-007.asp

---

MS98-008 - Long file name Security Issue affecting Microsoft Outlook 98 and Microsoft Outlook Express 4.x

Posted: 1998/07/27

When the email client receives a malicious mail or news message that contains an attachment with a very long filename, it could cause the email client to shut down unexpectedly. These very long filenames do not normally occur in mail or news messages, and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious email message to run arbitrary computer code contained in the long string.

Affected Products:

• Outlook 98
  • Outlook 98 Gold

Patch: outptch2.exe

• http://officeupdate.microsoft.com/downloadDetails/outptch2.htm

Affected Products:

• Outlook Express 4.01
  • Internet Explorer 4.01 SP1
  • Internet Explorer 4.01 Gold

Patch: oelong

• http://www.microsoft.com/windows/ie/security/oelong.asp

---

MS98-009 - Windows NT Privilege Elevation Attack

Posted: 1998/07/27

In this attack, a non-administrative user obtains administrative access to the system by virtue of being able to gain debug-level access on a system process.

Q190288

Affected Products:

• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 3

Patch: privfixi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/priv-fix/privfixi.exe

---

MS98-010 - Information on the Back Orifice Program

Posted: 1998/08/04

It is unclear from the author's statements what "Back Orifice" is intended to do. In the press release that accompanied its release, "Back Orifice" is alternately described as an administrative tool or as something that demonstrates some security vulnerability in the Windows platform. Potential threads: Remotely controlling and monitoring a computer running Windows Reading everything that the user types at the keyboard Capturing images that are displayed on the monitor Uploading and downloading files remotely Redirecting information to a remote Internet site

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5
• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: MS98-010

• http://www.microsoft.com/technet/security/bulletin/ms98-010.asp

---

MS98-011 - Window.External JScript Vulnerability in Microsoft Internet Explorer 4.0

Posted: 1998/08/17

Microsoft Internet Explorer 4.0, 4.01, and 4.01 SP1 use the JScript Scripting Engine version 3.1 to process scripts on a Web page. When Internet Explorer encounters a web page that uses JScript script to invoke the Window.External function with a very long string, Internet Explorer could terminate. Long strings do not normally occur in scripts and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious script message to run arbitrary computer code contained in the long string.

Q191200

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 Gold
  • Internet Explorer 4.01 SP1
• Internet Explorer 4.0
  • Internet Explorer 4.0 Gold

Patch: jscript.asp

• http://www.microsoft.com/windows/ie/security/jscript.asp

---

MS98-013 - Internet Explorer Cross Frame Navigate Vulnerability

Posted: 1998/09/04

The Cross Frame Navigate issue involves a vulnerability in Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for a malicious Web site operator to read the contents of files on your computer.

Q168485

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 Gold
  • Internet Explorer 4.01 SP1
• Internet Explorer 4.0
  • Internet Explorer 4.0 Gold

Patch: xframe.asp

• http://www.microsoft.com/windows/ie/security/xframe.asp

---

MS98-015 - Untrusted Scripted Paste Issue in Microsoft Internet Explorer 4.01

Posted: 1998/10/16

The "Untrusted Scripted Paste" issue involves a vulnerability in Internet Explorer that could allow a malicious web site operator to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for the operator to read the contents of a file on the user's computer if he knows the exact name and path of the targeted file. This could also be used to view the contents of a file on the user's network, if the user has access to it and the malicious operator knows its direct path name

Q169245

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 Gold
  • Internet Explorer 4.01 SP1

Patch: paste.asp

• http://www.microsoft.com/windows/ie/security/paste.asp

---

MS98-016 - Dotless IP Address Issue in Microsoft Internet Explorer 4

Posted: 1998/10/23

The "Dotless IP Address" issue involves a vulnerability in Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for a malicious web site operator to misrepresent the URL of an Internet web site and make it appear as if the machine is on the user's "Local Intranet Zone". Internet Explorer has the ability to set security settings differently between different zones. By this means, a malicious site could potentially perform actions that had been disabled in the Internet Zone or Restricted Sites Zone, but is permitted in the Local Intranet Zone

Q168617

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP1

Patch: dotless.asp

• http://www.microsoft.com/windows/ie/security/dotless.asp

---

MS98-019 - IIS GET Vulnerability

Posted: 1998/12/21

This vulnerability involves the HTTP GET method, which is used to obtain information from an IIS web server. Specially-malformed GET requests can create a denial of service situation that consumes all server resources, causing a server to "hang." In some cases, the server can be put back into service by stopping and restarting IIS; in others, the server may need to be rebooted.

Q192296

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4

Patch: infget4i.exe

• ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/Infget-fix/infget4i.exe

Q192296

Affected Products:

• Internet Information Server 3.0
  • Windows NT4 Service Pack 4

Patch: infget3i.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP4/archive/Infget-fix/

---

MS98-018 - Excel CALL Vulnerability

Posted: 1998/12/10

Excel generates a warning to the user before running macros, including those containing the CALL function, and allows the user to decide whether or not to run them. However, Excel does not generate a warning before executing worksheet functions, and if used in this manner, CALL could be used to call an external DLL without a warning to the user. An attacker could exploit this functionality by embedding a CALL function within an Excel spreadsheet and sending it to an unwary user. The attacker would be able to control whether the CALL function fired when the victim opened the spreadsheet or when another event occurred.

Q196791

Affected Products:

• Office 97
  • Office 97 SR-2/SR-2b
• Excel 97
  • Office 97 SR-2/SR-2b

Patch: Xl8p9pkg

• http://officeupdate.microsoft.com/downloadDetails/Xl8p9pkg.htm

---

MS98-020 - Frame Spoof Vulnerability

Posted: 1998/12/23

This vulnerability exists because Internet Explorer's cross domain protection does not extend to navigation of frames. This makes it possible for a malicious web site to insert content into a frame within another web site's window. If done properly, the user might not be able to tell that the frame contents were not from the legitimate site, and could be tricked into providing personal data to the malicious site. Non-secure (HTTP) and secure (HTTPS) sites are equally at risk from this vulnerability.

Q167614

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP1

Patch: spoof.asp

• http://www.microsoft.com/windows/ie/security/spoof.asp

---

MS98-017 - Named Pipes Over RPC Vulnerability

Posted: 1998/11/19

The underlying problem is the way that Windows NT 4.0 attempts to shut down invalid named pipe RPC connections. An attacker could exploit this problem to create a denial of service condition by opening multiple named pipe connections and sending random data. When the RPC service attempts to close the invalid connections, the service consumes all CPU resources and memory use grows considerably, which may result in the system hanging. This is a denial of service vulnerability only; there is no risk of compromise or loss of data from the attacked system.

Q195733

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 4

Patch: nprpcfxi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP4/archive/nprpc-fix/

---

MS98-012 - Updates available for Security Vulnerabilities in Microsoft PPTP

Posted: 1998/08/18

The Microsoft implementation of PPTP uses MS-CHAP for user authentication and Microsoft Point-to-Point Encryption (MPPE) to protect the confidentiality of user data. Potential vulnerabilities addressed by these updates include: Dictionary attack against the LAN Manager authentication information Password theft PPTP server spoofing Reuse of MPPE session keys

Q189771

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1

Patch: dun40.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/pptp3-fix/

Q189595

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 3
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3

Patch: pptpfixi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/pptp3-fix/

Q189594

Affected Products:

• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3

Patch: rrasfixi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP3/rras30-fix/

Q154091

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5

Patch: msdun13.exe

• ftp://ftp.microsoft.com/softlib/mslfiles/msdun13.exe

---

MS98-014 - RPC Spoofing Denial of Service on Windows NT

Posted: 1998/09/29

It is possible for a malicious attacker to send spoofed RPC datagrams to UDP destination port 135 so that it appears as if one RPC server sent bad data to another RPC server. The second server returns a REJECT packet and the first server (the spoofed server) replies with another REJECT packet creating a loop that is not broken until a packet is dropped, which could take a few minutes. If this spoofed UDP packet is sent to multiple computers, a loop could possibly be created, consuming processor resources and network bandwidth

Q193233

Affected Products:

• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 3

Patch: snk-fixi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3/snk-fix/snk-fixi.exe

Q193233

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT 4 Terminal Server Gold

Patch: Snk-fixi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40TSE/hotfixes-postSP3/Snk-fix/

---

MS99-001 - Exposure in Forms 2.0 TextBox Control that allows data to be read from user's Clipboard

Posted: 1999/01/21

A malicious hacker could use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a web site set up by the malicious hacker or opens a HTML email created by the malicious hacker.

Q214757

Affected Products:

• Office 97
  • Office 97 SR-2/SR-2b
• Outlook 98
  • Office 97 SR-2/SR-2b
• Project 98
  • Office 97 SR-2/SR-2b
• Visual Basic 5.0
  • Visual Basic 5.0 Gold
• Word 97
  • Office 97 SR-2/SR-2b
• Excel 97
  • Office 97 SR-2/SR-2b
• PowerPoint 97
  • Office 97 SR-2/SR-2b

Patch: fm2paste.exe

• http://officeupdate.microsoft.com/downloaddetails/fm2paste.htm

---

MS99-002 - Word 97 Template Vulnerability

Posted: 1999/01/21

A standard safety feature of Word 97 is that it warns users when a document containing macros is opened; however, if that document does not itself contain macros, but rather is linked to a template that does contains macros, no warning is issued. A malicious hacker could exploit this vulnerability to cause malicious macro code to run without warning if a user opens a Word document attached to an email sent by the malicious hacker, or if the user opens a Word document on a web site controlled by the malicious hacker. This malicious macro could possibly be used to damage or retrieve data on a user's system.

Q214652

Affected Products:

• Word 97
  • Office 97 SR-2/SR-2b

Patch: Wd97SP.EXE

• http://officeupdate.microsoft.com/downloaddetails/wd97sp.htm

---

MS99-003 - IIS Malformed FTP List Request Vulnerability

Posted: 1999/02/03

It is noteworthy that the "list" command is only available to users after they have authenticated to the server. As a result, only users who are authorized to use the server would be able to mount such an attack, and their presence on the server could be logged if the owner of the site chose to do so. However, many sites provide guest accounts, and this could allow a malicious user to attack the server anonymously.

Q188348

Affected Products:

• Internet Information Server 3.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4

Patch: ftpls3i.exe

• ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/ftpls-fix/ftpls3i.exe

Q188348

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4

Patch: ftpls4i.exe

• ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/ftpls-fix/ftpls4i.exe

---

MS99-007 - Taskpads Scripting Vulnerability

Posted: 1999/02/22

A vulnerability exists because certain methods provided by Taskpads are incorrectly marked as "safe for scripting" and can be misused by a web site operator to invoke executables on a visiting user's workstation without their knowledge or permission.

Q218619

Affected Products:

• Windows 98 Resource Kit
  • Windows 98 Resource Kit Gold
• Windows 98 Resource Kit Sampler
  • Windows 98 Resource Kit Sampler Gold

Patch: tmcpatch.exe

• ftp://ftp.microsoft.com/reskit/win98/taskpads/tmcpatch.exe

Q218619

Affected Products:

• BackOffice Resource Kit SE
  • BackOffice Resource Kit SE Gold

Patch: itmcpatch.exe

• ftp://ftp.microsoft.com/reskit/nt4/x86/taskpads/itmcpatch.exe

---

MS99-010 - File Access Vulnerability in Personal Web Server

Posted: 1999/03/26

This vulnerability allows a file request that uses a non-standard URL to bypass the server's normal file access controls. The file must be specifically requested by name, so the requester would need to know the name of the file or correctly guess it. The vulnerability would allow files on the server to be read, but not changed or deleted, and would not allow new files to be written to the server.

Q216453 (FP98)

Affected Products:

• Personal Web Server 4.0
  • Personal Web Server 4.0 Gold

Patch: Pwssecup.exe

• http://officeupdate.microsoft.com/downloadDetails/pwssecup.htm

Q216453 (FP98)

Affected Products:

• FrontPage 98 Personal Web Server 1.0

Patch: fppws98.exe

• http://office.microsoft.com/downloadDetails/fppws98.htm

Q216453 (FP98)

Affected Products:

• FrontPage 97 Personal Web Server 1.0
  • FrontPage 97 Personal Web Server 1.0 Gold

Patch: Q217765

• http://support.microsoft.com/support/kb/articles/q217/7/65.asp

---

MS99-005 - BackOffice Server 4.0 Does Not Delete Installation Setup File

Posted: 1999/02/12

When a user chooses to install SQL Server, Exchange Server or Microsoft Transaction Server as part of a BackOffice 4.0 installation, the BackOffice installer program requests the name and password for the accounts associated with these services. Specifically, it asks for the account name and password for the SQL Executive Logon account, the Exchange Services Account, and the MTS Remote Administration Account. These values are stored in %systemdrive>\Program Files\Microsoft Backoffice\Reboot.ini, and used to install the associated services. BackOffice Server does not erase this file when the installation process is completed. This is true regardless of whether the installation process completes successfully or unsuccessful

Q217004

Affected Products:

• BackOffice Server 4.0

Patch: Q217004

• http://support.microsoft.com/support/kb/articles/q217/0/04.asp

---

MS99-004 - Authentication Processing Error in Windows NT 4.0 Service Pack 4

Posted: 1999/02/08

The logic error in Service Pack 4 incorrectly allows a null "NT hash" value to be used for authentication from Windows NT systems. The result is that if a user account's password was last changed from a DOS, Windows 3.1, Windows for Workgroups, OS/2 or Macintosh client, a user can logon into that account from a Windows NT system using a blank password.By far the most likely machines to be affected by this vulnerability would be domain controllers running Windows NT 4.0 SP 4, in networks that contain any of the downlevel clients listed above. However, any server or workstation running Windows NT 4.0 SP 4 that contains a SAM database with active users who communicate from downlevel clients would be vulnerable to this problem.

Q214840

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 4
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 4

Patch: msv-fixi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP4/archive/msv1-fix/

---

MS99-006 - Windows NT Known DLLs List Vulnerability

Posted: 1999/02/19

In Windows NT, core operating system DLLs are kept in virtual memory and shared between the programs running on the system. This is done to avoid having redundant copies of the DLLs in memory, and improves memory usage and system performance. When a program calls a function provided by one of these DLLs, the operating system references a data structure called the KnownDLLs list to determine the location of the DLL in virtual memory. The Windows NT security architecture protects in-memory DLLs against modification, but by default it allows all users to read from and write to the KnownDLLs list. This is the root problem underlying the vulnerability.A user can programmatically load into memory a malicious DLL that has the same name as a system DLL, then change the entry in the KnownDLLs list to point to the malicious copy. From that point forward, programs that request the system DLL will instead be directed to the malicious copy. When called by a program with sufficiently high privileges, it could take any desired action, such as adding the malicious user to the Administrators group.It is important to understand that the user must able to run exploitation code on a machine in order to elevate their privileges. There are two types of machines at risk:Machines that allow non-administrative users to interactively log on. Workstation and terminal servers typically do allow this, but, per standard security practices, most other servers only allow administrators to interactively log on.

Q218473

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 4
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 4

Patch: Smss-fixi

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP4

---

MS99-008 - Windows NT Screen Saver Vulnerability

Posted: 1999/03/12

Windows NT provides a screen saver feature, in which a user-selected screen saver program is run when the machine has been idle for a specified length of time. Windows NT initially launches a screen saver in the local system context, then immediately changes its security context to match that of the user. However, Windows NT does not check whether this context change was successfully made. This is the underlying problem in this vulnerability. If the context change can be made to fail, the screen saver will remain running in a highly-privileged state. The risk is that a malicious user could develop a screen saver program that, for example, uses the elevated privileges to add the author to the Administrators group.It is important to understand that the user must able to run exploitation code on a machine in order to elevate their privileges.

Q221991

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 4
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 4

Patch: Scrnsavi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP4

Q221991

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT 4 Terminal Server Gold

Patch: Scrnsavi.Exe

• http://urlplaceholder

---

MS99-009 - Malformed Bind Request Vulnerability

Posted: 1999/03/16

The Bind function in the Exchange 5.5 Directory Service has an unchecked buffer that poses two threats to safe operation. The first is a denial of service threat. A malformed Bind request could overflow the buffer, causing the Exchange Directory service to crash. The server would not need to be rebooted, but the Exchange Directory service, and possibly dependent services as well, would need to be restarted in order to resume messaging service. The second threat is more esoteric and would be far more difficult to exploit. A carefully-constructed Bind request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither attack could occur accidentally.

Q221989

Affected Products:

• Exchange Server 5.5
  • Exchange Server 5.5 SP2

Patch: PSP2DIRI.EXE

• ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/PostSP2/DIR-fix/PSP2DIRI.EXE

---

MS99-013 - File Viewers Vulnerability

Posted: 1999/05/07

Microsoft Site Server and Internet Information Server include tools that allow web site visitors to view selected files on the server. These are installed by default under Site Server, but must be explicitly installed under IIS. These tools are provided to allow users to view the source code of sample files as a learning exercise, and are not intended to be deployed on production web servers. The underlying problem in this vulnerability is that the tools do not restrict which files a web site visitor can view.

Q232449

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5

Patch: fix2450i.exe

• ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/

Q231368

Affected Products:

• Site Server 3.0, Commerce Edition
  • Site Server 3.0 Gold
  • Site Server 3.0 SP1
  • Site Server 3.0 SP2

Patch: viewfixi.exe

• ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3/hotfixes-postsp2/Viewcode-fix/

---

MS99-015 - Malformed Help File Vulnerability

Posted: 1999/05/17

The Windows Help utility parses and displays help information for applications. The help information is contained in files of several types that are generated by the Help Compiler (part of the AppWizard utility), and is stored by default in the WINNT\help folder. By default, users can write to this folder. An unchecked buffer exists in the Help utility, and a help file that has been carefully modified could be used to execute arbitrary code on the local machine via a classic buffer overrun technique. Because the Help Compiler's output files do not generate the specific malformation at issue here, this vulnerability could not be accidentally exploited.

Q231605

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: winhlp-i.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP5/winhlp32-fix

---

MS99-016 - Malformed Phonebook Entry Vulnerability

Posted: 1999/05/20

The component of the RAS client that processes phonebook entries has an unchecked buffer. This results in a vulnerability that poses two threats to safe operation. The first is a denial of service threat; a malformed phonebook entry could overflow the buffer, causing the RAS client service to crash. The second is more esoteric and would be far more difficult to exploit. A carefully-constructed phonebook entry could cause arbitrary code to execute on the client via a classic buffer overrun technique. Neither variant could be exploited accidentally.It is important to stress that the vulnerability affects RAS client machines, not RAS servers, and that the user must have permission to add or modify phonebook entries in order to mount the attack. (Permissions can be set via the phonebook's ACL). The machines primarily at risk from this vulnerability are workstations that are configured to dial out to other systems, because servers, including terminal servers, are not typically configured to act as RAS clients. It also is important to note that this vulnerability would affect only the local machine; there is no capability to directly attack a remote machine via this vulnerability.

Q230677

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5

Patch: rasffixi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP5/RAS-fix/

---

MS99-017 - RAS and RRAS Password Vulnerability

Posted: 1999/05/27

When the client software for Microsoft RAS or RRAS is used to dial into a server, a dialogue requests the user's userid and password for the server. On the same dialogue is a checkbox whose caption reads ";Save password"; and which is intended to provide the user with the option to cache their security credentials if desired. However, the implemented client functionality actually caches the user's credentials regardless of whether the checkbox is selected or de-selected.Cached security credentials, which include the password, are stored and encrypted in the registry and protected by ACLs whose default values authorize only local administrators and the owner of the credentials to access them. Windows NT 4.0 Service Pack 4 also provides the ability to strongly encrypts the password data stored in the registry using the SYSKEY feature

Q230681

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: raspassword-fix

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/raspassword-fix/

Q233303

Affected Products:

• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: rpwdfixi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/rraspassword-fix/

---

MS99-020 - Malformed LSA Request Vulnerability

Posted: 1999/06/23

Windows NT provides the ability to manage user privileges programmatically via the Local Security Authority (LSA) API. The API allows a program to query user names, modify privileges, and change other elements of the security policy, subject to the program's authorizations. Calls to the LSA API can be made from either the local machine or remotely via RPC.Certain API methods do not correctly handle certain types of invalid arguments. The vulnerability is a denial of service threat only, and service can be restored by restarting the machine. There is no capability to use this vulnerability to obtain unauthorized services from LSA.

Q231457

Affected Products:

• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 5

Patch: lsareqi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP5/LSA3-fix/

---

MS99-021 - CSRSS Worker Thread Exhaustion Vulnerability

Posted: 1999/06/23

If all worker threads in CSRSS.EXE are occupied awaiting user input, no other requests can be serviced, effectively causing the server to hang. When user input is provided, processing returns to normal.

Q233323

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: csrssfxi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/CSRSS-fix/

---

MS99-023 - Malformed Image Header Vulnerability

Posted: 1999/06/30

If an executable file with a specially-malformed image header is executed, it will cause a system failure. The affected machine will need to be rebooted in order to place it back in service. Any work that was in progress when the machine crashed could be lost.

Q234557

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 4
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 4

Patch: krnlifxi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP4/Kernel-fix/

Q234557

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT 4 Terminal Server Gold

Patch: Krnlifxi.exe

• http://urlplaceholder

---

MS99-024 - Unprotected IOCTLs Vulnerability

Posted: 1999/07/06

On a terminal server, such a program could disable the keyboard and mouse on the console.

Q236359

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: ioctlfxi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/ioctl-fix

Q236359

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 4

Patch: Ioctlfxi.exe

• http://urlplaceholder

---

MS99-025 - Unauthorized Access to IIS Servers through ODBC Data Access with RDS

Posted: 1999/07/17

The RDS DataFactory object, a component of Microsoft Data Access Components (MDAC), exposes unsafe methods. When installed on a system running Internet Information Server 3.0 or 4.0, the DataFactory object may permit an otherwise unauthorized web user to perform privileged actions, including: Allowing unauthorized users to execute shell commands on the IIS system as a privileged user. On a multi-homed Internet-connected IIS system, using MDAC to tunnel SQL and other ODBC data requests through the public connection to a private back-end network. Allowing unauthorized accessing to secured, non-published files on the IIS system.

Q184375

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Internet Information Server 3.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Q184375

• http://support.microsoft.com/support/kb/articles/q184/3/75.asp

---

MS99-026 - Malformed Dialer Entry Vulnerability

Posted: 1999/07/29

Dialer.exe has an unchecked buffer in the portion of the program that processes the dialer.ini file. This vulnerability could be used to run arbitrary code via a classic buffer overrun technique.The circumstances of this vulnerability require a fairly complicated attack scenario that limits its scope. Dialer.exe runs in the security context of the user, so it would not benefit an attacker to simply modify a dialer.ini file and run it, as he or she would not gain additional privileges. Instead, the attacker would need to modify the dialer.ini file of another user who had higher privileges, then wait for that user to run Dialer.Although the unchecked buffer is present in all versions of Windows NT 4.0, the attack scenario would result in workstations that have dial-out capability being chiefly at risk. The FAQ discusses this in greater det

Q237185

Affected Products:

• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: dialrfxi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP5/dialer-fix/

Q237185

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 4

Patch: Dialrfxi.exe

• http://urlplaceholder

---

MS99-027 - Encapsulated SMTP Address Vulnerability

Posted: 1999/08/06

Exchange Server implements features designed to defeat "mail relaying", a practice in which an attacker causes an e-mail server to forward mail from the attacker, as though the server were the sender of the mail. However, a vulnerability exists in this feature, and could allow an attacker to circumvent the anti-relaying features in an Internet-connected Exchange Server. The vulnerability lies in the way that site-to-site relaying is performed via SMTP. Encapsulated SMTP addresses could be used to send mail to any desired e-mail address.

Q237927

Affected Products:

• Exchange Server 5.5
  • Exchange Server 5.5 SP2

Patch: psp2imci.zip

• ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/PostSP2/imc-fix/

---

MS99-028 - Terminal Server Connection Request Flooding Vulnerability

Posted: 1999/08/09

When a request to open a new terminal connection is received by a Terminal Server, the server undertakes a resource-intensive series of operations to prepare for the connection. It does this before authenticating the request. This would allow an attacker to mount a denial of service attack by levying a large number of bogus connection requests and consuming all memory on the Terminal Server. This vulnerability could be exploited remotely if connection requests are not filtered. In extreme cases, the server could crash in the face of such an attack; in other cases, normal processing would return when the attack ceased. The patch works by causing the server to require authentication before processing the connection request.

Q228724

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 4
  • Windows NT4 Terminal Server Service Pack 5

Patch: tsmemfxi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40tse/hotfixes-postSP4/flood-fix/

---

MS99-029 - Malformed HTTP Request Header Vulnerability

Posted: 1999/08/11

If multiple HTTP requests containing specially-malformed headers are sent to an affected server, IIS may consume all memory on the server. If this happens, IIS would be unable to service requests until either the clients that issued the requests were closed, or the IIS service were stopped and restarted. Once either of these actions have occurred, normal service would be restored.

Q238606

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5

Patch: vdext4i.exe

• ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/HDBRK-fix/

---

MS99-031 - 「仮想マシン サンドボックス」の脆弱性に対する対策

Posted: 1999/8/25

JP414294

Affected Products:

• Microsoft Virtual Machine (VM)
  • Microsoft Virtual Machine (VM) Gold
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold
• Internet Explorer 4.0
  • Internet Explorer 4.0 Gold
  • Internet Explorer 4.01 SP1
  • Internet Explorer 4.01 SP2
• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: msjavx86.exe

• http://www.microsoft.com/java/vm/dl_vm40.htm

---

MS99-034 - 「断片化された IGMP パケット」の脆弱性に対する対策

Posted: 2000/3/16

JP238329

Affected Products:

• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: igmpfixi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40TSE/hotfixes-postSP4/igmp-fix/

JP238329

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 4
  • Windows NT4 Terminal Server Service Pack 5

Patch: Igmpfixi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40TSE/hotfixes-postSP4/igmp-fix/

JP238329

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5

Patch: 238453US5.exe

• http://www.microsoft.com/windows95/downloads/contents/WUCritical/SRPoint/default.asp

JP238329

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: 238453US8.EXE

• http://www.microsoft.com/windows98/downloads/contents/WUCritical/SRPoint/default.asp

---

MS99-036 - 「Windows NT 4.0 が無人インストール ファイルを削除しない」ことによる脆弱性に対する対策

Posted: 1999/9/10

JP158484

Affected Products:

• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6
  • Windows NT4 Terminal Server Service Pack 4
  • Windows NT4 Terminal Server Service Pack 5

Patch: MS99-036

• http://www.microsoft.com/technet/security/bulletin/ms99-036.asp

---

MS99-038 - 「パケットの不正情報によりソースルーティングが有効になる」脆弱性に対する対策

Posted: 2000/4/6

JP238453

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5

Patch: ipsrfixi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP5/spoof-fix/

---

MS99-039 - 「ドメイン解決」、「FTPダウンロード」の脆弱性に対する対策

Posted: 1999/9/23

JP241805

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: iprftp4i.exe

• ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/IIS40/hotfixes-postSP6/security/IPRFTP-fix/

Q241805

Affected Products:

• Microsoft Commercial Internet System 2.5
  • Microsoft Commercial Internet System 2.5 Gold

Patch: q242559.exe

• ftp://ftp.microsoft.com/bussys/mcis/mcis-public/fixes/usa/mcis25/security/ftpsvc-fix/

---

MS99-041 - 「RASMAN セキュリティ記述子」の脆弱性に対する対策

Posted: 1999/9/30

JP242294

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6
  • Windows NT4 Terminal Server Service Pack 5

Patch: fixrasi.exe

• ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/Hotfixes-PostSP6/Security/rasman-fix/

---

MS99-045 - 「仮想マシン ベリファイア」の脆弱性に対する対策

Posted: 1999/10/21

JP244283

Affected Products:

• Microsoft Virtual Machine (VM)
  • Microsoft Virtual Machine (VM) Gold
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold
• Internet Explorer 4.0
  • Internet Explorer 4.0 Gold
  • Internet Explorer 4.01 SP1
  • Internet Explorer 4.01 SP2
• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: msjavx86.exe

• http://www.microsoft.com/java/vm/dl_vm40.htm

---

MS99-046 - 「TCP/IP のシーケンス番号が予測できてしまう」脆弱性 に対する対策

Posted: 2000/3/30

JP243835

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5

Patch: q243835sp5i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16763

JP243835

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: q243835i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16764

JP243835

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 4
  • Windows NT4 Terminal Server Service Pack 5

Patch: Q243835i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20589

---

MS99-047 - 「改ざんされたスプーラ リクエスト」の脆弱性に対する対策

Posted: 1999/11/4

JP243649

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Q243649.exe

• http://download.microsoft.com/download/winntsrv40/Patch/Spooler-fix/NT4/EN-US

---

MS99-050 - 「サーバー側参照リダイレクト」の脆弱性に対する対策

Posted: 2000/1/5

JP246094

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2

Patch: q246094.exe

• http://www.microsoft.com/windows/ie/security/servredir.asp

JP256094

Affected Products:

• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: Q246094.exe

• http://www.microsoft.com/windows/ie/security/servredir.asp

---

MS99-055 - 「リソース カタログ要求に対し改ざんされた引数が渡された場合」の脆弱性に対する対策

Posted: 2000/2/28

JP246045

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: Q246045.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16382

---

MS99-056 - 「 Syskey がキーストリームを再使用する」の脆弱性に対する対策

Posted: 2000/2/28

JP248183

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: Q248183.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16798

JP248183

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 5
  • Windows NT4 Terminal Server Service Pack 4

Patch: Q248183ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS99-057 - 「SID に無効な引数が渡された場合」の脆弱性に対する対策

Posted: 2000/2/28

JP248185

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: Q248183.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16798

---

MS00-001 - 「不正な IMAP リクエスト 」の脆弱性に対する対策

Posted: 2000/1/6

JP246731

Affected Products:

• Microsoft Commercial Internet System 2.0
  • Microsoft Commercial Internet System 2.0 Gold
• Microsoft Commercial Internet System 2.5
  • Microsoft Commercial Internet System 2.5 Gold

Patch: q246731engi.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17124

---

MS00-002 - 「不正なコンバージョン データ」の脆弱性に対する対策

Posted: 2000/1/21

J052251

Affected Products:

• Word 98
  • Word 98 Gold
• PowerPoint 98
  • PowerPoint 98 Gold
• Word 97
  • Word 97 Gold

Patch: WW5Pkg.exe

• http://officeupdate.microsoft.com/downloaddetails/ww5pkg.htm

J052251

Affected Products:

• Word 2000
  • Word 2000 Gold
• PowerPoint 2000
  • PowerPoint 2000 Gold

Patch: WW5pkg.exe

• http://officeupdate.microsoft.com/2000/downloaddetails/ww5pkg.htm

---

MS00-003 - 「偽装 LPC ポート リクエスト」の脆弱性に対する対策

Posted: 2000/2/28

JP247869

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5

Patch: Q247869i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17382

---

MS00-004 - 「RDISK レジストリ情報ファイル」の脆弱性に対する対策

Posted: 2000/1/31

JP249108

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Terminal Server Service Pack 4

Patch: Q249108i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17745

JP249108

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6
  • Windows NT4 Terminal Server Service Pack 5
  • Windows NT4 Terminal Server Service Pack 4

Patch: q249108i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17384

---

MS00-005 - 「RTF のコントロール ワードが改ざんされた場合」の脆弱性に対する対策

Posted: 2000/3/6

JP249973

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: Q249973i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17510

JP249973

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.5
  • Windows 95 SR 2.1

Patch: 249973USA5.exe

• http://www.microsoft.com/windows95/downloads/contents/WUCritical/rtfcontrol/Default.asp

JP249973

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: 249973USA8.exe

• http://www.microsoft.com/windows98/downloads/contents/WUCritical/rtfcontrol/Default.asp

Q249973

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 5

Patch: q249973ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS00-006 - 「Hit-Highlighting 引数の形式不良」の脆弱性に対する対策

Posted: 2000/2/1

JP251170

Affected Products:

• Indexing Services for Windows 2000
  • Windows 2000 Gold
• Internet Information Services 5.0
  • Windows 2000 Gold
• Windows 2000 Professional
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Gold

Patch: Q251170_W2K_SP1_X86_en.EXE

• http://www.microsoft.com/downloads/release.asp?ReleaseID=17726

JP252463

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Index Server 2.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Q252463i.EXE

• http://www.microsoft.com/downloads/release.asp?ReleaseID=17727

JP252463

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q252463ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS00-007 - 「ごみ箱作成に伴う」脆弱性に対する対策

Posted: 2000/3/6

JP248399

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5

Patch: q248399i.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=22155

JP248399

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q248399ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS00-008 - 「レジストリ値のアクセス権」の脆弱性に対する対策

Posted: 2000/3/10

JP259496

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q259496i.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=20330

---

MS00-011 - 「VM ファイル参照 問題」の脆弱性に対する対策

Posted: 2000/2/21

JP253562

Affected Products:

• Microsoft Virtual Machine (VM)
  • Microsoft Virtual Machine (VM) Gold
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5
• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold
• Windows Me
  • Windows Me Gold

Patch: msjavx86.exe

• http://www.microsoft.com/java/vm/dl_vm40.htm

JP287030

Affected Products:

• Microsoft Virtual Machine (VM)
  • Windows 2000 Service Pack 1
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
• Windows 2000 Professional
  • Windows 2000 Service Pack 1
• Windows 2000 Server
  • Windows 2000 Service Pack 1

Patch: Q287030_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q287030/download.asp

---

MS00-021 - 「改ざんされた TCP/IP 印刷リクエスト」の脆弱性 に対する対策

Posted: 2000/4/3

JP257870

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5

Patch: Q257870i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20015

JP257870

Affected Products:

• Windows 2000 Advanced Server
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Gold
• Windows 2000 Professional
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Gold

Patch: Q257870_W2K_SP1_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=19884

JP257870

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q257870ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS00-020 - 「デスクトップの分割による」脆弱性に対する対策

Posted: 2000/6/20

JP260197

Affected Products:

• Windows 2000 Server
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Gold
• Windows 2000 Professional
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Gold

Patch: q260197_w2k_sp1_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20836

---

MS00-026 - 「オブジェクトに対する属性」の脆弱性に対する対策

Posted: 2000/4/25

JP259401

Affected Products:

• Windows 2000 Server
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Gold

Patch: q259401_w2k_sp1_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20520

---

MS00-027 - 「極端に長い環境文字列を生成する引数が指定された場合」の脆弱性 に対する対策

Posted: 2000/4/25

JP259622

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: q259622i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20494

JP259622

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Gold

Patch: q259622_w2k_sp1_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20503

---

MS00-029 - 「断片化された IP パケットの組み立てなおし」の脆弱性に対する対策

Posted: 2000/5/26

JP259728

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5

Patch: Q259728i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20829

JP259728

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Gold

Patch: Q259728_W2K_SP1_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20827

JP259728

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: q259728i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20830

JP259728

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5

Patch: 259728USA5.EXE

• http://download.microsoft.com/download/win95/update/8070/w95/EN-US/259728USA5.EXE

JP259728

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: 259728USA8.EXE

• http://download.microsoft.com/download/win98/update/8070/w98/EN-US/259728USA8.EXE

---

MS00-032 - 「Protected Store のキー暗号化」の脆弱性に対する対策

Posted: 2000/6/6

JP260219

Affected Products:

• Windows 2000 Server
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Gold
• Windows 2000 Professional
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Gold

Patch: q260219_w2k_sp1_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23332

---

MS00-036 - 「ブラウザからの過度なアナウンス」の脆弱性に対する対策

Posted: 2000/5/30

JP262694

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: Q262694i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21397

JP262694

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q262694_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q262694/download.asp

Q262694

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q262694ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS00-040 - 「リモート レジストリ アクセス認証」の脆弱性に対する対策

Posted: 2000/6/12

JP264684

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: Q264684i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23077

JP264684

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q264684ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS00-047 - 「NetBIOS Name Server Protocol Spoofing」の脆弱性に対する対策

Posted: 2000/8/7

JP269239

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: q269239i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22138

JP269239

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: Q269239_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23370

JP269239

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q269239i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24516

---

MS00-052 - 「Shell の相対パス」の脆弱性に対する対策

Posted: 2000/8/9

JP269049

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4

Patch: Q269049i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23360

JP269049

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: q269049i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23421

JP269049

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: q269049_w2k_sp2_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23359

---

MS00-053 - 「サービス コントロール マネージャの名前付きパイプを利用したなりすまし」の脆弱性に対する対策

Posted: 2000/8/10

JP269523

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q269523_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=23432

---

MS00-057 - 「正規化エラーによる、ファイルへの誤ったアクセス権の適用」の脆弱性に対する対策

Posted: 2000/8/15

JP269862

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: prmcan4i.exe

• http://www.microsoft.com/ntserver/nts/downloads/critical/q269862/xdownload.asp

JP269862

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q269862_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q269862/download.asp

---

MS00-059 - 「Java VM アプレット」の脆弱性に対する対策

Posted: 2000/9/4

JP271752

Affected Products:

• Microsoft Virtual Machine (VM)
  • Microsoft Virtual Machine (VM) Gold
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold
• Windows Me
  • Windows Me Gold

Patch: msjavx86.exe

• http://www.microsoft.com/java/vm/dl_vm40.htm

JP287030

Affected Products:

• Microsoft Virtual Machine (VM)
  • Windows 2000 Service Pack 1
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
• Windows 2000 Server
  • Windows 2000 Service Pack 1
• Windows 2000 Professional
  • Windows 2000 Service Pack 1

Patch: Q287030_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q287030/download.asp

---

MS00-060 - 「IIS クロスサイト スクリプティング」に対する脆弱性を解決する修正プログラム

Posted: 2000/8/30

JP260347

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5

Patch: crsscri.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25534

JP275657

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: Q275657_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q275657/download.asp

---

MS00-062 - 「ローカル セキュリティ ポリシーの破壊」の脆弱性を解決する修正プログラム

Posted: 2000/9/8

JP269609

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Gold

Patch: Q269609_W2K_SP1_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24019

---

MS00-063 - 「無効な URL」の脆弱性に対する対策

Posted: 2000/9/8

JP271652

Affected Products:

• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5

Patch: Q271652i.EXE

• http://www.microsoft.com/ntserver/nts/downloads/critical/q271652/xdownload.asp

JP271652

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5

Patch: Q271652I.EXE

• http://www.microsoft.com/ntserver/nts/downloads/critical/q271652/xdownload.asp

---

MS00-065 - 「静止画像サービスを利用した権限の昇格」の脆弱性に対する対策

Posted: 2000/9/14

JP272736

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: q272736_w2k_sp2_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24200

---

MS00-066 - 「無効な RPC パケット」の脆弱性に対する対策

Posted: 2000/9/26

JP272303

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: q272303_w2k_sp2_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24229

---

MS00-067 - 「Windows 2000 Telnet クライアントの NTLM 認証」の脆弱性に対する対策

Posted: 2000/9/26

JP272743

Affected Products:

• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: q272743_w2k_sp2_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24399

---

MS00-068 - 「OCX コントロールの電子メールへの添付」の脆弱性に対する対策

Posted: 2000/9/29

JP274303

Affected Products:

• Windows Media Player 7.0
  • Windows Media Player 7.0 Gold

Patch: WMSU28412.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24421

---

MS00-069 - 「簡体字中国語用 IME の状態認識」の脆弱性に対する対策

Posted: 2000/10/3

JP270676

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: q270676_w2k_sp2_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24627

---

MS00-070 - 「LPC 呼び出しおよび LPC ポート」の複数にわたる脆弱性に対する対策

Posted: 2000/10/6

JP266433

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: q266433i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24650

JP266433

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: q266433_w2k_sp2_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24649

---

MS00-072 - 「共有レベルのアクセス制限パスワード」の脆弱性に対する対策

Posted: 2000/10/26

JP273991

Affected Products:

• Windows Me
  • Windows Me Gold

Patch: 273991usam.exe

• http://download.microsoft.com/download/winme/Update/11958/WinMe/EN-US/273991USAM.EXE

JP273991

Affected Products:

• Windows 98
  • Windows 98 Gold
• Windows 98 SE
  • Windows 98se Gold

Patch: 273991USA8.EXE

• http://download.microsoft.com/download/win98SE/Update/11958/W98/EN-US/273991USA8.EXE

JP273991

Affected Products:

• Windows 95

Patch: 273991USA5.EXE

• http://download.microsoft.com/download/win95/Update/11958/W95/EN-US/273991USA5.EXE

---

MS00-073 - 「不正な IPX NMPI パケット」 の脆弱性に対する対策

Posted: 2000/10/25

JP273727

Affected Products:

• Windows Me
  • Windows Me Gold

Patch: 273727USAM.EXE

• http://download.microsoft.com/download/winme/Update/11974/WinMe/EN-US/273727USAM.EXE

JP273727

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: 273727USA8.EXE

• http://download.microsoft.com/download/win98/Update/11974/W98/EN-US/273727USA8.EXE

JP273727

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5

Patch: 273727USA5.EXE

• http://download.microsoft.com/download/win95/Update/11974/W95/EN-US/273727USA5.EXE

---

MS00-074 - 「WebTV for Windows のサービス拒否」 の脆弱性に対する対策

Posted: 2000/10/25

JP274113

Affected Products:

• Windows Me
  • Windows Me Gold

Patch: 274113usam.exe

• http://download.microsoft.com/download/winme/Update/12278/WinMe/EN-US/274113USAM.EXE

JP274113

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: 274113USA8.EXE

• http://download.microsoft.com/download/win98SE/Update/12278/W98/EN-US/274113USA8.EXE

---

MS00-076 - 「キャッシュされた Web アカウント情報」の脆弱性に対する対策

Posted: 2000/10/16

JP273868

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP1

Patch: q273868.exe

• http://www.microsoft.com/windows/ie/download/critical/q273868.htm

---

MS00-077 - 「NetMeeting リモート デスクトップ共有」の脆弱性に対する対策

Posted: 2000/10/23

JP273854

Affected Products:

• NetMeeting
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: NM30.EXE

• http://download.microsoft.com/download/netmeeting/SP/3.01/W9XNT4/EN-US/NM30.EXE

JP299796

Affected Products:

• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Professional
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q299796_W2k_SP3_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30963

---

MS00-078 - 「Web サーバー フォルダへの侵入」の脆弱性に対する対策

Posted: 2000/10/20

JP276489

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: prmcan4i.exe

• http://www.microsoft.com/ntserver/nts/downloads/critical/q269862/xdownload.asp

JP276489

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q269862_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q269862/download.asp

---

MS00-079 - 「ハイパーターミナルのバッファ オーバーフロー」の脆弱性に対する対策

Posted: 2000/10/26

JP274548

Affected Products:

• Windows Me
  • Windows Me Gold

Patch: 274548usam.exe

• http://download.microsoft.com/download/winme/Update/12395/WinMe/EN-US/274548USAM.EXE

JP274548

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: 274548USA8.EXE

• http://download.microsoft.com/download/win98/Update/12395/W98/EN-US/274548USA8.EXE

JP276471

Affected Products:

• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Professional
  • Windows 2000 Gold
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1

Patch: Q276471_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29330

JP304158

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Q304158i.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=32239

---

MS00-080 - 「セッション ID クッキーのマーキング」の脆弱性に対する対策

Posted: 2000/11/1

JP274149

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 6a

Patch: secsesi.exe

• http://www.microsoft.com/ntserver/nts/downloads/critical/q274149/download.asp

JP274149

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: Q274149_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q274149/download.asp

---

MS00-081 - 「VM のファイルの読み取り」の脆弱性に対する対策

Posted: 2000/10/30

JP287030

Affected Products:

• Microsoft Virtual Machine (VM)
  • Windows 2000 Service Pack 1
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
• Windows 2000 Professional
  • Windows 2000 Service Pack 1
• Windows 2000 Server
  • Windows 2000 Service Pack 1

Patch: Q287030_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q287030/download.asp

JP277014

Affected Products:

• Microsoft Virtual Machine (VM)
  • Microsoft Virtual Machine (VM) Gold
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold
• Windows Me
  • Windows Me Gold

Patch: msjavx86.exe

• http://www.microsoft.com/java/vm/dl_vm40.htm

---

MS00-082 - 「無効な MIME ヘッダー」の脆弱性に対する対策

Posted: 2000/11/30

JP275714

Affected Products:

• Exchange Server 5.5
  • Exchange Server 5.5 SP3

Patch: Q248838engI.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25443

---

MS00-083 - 「Netmon のプロトコル解析」の脆弱性に対する対策

Posted: 2000/11/7

JP274835

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: Q274835i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25487

JP274835

Affected Products:

• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q274835_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q274835/download.asp

JP273476

Affected Products:

• Systems Management Server 1.2
  • Systems Management Server 1.2 SP4

Patch: Q273476c.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q274835/download.asp

JP273476

Affected Products:

• Systems Management Server 2.0
  • Systems Management Server 2.0 Gold
  • Systems Management Server 2.0 SP1
  • Systems Management Server 2.0 SP2

Patch: Q273476c.exe

• http://www.microsoft.com/Windows2000/downloads/critical/q274835/download.asp

JP274835

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q274835ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS00-084 - 「インデックス サービスのクロスサイト スクリプティング」の脆弱性に対する対策

Posted: 2000/11/7

JP278499

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Internet Information Services 5.0
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Indexing Services for Windows 2000
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q278499_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25517

---

MS00-085 - 「ActiveX におけるパラメータ照合」の脆弱性に対する対策

Posted: 2000/11/8

JP278511

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: Q278511_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532

---

MS00-086 - 「Web サーバーによるファイル要求の解析」の脆弱性に対する対策

Posted: 2000/11/8

JP277873

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5

Patch: arbexei.exe

• http://www.microsoft.com/ntserver/nts/downloads/critical/q277873/download.asp

JP277873

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q277873_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q277873/download.asp

---

MS00-087 - 「ターミナル サーバーへのログオンで発生するバッファ オーバーフロー」の脆弱性に対する対策

Posted: 2000/11/15

Q277910

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6
  • Windows NT4 Terminal Server Service Pack 5
  • Windows NT4 Terminal Server Service Pack 4

Patch: q277910i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25565

---

MS00-088 - 「Exchange ユーザー アカウント」の脆弱性に対する対策

Posted: 2000/11/22

Q278523

Affected Products:

• Exchange 2000 Server
  • Exchange 2000 Gold
• Exchange 2000 Enterprise Server
  • Exchange 2000 Gold

Patch: Q278523ENGI.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25866

---

MS00-089 - 「ドメイン アカウント ロックアウト」の脆弱性に対する対策

Posted: 2000/11/22

JP274372

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
• Windows 2000 Server
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1

Patch: q274372_w2k_sp2_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25606

---

MS00-090 - 「.ASX バッファ オーバーラン」と「.WMS スクリプト 実行」の脆弱性に対する対策

Posted: 2000/11/27

Q280419

Affected Products:

• Windows Media Player 7.0
  • Windows Media Player 7.0 Gold

Patch: wmsu34419.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26079

Q280419

Affected Products:

• Windows Media Player 6.4
  • Windows Media Player 6.4 Gold
• Windows Media Player 6.4 for Windows 2000
  • Windows Media Player 6.4 for Windows 2000 Gold

Patch: wmsu33995.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26069

Q280419

Affected Products:

• Windows Media Player 6.4 for Windows NT 4.0
  • Windows Media Player 6.4 for Windows NT 4.0 Gold

Patch: Wmsu33995.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26069

---

MS00-091 - 「不完全な TCP/IP パケット」の脆弱性に対する対策

Posted: 2000/12/1

Q275567

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold
• Windows Me
  • Windows Me Gold

Patch: q275567i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25114

Q275567

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q275567ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS00-092 - 「拡張ストアド プロシージャ パラメータ解析」の脆弱性に対する対策

Posted: 2000/12/01

JP280380

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 SP2

Patch: s70918i.exe

• http://support.microsoft.com/support/sql/xp_security.asp

JP280380

Affected Products:

• SQL Server 2000
  • SQL Server 2000 Gold
• SQL Server Desktop Engine (MSDE) 2000
  • SQL Server Desktop Engine (MSDE) 2000 Gold

Patch: s80233i.exe

• http://support.microsoft.com/support/sql/xp_security.asp

---

MS00-093 - 「印刷テンプレート」と「フォームによるファイル アップロード」の脆弱性に対する対策

Posted: 2000/12/7

JP279328

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP1

Patch: q279328.exe

• http://www.microsoft.com/windows/ie/download/critical/q279328/download.asp

JP279328

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 Gold

Patch: Q279328.exe

• http://www.microsoft.com/windows/ie/download/critical/q279328/download.asp

JP279328

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP1

Patch: q279328.Exe

• http://www.microsoft.com/windows/ie/download/critical/q279328/download.asp

---

MS00-094 - 「電話帳サービス バッファ オーバーフロー」の脆弱性に対する対策

Posted: 2000/12/5

JP276575

Affected Products:

• Connection Manager
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: Q276575_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25531

JP276575

Affected Products:

• Connection Manager
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: q276575i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26193

JP276575

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q276575ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS00-095 - 「レジストリのアクセス権」の脆弱性を解決するツール

Posted: 2000/12/7

JP265714

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Q265714i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=28812

JP265714

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q265714i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=28812

---

MS00-096 - 「SNMP パラメータ」の脆弱性を解決するツール

Posted: 2000/12/7

JP266794

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q266794_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24500

---

MS00-097 - 「Windows Media サーバーに対する接続の切断」の脆弱性を解決する修正プログラム

Posted: 2000/12/18

Q281256

Affected Products:

• Windows Media Services 4.1
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows Media Services 4.0
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: WMSU35924.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26470

---

MS00-098 - 「インデックス サービス ファイル列挙」の脆弱性に対する対策

Posted: 2000/12/20

JP280838

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: Q280838_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26595

---

MS00-099 - 「ディレクトリ サービス復元モードのパスワード」の脆弱性に対する対策

Posted: 2000/12/21

JP271641

Affected Products:

• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q271641_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q271641/download.asp

---

MS00-100 - 「無効なWeb フォームの提出」の脆弱性に対する対策

Posted: 2000/12/25

JP280322

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: Q280322_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q280322/download.asp

JP280322

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5

Patch: Q280322i.EXE

• http://www.microsoft.com/ntserver/nts/downloads/critical/q280322/default.asp

Q280322

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q280322

• http://www.microsoft.com/technet/security/bulletin

---

MS01-001 - Web クライアントが セキュリティの設定に関わらず NTLM 認証をしてしまう

Posted: 2001/1/16

JP282132

Affected Products:

• Windows Me
  • Windows Me Gold

Patch: 282132usam.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=26705

JP282132

Affected Products:

• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Professional
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q282132_W2K_SP2_x86_en

• http://www.microsoft.com/Windows2000/downloads/critical/q282132/download.asp

JP282132

Affected Products:

• Office 2000
  • Office 2000 SR-1a
  • Office 2000 SR-1
  • Office 2000 Service Pack 2

Patch: fpwec

• http://officeupdate.microsoft.com/2000/downloaddetails/wecsec.htm

---

MS01-002 - PowerPoint 2000 ファイル パーサーが問題のあるバッファを含む

Posted: 2001/1/23

JP285978

Affected Products:

• PowerPoint 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
  • Office 2000 Service Pack 2

Patch: ppt2ksec.exe

• http://office.microsoft.com/downloads/2000/Ppt2ksec.aspx

---

MS01-003 - Winsock Mutex の弱いアクセス権によりサービスにエラーが発生する

Posted: 2001/1/25

JP279336

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: Q279336i.EXE

• http://www.microsoft.com/ntserver/nts/downloads/critical/q279336/download.asp

JP279336

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q279336i.exe

• http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q279336/download.asp

---

MS01-004 - 不正な .HTR リクエストがファイル フラグメントを読み取ってしまう

Posted: 2001/1/30

JP285985

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5

Patch: frgvuli.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27492

JP285985

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q285985_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27491

---

MS01-005 - Packaging Anomaly Could Cause Hotfixes to be Removed

Posted: 2001/01/30

Microsoft packages all Windows 2000 hotfixes (including security patches) with a catalog file that lists all of the valid hotfixes that have been issued to date. The catalog is digitally signed to ensure its integrity, and Windows File Protection uses the signed catalog to determine which hotfixes are valid. An error in the production of the catalog files for English language Windows 2000 Post Service Pack 1 hotfixes made available through December 18, 2000 could, under very unlikely circumstances, cause Windows File Protection to remove a valid hotfix from a system. The removal of a hotfix could cause a customer?s system to revert to a version of a Windows 2000 module that contained a security vulnerability. Windows File Protection will only remove valid hotfixes from a Windows 2000 system under a very restrictive set of circumstances

Q281767

Affected Products:

Patch: Q281767_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27330

Q285083

Affected Products:

Patch: Q285083_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27332

---

MS01-006 - 無効な RDP データが Terminal Server を異常終了させる

Posted: 2001/2/1

JP286132

Affected Products:

• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q286132_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q286132/download.asp

---

MS01-007 - Network DDE Agent の要求が、システム コンテキストでコードを実行してしまう

Posted: 2001/2/6

JP285851

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q285851_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27526

---

MS01-008 - 不正な NTLMSSP リクエストによりシステム特権でコードが実行される

Posted: 2001/2/8

JP280119

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: Q280119i.EXE

• http://download.microsoft.com/download/winntsp/Patch/Q280119/NT4/EN-US/Q280119i.EXE

JP280119

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q280119i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27824

---

MS00-009 - 「Image Source Redirect」の脆弱性に対する対策

Posted: 2000/2/23

JP251109

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2

Patch: Q251109.exe

• http://www.microsoft.com/windows/ie/security/patch5.asp

JP251109

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 Gold

Patch: q251109.exe

• http://www.microsoft.com/windows/ie/security/patch5.asp

---

MS01-009 - 無効な PPTP パケット ストリームがカーネルを枯渇させてしまう

Posted: 2001/2/14

JP283001

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: Q283001i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27836

Q283001

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q283001ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS01-010 - Windows Media Player スキン ファイルが Java コードを実行してしまう

Posted: 2001/2/15

JP287045

Affected Products:

• Windows Media Player 7.0
  • Windows Media Player 7.0 Gold

Patch: wmsu38041

• %windir%\system

---

MS01-011 - ドメイン コントローラへの無効なリクエストが CPU を使い果たす

Posted: 2001/2/21

JP299687

Affected Products:

• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1
• Windows 2000 Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1

Patch: Q299687_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31065

---

MS00-075 - 「Microsoft VM による ActiveX コンポーネントの制御」 の脆弱性に対する対策

Posted: 2000/10/16

JP275609

Affected Products:

• Microsoft Virtual Machine (VM)
  • Microsoft Virtual Machine (VM) Gold
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold
• Windows Me
  • Windows Me Gold

Patch: msjavx86.exe

• http://www.microsoft.com/java/vm/dl_vm40.htm

JP287030

Affected Products:

• Microsoft Virtual Machine (VM)
  • Windows 2000 Service Pack 1
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
• Windows 2000 Server
  • Windows 2000 Service Pack 1
• Windows 2000 Professional
  • Windows 2000 Service Pack 1

Patch: Q287030_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q287030/download.asp

---

MS00-071 - 「Word の差し込み印刷機能」の脆弱性に対する対策

Posted: 2000/10/10

JP272749

Affected Products:

• Word 2000
  • Office 2000 SR-1a

Patch: wrdacc.exe

• http://officeupdate.microsoft.com/2000/downloadDetails/wrdacc.htm

JP272749

Affected Products:

• Word 97
  • Office 97 SR-2/SR-2b

Patch: wdac97.exe

• http://officeupdate.microsoft.com/2000/downloadDetails/wrdacc.htm

---

MS00-044 - 「ディレクトリ ブラウザ引数の不在」脆弱性に対する対策

Posted: 2000/7/18

JP267559

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: htrdos4i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22709

JP267559

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q267559_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22708

---

MS00-045 - 「メールとブラウザがリンクしつづけてしまう」脆弱性に対する対策

Posted: 2000/7/28

JP261255

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 Gold
• Outlook Express 5.01
  • Internet Explorer 5.01 Gold

Patch: q261255.exe

• http://www.microsoft.com/windows/ie/download/critical/patch9.htm

JP261255

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2
• Outlook Express 4.01
  • Internet Explorer 4.01 SP2

Patch: Q261255.exe

• http://www.microsoft.com/windows/ie/download/critical/patch9.htm

---

MS00-046 - 「キャッシュ バイパス」の脆弱性に対する対策

Posted: 2000/7/28

JP247638

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 Gold
• Outlook Express 5.01
  • Internet Explorer 5.01 Gold

Patch: q261255.exe

• http://www.microsoft.com/windows/ie/download/critical/patch9.htm

JP247638

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2
• Outlook Express 4.01
  • Internet Explorer 4.01 SP2

Patch: Q261255.exe

• http://www.microsoft.com/windows/ie/download/critical/patch9.htm

---

MS00-048 - 「ストアドプロシージャの権限」脆弱性に対する対策

Posted: 2000/7/21

JP266766

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 SP1
  • SQL Server 7.0 SP2
• SQL Server Desktop Engine (MSDE) 1.0
  • SQL Server 7.0 SP1
  • SQL Server 7.0 SP2

Patch: s70918i.exe

• http://support.microsoft.com/support/sql/xp_security.asp

---

MS00-051 - 「Excel REGISTER.ID 関数の脆弱性」に対する対策

Posted: 2000/8/1

J055000

Affected Products:

• Excel 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
• Office 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a

Patch: xl9p3pkg.exe

• http://officeupdate.microsoft.com/2000/downloaddetails/xl9p3pkg.htm

J055000

Affected Products:

• Excel 97
  • Office 97 SR-2/SR-2b
• Office 97
  • Office 97 SR-2/SR-2b

Patch: xl8p10pkg.exe

• http://officeupdate.microsoft.com/downloadDetails/xl8p10pkg.htm

---

MS00-054 - 「無効な IPX Ping パケット」の脆弱性に対する対策

Posted: 2000/8/10

JP265334

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5

Patch: 265334US5.EXE

• http://download.microsoft.com/download/win95/Update/8982/W95/EN-US/265334US5.EXE

JP265334

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: 265334USA8.EXE

• http://download.microsoft.com/download/win98/Update/8982/W98/EN-US/265334USA8.EXE

---

MS00-056 - 「Microsoft Office HTML Object Tag」の脆弱性に対する対策

Posted: 2000/8/15

J054842

Affected Products:

• Office 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
• PowerPoint 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
• Word 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
• Excel 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a

Patch: Of9data.exe

• http://officeupdate.microsoft.com/2000/downloadDetails/Of9data.htm

---

MS00-058 - 「特殊化したヘッダ」の脆弱性に対する対策

Posted: 2000/8/16

JP256888

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold

Patch: Q256888_W2K_SP1_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q256888/download.asp

---

MS00-061 - 「Microsoft(R) Money のパスワード」に関する弱点を解決する修正プログラム

Posted: 2000/9/1

JP272232

Affected Products:

• Money 2000
  • Money 2000 Gold
• Money 2001
  • Money 2001 Gold

Patch: Update Internet Information

• On the Tools menu, click Update Internet Information.

---

MS00-042 - 「アクティブ セットアップ ダウンロード」脆弱性に対する対策

Posted: 2000/6/29

JP269368

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 Gold

Patch: Q269368.Exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

JP265258

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2

Patch: q265258.exe

• http://www.microsoft.com/windows/ie/download/critical/patch8.htm

JP265258

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 Gold

Patch: Q265258.exe

• http://www.microsoft.com/windows/ie/download/critical/patch8.htm

JP265258

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP1

Patch: q265258.Exe

• http://www.microsoft.com/windows/ie/download/critical/patch8.htm

---

MS00-043 - 「改ざんされた電子メール ヘッダ」の脆弱性に対する対策

Posted: 2000/7/27

JP261255

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 Gold
• Outlook Express 5.01
  • Internet Explorer 5.01 Gold

Patch: q261255.exe

• http://www.microsoft.com/windows/ie/download/critical/patch9.htm

JP267884

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2
• Outlook Express 4.01
  • Internet Explorer 4.01 SP2

Patch: Q261255.exe

• http://www.microsoft.com/windows/ie/download/critical/patch9.htm

---

MS00-064 - 「ユニキャスト サービスの競合状態」の脆弱性に対する対策

Posted: 2000/9/8

JP273014

Affected Products:

• Windows Media Services 4.0
  • Windows Media Services 4.0 Gold
• Windows Media Services 4.1
  • Windows Media Services 4.1 Gold

Patch: WMSU27678.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24167

---

MS00-033 - 「フレームのドメイン照合」、「権限のない cookie アクセス」、「コンポーネント属性の変形」の脆弱性に対する対策

Posted: 2000/5/17

JP269368

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2

Patch: q269368.exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

JP269368

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 Gold

Patch: Q269368.exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

---

MS00-039 - 「SSL 証明確認」の脆弱性に対する対策

Posted: 2000/6/5

JP269368

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2

Patch: q269368.exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

JP269368

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 Gold

Patch: Q269368.exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

---

MS00-041 - 「DTS パスワード」の脆弱性に対する対策

Posted: 2000/7/18

JP264880

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 SP1
  • SQL Server 7.0 SP2

Patch: s70918i.exe

• http://support.microsoft.com/support/sql/xp_security.asp

---

MS00-049 - 「Office HTML Script および IE Script」の脆弱性に対する対策

Posted: 2000/7/24

JP268365

Affected Products:

• Excel 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
• PowerPoint 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
• Office 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a

Patch: Addinsec.exe

• http://officeupdate.microsoft.com/2000/downloaddetails/Addinsec.htm

J054902

Affected Products:

• PowerPoint 97
  • PowerPoint 97 Gold
• Office 97
  • Office 97 Gold

Patch: ppt97sec.EXE

• http://officeupdate.microsoft.com/downloaddetails/PPt97sec.htm

JP269368

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2

Patch: q269368.exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

JP269368

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 Gold

Patch: Q269368.exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

JP269368

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP1

Patch: q269368.Exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

JP269368

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 Gold

Patch: Q269368.Exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

---

MS00-050 - 「Telnet Server Flooding」 の脆弱性に対する対策

Posted: 2000/8/2

JP267843

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: q267843_w2k_sp2_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22753

---

MS00-055 - 「Scriptlet によるレンダリング」の脆弱性に対する対策

Posted: 2000/8/16

JP269368

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2

Patch: q269368.exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

JP269368

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 Gold

Patch: Q269368.exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

JP269368

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP1

Patch: q269368.Exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

JP269368

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 Gold

Patch: Q269368.Exe

• http://www.microsoft.com/windows/ie/download/critical/patch11.htm

---

MS00-034 - Microsoft Office 2000 および Office 2000 ファミリー製品の脆弱性に対する対策

Posted: 2000/5/21

J054567

Affected Products:

• Office 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
• PowerPoint 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
• Outlook 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
• Word 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
• Excel 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
• Photo Draw 2000 Version 2
  • Photo Draw 2000 Version 2 Gold
• Photo Draw 2000 Version 1
  • PictureIt 2000 Gold
  • Photo Draw 2000 Version 1 Gold
• Publisher 2000
  • Publisher 2000 Gold
• Project 2000
  • Project 2000 Gold
• FrontPage 2000
  • Front Page 2000 Gold
• Works 2000
  • Works 2000 Gold
• Access 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a

Patch: Uactlsec.exe

• http://officeupdate.microsoft.com/2000/downloadDetails/Uactlsec.htm

---

MS00-035 - 「SQL Server 7.0 Service Pack のパスワード」の脆弱性に対する対策

Posted: 2000/5/31

JP263968

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 SP1
  • SQL Server 7.0 SP2

Patch: sqlsp.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21546

---

MS00-037 - 「HTML Help File Code Execution」の脆弱性に対する対策

Posted: 2000/6/2

JP259166

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 Gold
• Internet Explorer 4.0
  • Internet Explorer 4.0 Gold
• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: hhupd.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21705

JP259166

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 Gold

Patch: Q259166_W2K_SP1_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21706

---

MS00-038 - 「Windows Media Encoder の異常な形式の要求」の脆弱性に対する対策

Posted: 2000/5/30

JP264133

Affected Products:

• Windows Media Encoder 4.0
  • Windows Media Encoder 4.0 Gold
• Windows Media Encoder 4.1
  • Windows Media Encoder 4.1 Gold

Patch: WMSU20935a.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=21904

---

MS00-010 - 「サイト ウィザード入力確認」の脆弱性に対する対策

Posted: 2000/2/22

J052525

Affected Products:

• Site Server 3.0, Commerce Edition
  • Site Server 3.0 Gold
  • Site Server 3.0 SP1
  • Site Server 3.0 SP2
  • Site Server 3.0 SP3
  • Site Server 3.0 SP4

Patch: Q252614.zip

• http://www.microsoft.com/downloads/Release.asp?ReleaseID=18767

---

MS00-012 - 「リモート エージェントのアクセス許可」の脆弱性に対する対策

Posted: 2000/3/21

Affected Products:

• Systems Management Server 2.0
  • Systems Management Server 2.0 Gold
  • Systems Management Server 2.0 SP1

Patch: Q249847i.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=18498

---

MS00-013 - 「Windows Media サービス ハンドシェイクの順序不良」の脆弱性に対する対策

Posted: 2000/3/14

JP253943

Affected Products:

• Windows Media Services 4.0
  • Windows Media Services 4.0 Gold
• Windows Media Services 4.1
  • Windows Media Services 4.1 Gold

Patch: WMSU4954_NT4.EXE

• http://download.microsoft.com/download/winmediatech40/Update/4954/NT4/EN-US/WMSU4954_NT4.EXE

JP253943

Affected Products:

• Windows Media Services 4.1
  • Windows Media Services 4.1 Gold
• Windows Media Services 4.0
  • Windows Media Services 4.0 Gold

Patch: WMSU4954_Win2000.EXE

• http://download.microsoft.com/download/winmediatech40/Update/4954/NT5/EN-US/WMSU4954_Win2000.EXE

---

MS00-014 - 「SQL クエリー」の脆弱性に対する対策

Posted: 2000/3/8

JP256052

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 SP1
  • SQL Server 7.0 Gold
• SQL Server Desktop Engine (MSDE) 1.0
  • SQL Server 7.0 Gold
  • SQL Server 7.0 SP1

Patch: s70780i.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=19132

---

MS00-015 - 「Microsoft Clip Art Gallery」における脆弱性に対する対策

Posted: 2000/3/8

J052983

Affected Products:

• Office 2000
  • Office 2000 Gold
• Works 2000
  • Works 2000 Gold
• PictureIt 2000
  • PictureIt 2000 Gold
• Home Publishing 2000
  • Home Publishing 2000 Gold
• Publisher 99
  • Publisher 99 Gold
• Photo Draw 2000 Version 1
  • Photo Draw 2000 Version 1 Gold
• Greetings 2000
  • Greetings 2000 Gold

Patch: cilupdt.exe

• http://cgl.microsoft.com/clipgallerylive/pss/bufovrun.htm

---

MS00-016 - 「改ざんされたメディア ライセンス要求」の脆弱性に対する対策

Posted: 2000/3/17

JP257200

Affected Products:

• Windows Media Rights Manager 1
  • Windows Media Rights Manager 1 Gold

Patch: WMRMU8912_NT4.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=19171

---

MS00-017 - 「パスに DOS デバイス名が含まれる場合」の脆弱性に対する対策

Posted: 2000/7/18

JP256015

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5

Patch: 256015USA5.EXE

• http://www.microsoft.com/downloads/release.asp?releaseID=19491

JP256015

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: 256015USA8.EXE

• http://www.microsoft.com/downloads/release.asp?ReleaseID=19389

---

MS00-018 - 「チャンクエンコーディングされたポスト」の脆弱性に対する対策

Posted: 2000/3/29

JP252693

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: chkenc4i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=19761

---

MS00-019 - 「仮想化された UNC シェア」の脆弱性に対する対策

Posted: 2000/4/3

JP249599

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: uncsec4i.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=18900

JP249599

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold

Patch: Q249599_W2K_SP1_X86_en.EXE

• http://www.microsoft.com/downloads/release.asp?ReleaseID=19982

---

MS00-022 - 「XLM Text Macro」の脆弱性に対する対策

Posted: 2000/4/3

J053267

Affected Products:

• Excel 97
  • Office 97 SR-2/SR-2b
• Office 97
  • Office 97 SR-2/SR-2b

Patch: xl8p9pkg.exe

• http://www.officeupdate.com/downloadDetails/Xl8p9pkg.htm?s=/downloadCatalog/dldExcel.asp

---

MS00-023 - 「無数のエスケープ文字」の脆弱性に対する対策

Posted: 2000/4/12

JP254142

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: escseq4i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20292

JP254142

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold

Patch: Q254142_W2K_SP1_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20286

---

MS00-024 - 「改ざんされたレジストリが暗号キーに与える影響」の脆弱性に対する対策

Posted: 2000/4/12

JP259496

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 4
• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q259496i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20330

---

MS00-025 - 「Link View サーバー側コンポーネント」の脆弱性に対する対策

Posted: 2000/4/20

JP259799

Affected Products:

• FrontPage 98 Server Extensions
  • FrontPage 98 Server Extensions Gold
• Internet Information Server 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Personal Web Server 4.0
  • Personal Web Server 4.0 Gold

Patch: Q259799

• http://www.microsoft.com/technet/support/kb.asp?ID=259799

---

MS00-028 - 「サーバー側イメージ マップ コンポーネント」の脆弱性に対する対策

Posted: 2000/4/27

JP260267

Affected Products:

• FrontPage 97 Server Extensions
  • FrontPage 97 Server Extensions Gold
• FrontPage 98 Server Extensions
  • FrontPage 98 Server Extensions Gold
• Internet Information Server 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Personal Web Server 4.0
  • Personal Web Server 4.0 Gold

Patch: Q260267

• http://www.microsoft.com/technet/support/kb.asp?ID=260627

---

MS00-030 - 「URL 内の変形された拡張子データ」の脆弱性に対する対策

Posted: 2000/5/12

JP260205

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5

Patch: myrdot4i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20906

JP260205

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold

Patch: Q260205_W2K_SP1_x86_en.EXE

• http://www.microsoft.com/Windows2000/downloads/critical/q260205/download.asp

---

MS00-031 - 「区切り文字なしの .HTR リクエスト」 および 「.HTR 経由のファイル フラグメントの読み取り」の脆弱性に対する対策

Posted: 2000/5/12

JP267559

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold

Patch: q267559_w2k_sp2_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22708

JP260838

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: ismpst4i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20905

---

MS99-053 - 「マルチスレッド SSL ISAPI フィルタ」の脆弱性に対する対策

Posted: 1999/12/3

JP244613

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 4

Patch: sslune4i.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=16186

---

MS99-054 - 「WPAD Spoofing」の脆弱性に対する対策

Posted: 1999/12/1

JP247333

Affected Products:

• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: Q247333

• http://support.microsoft.com/support/kb/articles/q247/3/33.asp

---

MS99-058 - 「仮想ディレクトリの名前」の脆弱性

Posted: 1999/12/21

JP238606

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 4

Patch: vrdcon4i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16378

---

MS99-059 - 「不正なTDSパケット ヘッダ」の脆弱性に対する対策

Posted: 1999/12/20

JP248749

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 SP1

Patch: S70761i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16923

---

MS99-060 - 「HTML メール添付ファイル」の脆弱性に対する対策

Posted: 1999/12/24

J051863

Affected Products:

• Outlook Express 5 for Macintosh
  • Outlook Express 5 for Macintosh Gold
• Internet Explorer 4.5 for Macintosh
  • Internet Explorer 4.5 for Macintosh Gold

Patch: MacFiles

• http://support.microsoft.com/support/kb/articles/q249/0/82.asp

---

MS99-061 - 「エスケープ文字解析」の脆弱性に対する対策

Posted: 1999/12/24

JP246401

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: unschx4i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16357

---

MS99-052 - 「パスワードをキャッシュするレガシ メカニズムが与える」脆弱性に対する対策

Posted: 2000/4/18

JP168115

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5

Patch: 168115us5.exe

• http://download.microsoft.com/download/win95/update/168115/w95/en-us/168115us5.exe

JP168115

Affected Products:

• Windows 98
  • Windows 98 Gold

Patch: 168115us8.exe

• http://download.microsoft.com/download/win98/update/168115/w98/en-us/168115us8.exe

---

MS99-051 - 「IE タスク スケジューラ」の脆弱性に対する対策

Posted: 1999/11/29

J051680

Affected Products:

• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: q246972

• http://support.microsoft.com/support/kb/articles/q246/9/72.asp

---

MS99-049 - 「URL を用いたファイルアクセス」の脆弱性に対する対策

Posted: 2000/4/18

JP245729

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5

Patch: 245729us5.exe

• http://download.microsoft.com/download/win95/update/245729/w95/en-us/245729us5.exe

JP245729

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1

Patch: 245729us8.exe

• http://download.microsoft.com/download/win98/update/245729/w98/en-us/245729us8.exe

---

MS99-048 - 「Active Setup Control」の脆弱性に対する対策

Posted: 1999/12/24

JP244540

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2

Patch: q244540.exe

• http://www.microsoft.com/msdownload/iebuild/ascontrol/en/136473.htm

JP244540

Affected Products:

• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: Q244540.exe

• http://www.microsoft.com/msdownload/iebuild/ascontrol/en/136473.htm

---

MS99-044 - 「Excel SYLK」の脆弱性に対する対策

Posted: 2000/11/17

J051700

Affected Products:

• Excel 97
  • Office 97 SR-2/SR-2b
• Office 97
  • Office 97 SR-2/SR-2b

Patch: xl8p9pkg.exe

• http://officeupdate.microsoft.com/downloadDetails/Xl8p7pkg.htm

J051700

Affected Products:

• Excel 2000
  • Office 2000 Gold
• Office 2000
  • Office 2000 Gold

Patch: xl9p2pkg.exe

• http://officeupdate.microsoft.com/2000/downloadDetails/XL9p1pkg.htm

---

MS99-043 - 「Javascript リダイレクト」の脆弱性に対する対策

Posted: 1999/12/7

J053009

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2

Patch: q244356.exe

• http://www.microsoft.com/msdownload/iebuild/jsredir/en/138099.htm

J053009

Affected Products:

• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: q244357.exe

• http://www.microsoft.com/msdownload/iebuild/jsredir/en/138101.htm

---

MS99-042 - 「IFRAME ExecCommand」の脆弱性に対する対策

Posted: 1999/10/15

J051103

Affected Products:

• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: q243638.exe

• http://www.microsoft.com/msdownload/iebuild/dlbhav/en/dlbhav.htm

---

MS99-040 - IE 5 「ダウンロード動作」の脆弱性に対する対策

Posted: 1999/9/28

JP242542

Affected Products:

• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: q243638.exe

• http://www.microsoft.com/msdownload/iebuild/dlbhav/en/dlbhav.htm

---

MS99-037 - 「ImportExportFavorites」 の脆弱性に対する対策

Posted: 1999/9/10

JP241362

Affected Products:

• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: q241361.exe

• http://www.microsoft.com/msdownload/iebuild/iefav/en/iefav.htm

JP241362

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2

Patch: Q241361.exe

• http://www.microsoft.com/msdownload/iebuild/iefav/en/iefav.htm

---

MS99-035 - 「Set Cookie ヘッダによるキャッシュ」の脆弱性に対する対策

Posted: 1999/9/10

J050066

Affected Products:

• Site Server 3.0
  • Site Server 3.0 Gold
  • Site Server 3.0 SP1
  • Site Server 3.0 SP2
• Site Server 3.0, Commerce Edition
  • Site Server 3.0 Gold
  • Site Server 3.0 SP1
  • Site Server 3.0 SP2
• Microsoft Commercial Internet System 2.0
  • Microsoft Commercial Internet System 2.0 Gold
• Microsoft Commercial Internet System 2.5
  • Microsoft Commercial Internet System 2.5 Gold

Patch: q238647x86eng.exe

• ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3/Hotfixes-PostSP2/ProxyCache/

---

MS99-033 - 「改ざんされた Telnet 引数」の脆弱性に対する対策

Posted: 1999/9/9

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5

Patch: telnet95.exe

• http://www.microsoft.com/windows95/downloads/contents/WUCritical/Telnet/Default.asp

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: TelnetUp.EXE

• http://www.microsoft.com/windows98/downloads/contents/wucritical/telnet/license.asp

---

MS99-032 - 「Scriptlet.typlib/Eyedog」の脆弱性に対する対策

Posted: 1999/8/31

JP240308

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP2
  • Internet Explorer 4.01 Gold
  • Internet Explorer 4.01 SP1
• Internet Explorer 4.0
  • Internet Explorer 4.0 Gold
• Internet Explorer 5
  • Internet Explorer 5 Gold
• Outlook Express 4.01
  • Internet Explorer 4.01 Gold
  • Internet Explorer 4.01 SP1
  • Internet Explorer 4.01 SP2

Patch: q240308.exe

• http://www.microsoft.com/msdownload/iebuild/scriptlet/en/125795.htm

---

MS99-030 - Office 「ODBC ドライバ」の脆弱性に対する対策

Posted: 1999/8/20

J050041

Affected Products:

• Office 95
  • Office 95 Gold

Patch: Jet30Pkg.exe

• http://officeupdate.microsoft.com/downloadDetails/excel95odbc.htm

J050041

Affected Products:

• Office 97
  • Office 97 Gold
  • Office 97 SR-1
  • Office 97 SR-2/SR-2b

Patch: jetCopkg.exe

• http://officeupdate.microsoft.com/downloadDetails/excel97odbc.htm

J050041

Affected Products:

• Office 2000
  • Office 2000 Gold
  • Office 2000 SR-1
  • Office 2000 SR-1a

Patch: JetcoPkg.exe

• http://officeupdate.microsoft.com/2000/downloadDetails/excel2000odbc.htm

---

MS99-022 - Double Byte Code Page Vulnerability

Posted: 1999/06/24

When IIS is run on a machine on which a double-byte character set code page is used (i.e., the default language on the server is set to Chinese, Japanese, or Korean), and a specific URL construction is used to request a file in a virtual directory, normal server-side processing is bypassed. As a result, the file is simply delivered as text to the browser, thereby allowing the source code to be viewed.

JP233335

Affected Products:

• Internet Information Server 3.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5

Patch: fesrc3i.exe

• ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/fesrc-fix/

JP233335

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 3

Patch: fesrc4i.exe

• ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/fesrc-fix/

---

MS99-019 - Malformed HTR Request Vulnerability

Posted: 1999/06/15

The vulnerability involves an unchecked buffer in the filter DLLs for these file types. This poses two threats to safe operation. The first is a denial of service threat. A malformed request for an .HTR, .STM or .IDC file could overflow the buffer, causing IIS to crash. The server would not need to be rebooted, but IIS would need to be rebooted in order to resume service. The second threat is that a carefully-constructed file request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither attack could occur accidentally. The vulnerability is present regardless of whether .HTR, .STM or .IDC files are present on the server.

JP234905

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5

Patch: extfixi.exe

• ftp://ftp.microsoft.com/bussys/IIS/iis-public/fixes/usa/ext-fix/

---

MS99-018 - Malformed Favorites Icon Vulnerability

Posted: 1999/05/27

The "Malformed Favorites Icon" vulnerability. The Favorites feature allows IE users to keep a list of their favorite web sites. In IE 5, the Favorites list can contain icons that are supplied by the associated web sites. However, there is an unchecked buffer in the implementation. A specially-malformed icon could overrun the buffer and be used to run arbitrary code on the user's computer. This vulnerability only affects IE 5 when run on Windows 95 or 98; it does not affect Windows NT systems. The "Legacy ActiveX Control" vulnerability. An ActiveX control that was used by previous versions of IE also was included in IE 4.0 and IE 5 even though it is not used by either. It could be misused to allow a web site to read the user's local hard drive. The update eliminates the vulnerability by removing the control.

Affected Products:

• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: Q241361.exe

• http://www.microsoft.com/msdownload/iebuild/iefav/en/iefav.htm

Affected Products:

• Internet Explorer 4.0
  • Internet Explorer 4.0 Gold
• Internet Explorer 4.01
  • Internet Explorer 4.01 Gold
  • Internet Explorer 4.01 SP1
  • Internet Explorer 4.01 SP2

Patch: q241361.exe

• http://www.microsoft.com/msdownload/iebuild/iefav/en/iefav.htm

---

MS99-014 - Excel 97 Virus Warning Vulnerabilities

Posted: 1999/05/07

Microsoft Excel 97 provides a feature that warns the user before launching an external file that could potentially contain a virus or other malicious software. However, certain scenarios have been identified that could be misused to bypass the warning mechanism. In general, they require the use of infrequently-combined features and commands, and are unlikely to be encountered in normal use.

Affected Products:

• Office 97
  • Office 97 SR-2/SR-2b
• Excel 97
  • Office 97 SR-2/SR-2b

Patch: Xl8p9pkg.exe

• http://officeupdate.microsoft.com/downloadDetails/Xl8p9pkg.htm

---

MS99-012 - MSHTML Update Available for Internet Explorer

Posted: 1999/04/21

The first vulnerability is a new variant of a previously-identified cross-frame security vulnerability. A particular malformed URL could be used to execute scripts in the security context of a different domain. This could allow a malicious web site operator to execute a script on the web site, and gain privileges on visiting users' machines that are normally granted only to their trusted sites. The second vulnerability affects only Internet Explorer 5.0, and is a new variant of a previously-identified untrusted scripted paste vulnerability. The vulnerability would allow a script to paste a filename into the file upload intrinsic control. This should only be possible by explicit user action. Once the filename has been pasted into the control, a subsequent form submission could send the file to a remote web site. If the user has disabled the default warning that is displayed when submitting unencrypted forms, the file would be sent without any warning to the user. The third vulnerability is a privacy issue involving the processing of the "IMG SRC" tag in HTML files. This tag identifies and loads image sources - image files that are to be displayed as part of a web page. The vulnerability results because the tag can be used to point to files of any type, rather than only image files, after which point the document object model methods can be used to determine information about them. A malicious web site operator could use this vulnerability to determine the size and MIME type of files on the computer of a visiting user.

Affected Products:

• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: mshtml5.exe

• http://www.microsoft.com/msdownload/iebuild/mshtml/en/72111.htm

Affected Products:

• Internet Explorer 4.01
  • Internet Explorer 4.01 SP1
  • Internet Explorer 4.01 SP2

Patch: mshtml4.exe

• http://www.microsoft.com/msdownload/iebuild/mshtml/en/72113.htm

---

MS99-011 - DHTML Edit Vulnerability

Posted: 1999/04/21

The root cause of the vulnerability lies in the fact that a web site that hosts the "safe for scripting" version of the control is able to upload any data entered into the control. A malicious web site operator could trick a user into entering sensitive data into a DHTML Edit control hosted on a web page from the operator's site, and then upload the data. In addition, if the malicious web site operator knows the name of a file on the user's local drive, it is possible for the operator to programmatically load the file into the control and then upload it.

Affected Products:

• Internet Explorer 4.0
  • Internet Explorer 4.0 Gold
• Internet Explorer 5
  • Internet Explorer 5 Gold

Patch: DHTMLED5.EXE

• http://www.microsoft.com/msdownload/iebuild/DHTML_Edit/en/71370.htm

---

MS01-012 - Outlook と Outlook Express の vCard ハンドラが問題のあるバッファを含む

Posted: 2001/2/23

JP283908

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP1
• Outlook Express 5.5
  • Internet Explorer 5.5 SP1

Patch: q283908.exe

• http://www.microsoft.com/windows/ie/download/critical/q283908/download.asp

JP283908

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP1
• Outlook Express 5.01
  • Internet Explorer 5.01 SP1

Patch: Q283908.exe

• http://www.microsoft.com/windows/ie/download/critical/q283908/default.asp

---

MS01-013 - Windows 2000 イベント ビューアが問題のあるバッファを含む

Posted: 2001/2/27

JP285156

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q285156_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27842

---

MS01-014 - 不正な URL により IIS 5.0 及び Exchange 2000 のサービスにエラーが発生する

Posted: 2001/3/2

JP286818

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold

Patch: Q286818_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=28155

JP287678

Affected Products:

• Exchange 2000 Enterprise Server
  • Exchange 2000 Gold
• Exchange 2000 Server
  • Exchange 2000 Gold

Patch: Q287678engi386.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=28369

---

MS01-015 - Internet Explorer がキャッシュされたコンテンツの場所を漏えいしてしまう

Posted: 2001/3/9

JP279328

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP1

Patch: q279328.exe

• http://www.microsoft.com/windows/ie/download/critical/q279328/default.asp

JP286045

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP1

Patch: q286045.exe

• http://www.microsoft.com/windows/ie/download/critical/q286045/default.asp

JP286043

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP1
• Internet Explorer 5.5
  • Internet Explorer 5.5 SP1

Patch: q286043.exe

• http://www.microsoft.com/windows/ie/download/critical/q286043/default.asp

JP280768

Affected Products:

• Windows Script 5.1
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: scripten.exe

• http://www.microsoft.com/msdownload/vbscript/scripting51.asp

JP280768

Affected Products:

• Windows Script 5.1
  • Windows 95 SR 2.5
  • Windows 95 SR 2.1
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
  • Windows 98 Gold
  • Windows 98 SP1

Patch: ste51en.exe

• http://www.microsoft.com/msdownload/vbscript/scripting51.asp

JP280768

Affected Products:

• Windows Script 5.5
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Scripten.exe

• http://www.microsoft.com/msdownload/vbscript/scripting.asp

JP280768

Affected Products:

• Windows Script 5.5
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5
  • Windows 98 Gold
  • Windows 98 SP1
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Scr55en.exe

• http://www.microsoft.com/msdownload/vbscript/scripting.asp

---

MS01-016 - 不正な WebDAV リクエストにより IIS が CPU リソースを使い果たす

Posted: 2001/3/9

JP291845

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q291845_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=28564

---

MS01-017 - VeriSign 発行の誤ったデジタル証明書による、なりすましの危険性

Posted: 2001/3/23

JP293818

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5
• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold
• Windows Me
  • Windows Me Gold

Patch: Crlupd.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=28888

JP293818

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 3
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: crlupd.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=28888

JP293818

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 4
  • Windows NT4 Terminal Server Service Pack 5
  • Windows NT4 Terminal Server Service Pack 6

Patch: crlupdts.exe

• http://www.microsoft.com/technet/security/bulletin

JP293818

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: crlupD.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=28888

---

MS01-018 - Visual Studio 6.0 VB T-SQL オブジェクトが問題のあるバッファを含む

Posted: 2001/3/28

Affected Products:

• Visual Studio 6.0
  • Visual Studio 6.0 SP 5
• Visual Basic 6.0
  • Visual Basic 6.0 Gold

Patch: Q281297.EXE

• http://msdn.microsoft.com/vstudio/downloads/debugging/default.asp

---

MS01-019 - 圧縮フォルダのパスワードが復元されてしまう

Posted: 2001/3/29

JP252694

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: 252694usa8.exe

• http://download.microsoft.com/download/win98/update/14715/w98/en-us/252694usa8.exe

JP252694

Affected Products:

• Windows Me
  • Windows Me Gold

Patch: 252694usam.exe

• http://download.microsoft.com/download/winme/update/14715/winme/en-us/252694usam.exe

---

MS01-020 - 不適切な MIME ヘッダーが原因で Internet Explorer が電子メールの添付ファイルを実行する

Posted: 2001/3/30

JP290108

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP1

Patch: Q290108.exe

• http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp

JP290108

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP1

Patch: q290108.exe

• http://www.microsoft.com/windows/ie/download/critical/Q290108/default.asp

---

MS01-021 - Web 公開時に異常なリクエストによって Web Proxy サービスが停止する

Posted: 2001/4/17

JP295279

Affected Products:

• ISA Server 2000
  • ISA Server 2000 Gold

Patch: isahf63.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29081

---

MS01-022 - WebDAV Service Provider によりスクリプトがユーザーとしてリクエストを行う

Posted: 2001/4/19

JP296441

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5
• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold
• Windows Me
  • Windows Me Gold

Patch: rbupdate.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29129

JP296441

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
• Windows 2000 Professional
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Rbupdate.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29129

---

MS01-023 - ISAPI エクステンションの未チェックのバッファにより IIS 5.0 サーバーのセキュリティが侵害される

Posted: 2001/5/2

JP296576

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1

Patch: Q296576_W2K_SP2_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29321

---

MS01-024 - ドメイン コントローラへの不正なリクエストがメモリを使い果たす

Posted: 2001/5/9

JP299687

Affected Products:

• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1
• Windows 2000 Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1

Patch: Q299687_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31065

---

MS01-025 - Index Server の検索機能が未チェックのバッファを含む

Posted: 2001/5/11

JP294472

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Index Server 2.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Q294472i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29660

JP296185

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Index Server 2.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Q296185i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29631

JP296185

Affected Products:

• Indexing Services for Windows 2000
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Professional
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q296185_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29561

---

MS01-026 - 不要なデコーディング操作により IIS でコマンドが実行される

Posted: 2001/5/15

JP293826

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q293826_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29764

JP295534

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Q295534i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29787

---

MS01-027 - Web サーバー証明書検証の問題により Web サイトの偽装が可能になる

Posted: 2001/5/17

JP295106

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP2

Patch: q295106.exe

• http://www.microsoft.com/windows/ie/download/critical/q295106/default.asp

JP299618

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP1

Patch: q299618.exe

• http://www.microsoft.com/windows/ie/download/critical/q299618/default.asp

---

MS01-028 - テンプレートにリンクしている RTF 文書が警告なしでマクロを実行する

Posted: 2001/5/22

JP288266

Affected Products:

• Word 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
  • Office 2000 Service Pack 2

Patch: wd2kmsec.exe

• http://office.microsoft.com/downloads/2000/wd2kmsec.aspx

JP288266

Affected Products:

• Word 97
  • Office 97 SR-2/SR-2b

Patch: wd97mcrs.exe

• http://office.microsoft.com/downloads/9798/wd97mcrs.aspx

---

MS01-029 - Windows Media Player .ASX プロセッサが未チェックのバッファを含む

Posted: 2001/5/24

Q296138

Affected Products:

• Windows Media Player 6.4
  • Windows Media Player 6.4 Gold
• Windows Media Player 6.4 for Windows 2000
  • Windows Media Player 6.4 for Windows 2000 Gold

Patch: WMSU47357.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29921

Q296138

Affected Products:

• Windows Media Player 7.0
  • Windows Media Player 7.0 Gold

Patch: mp71.exe

• http://download.microsoft.com/download/winmediaplayer/wmp71/7.1/W982KMe/EN-US/mp71.exe

Q296138

Affected Products:

• Windows Media Player 6.4 for Windows NT 4.0
  • Windows Media Player 6.4 for Windows NT 4.0 Gold

Patch: Wmsu47357.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=29921

---

MS01-030 - Exchange 2000 Outlook Web Access Service で添付ファイルの不正処理によりスクリプトが実行される

Posted: 2001/6/7

JP299535

Affected Products:

• Exchange Server 5.5
  • Exchange Server 5.5 SP4

Patch: Q301361i386.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30568

JP299535

Affected Products:

• Exchange 2000 Enterprise Server
  • Exchange 2000 Gold
• Exchange 2000 Server
  • Exchange 2000 Gold

Patch: Q299535engi386.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30569

---

MS01-031 - 推測可能な名前付きパイプが Telnet 経由でアクセス権の昇格を可能にする

Posted: 2001/6/8

JP299553

Affected Products:

• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Professional
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q299553_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30508

---

MS01-032 - SQL クエリ方法により、キャッシュされた管理者接続が再使用される

Posted: 2001/6/13

JP299717

Affected Products:

• SQL Server 2000
  • SQL Server 2000 Gold
• SQL Server Desktop Engine (MSDE) 2000
  • SQL Server Desktop Engine (MSDE) 2000 Gold

Patch: s80296i.exe

• http://download.microsoft.com/download/sqlsvr2000/patch/s80296i/w98nt42kme/en-us/s80296i.exe

JP299717

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 SP3

Patch: s70996i.exe

• http://download.microsoft.com/download/sql70/Patch/s70996i/WIN98Me/EN-US/s70996i.exe

---

MS01-033 - Index Server ISAPI エクステンションの未チェックのバッファにより Web サーバーが攻撃される

Posted: 2001/6/19

JP300972

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Indexing Services for Windows 2000
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q300972_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30800

JP300972

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 6a
• Index Server 2.0
  • Windows NT4 Service Pack 6a

Patch: Q300972i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30833

Q300972

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q300972ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS01-034 - 不正な Word 文書が自動的にマクロを実行する

Posted: 2001/6/25

JP288266

Affected Products:

• Word 97
  • Office 97 SR-2/SR-2b

Patch: wd97mcrs.exe

• http://office.microsoft.com/downloads/9798/wd97mcrs.aspx

JP288266

Affected Products:

• Word 2000
  • Office 2000 SR-1
  • Office 2000 SR-1a
  • Office 2000 Service Pack 2

Patch: wd2kmsec.exe

• http://office.microsoft.com/downloads/2000/wd2kmsec.aspx

JP302294

Affected Products:

• Word 2002
  • Word 2002 Gold

Patch: WRD1001.exe

• http://office.microsoft.com/downloads/2002/wrd1001.aspx

---

MS01-035 - FrontPage Server Extension のサブコンポーネントが未チェックのバッファを含む

Posted: 2001/6/25

JP300477

Affected Products:

• Front Page 2000 Server Extensions
  • Windows 2000 Service Pack 2

Patch: Q300477_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30727

JP300477

Affected Products:

• Front Page 2000 Server Extensions
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Q300477.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31038

---

MS01-036 - LDAP SSL で公開される機能がパスワードの変更を可能にする

Posted: 2001/6/26

JP299687

Affected Products:

• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1
• Windows 2000 Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1

Patch: Q299687_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31065

---

MS01-037 - SMTP サービスの認証エラーがメールの中継を可能にする

Posted: 2001/7/6

JP302755

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q302755_W2k_SP3_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31181

---

MS01-038 - Outlook ビュー コントロールにより、安全でない機能が利用できる

Posted: 2001/7/13

JP303833

Affected Products:

• Outlook 2000
  • Office 2000 Service Pack 2

Patch: outlctlx.exe

• http://office.microsoft.com/downloads/2000/outlctlx.aspx

JP303833

Affected Products:

• Outlook 2002
  • Outlook 2002 Gold

Patch: olk1003.exe

• http://office.microsoft.com/downloads/2002/OLK1003.aspx

---

MS01-039 - Services for Unix 2.0 の Telnet および NFS サービスでメモリ リークが発生する

Posted: 2001/7/25

JP294380

Affected Products:

• Services for Unix 2.0 (NT)
  • Services for Unix 2.0 (NT) Gold

Patch: q294380_sfu_2_x86.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31600

JP294380

Affected Products:

• Services for Unix 2.0 (NT)
  • Services for Unix 2.0 (NT) Gold

Patch: q301514_sfu_2_x86.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31601

JP294380

Affected Products:

• Services for Unix 2.0 (Win2K)
  • Services for Unix 2.0 (Win2K) Gold

Patch: q294380_sfu_2_x86.Exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31592

JP301514

Affected Products:

• Services for Unix 2.0 (Win2K)
  • Services for Unix 2.0 (Win2K) Gold

Patch: q301514_sfu_2_x86.Exe

• http://www.microsoft.com/technet/security/bulletin

---

MS01-040 - 無効な RDP データの受信により、ターミナル サービスでメモリ リークが発生する場合がある

Posted: 2001/7/26

JP292435

Affected Products:

• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: q292435_w2k_sp3_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30195

JP292435

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 5
  • Windows NT4 Terminal Server Service Pack 6

Patch: q292435i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31615

---

MS01-041 - 不正な RPC リクエストがサービスを異常終了させる

Posted: 2001/7/27

JP299444

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: Q299444i.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=31240

JP299444

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 6a

Patch: Q299444I.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=31240

JP298012

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: q298012_w2k_sp3_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31434

JP298012

Affected Products:

• SQL Server 2000
  • SQL Server 2000 Gold

Patch: q298012_sql2000_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31644

JP298012

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 SP2

Patch: q298012_sql70sp2_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31645

JP304062

Affected Products:

• Exchange Server 5.5
  • Exchange Server 5.5 SP4

Patch: q304062engi386.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31517

JP304062

Affected Products:

• Exchange 2000 Server
  • Exchange 2000 Gold
• Exchange 2000 Enterprise Server
  • Exchange 2000 Gold

Patch: q304063engi386.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31522

Q299444

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q299444ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS01-042 - Windows Media Player .NSC ファイル処理に未チェックのバッファが含まれる

Posted: 2001/7/27

Q304404

Affected Products:

• Windows Media Player 6.4
  • Windows Media Player 6.4 Gold
• Windows Media Player 6.4 for Windows 2000
  • Windows Media Player 6.4 for Windows 2000 Gold

Patch: wmsu55362.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31459

Q304404

Affected Products:

• Windows Media Player 7.1
  • Windows Media Player 7.1 Gold

Patch: wMsu55362.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31459

Q304404

Affected Products:

• Windows Media Player 7.0
  • Windows Media Player 7.0 Gold

Patch: wmSu55362.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31459

Q304404

Affected Products:

• Windows Media Player 6.4 for Windows NT 4.0
  • Windows Media Player 6.4 for Windows NT 4.0 Gold

Patch: Wmsu55362.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31459

---

MS01-043 - NNTP サービスでメモリ リークが発生する

Posted: 2001/8/15

JP303984

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: q304876engi386.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31955

JP303984

Affected Products:

• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: q303984_w2k_sp3_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=31925

---

MS01-044 - 2001 年 8 月 15 日 IIS 用の累積的な修正プログラム

Posted: 2001/8/16

JP301625

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 6a
  • Windows NT4 Service Pack 5

Patch: q301625i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32061

JP301625

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: q301625_w2k_sp3_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32011

---

MS01-045 - H.323 ゲートキーパーと Web Proxy のメモリーリーク及びクロスサイトスクリプティングの脆弱性

Posted: 2001/8/17

JP289503

Affected Products:

• ISA Server 2000
  • ISA Server 2000 Gold

Patch: isahf68.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32094

---

MS01-046 - Windows 2000 赤外線デバイスドライバでのアクセス違反により、システムが再起動する

Posted: 2001/8/22

JP252795

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q252795_W2K_SP3_x86_en.EXE

• http://www.microsoft.com/windows2000/downloads/critical/q252795/default.asp

---

MS01-047 - OWA 機能により、認証されていないユーザーがグローバル アドレス一覧を列挙することができる

Posted: 2001/9/7

JP307195

Affected Products:

• Exchange Server 5.5
  • Exchange Server 5.5 SP4

Patch: Q307195engi386.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32483

---

MS01-048 - RPC Endpoint Mapper への不正なリクエストにより、RPC サービスが異常終了する

Posted: 2001/9/11

JP305399

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: Q305399i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32503

---

MS01-049 - 深くネスト化した OWA リクエストによりサーバーの CPU が消費される

Posted: 2001/9/27

JP303451

Affected Products:

• Exchange 2000 Enterprise Server
  • Exchange 2000 SP1
• Exchange 2000 Server
  • Exchange 2000 SP1

Patch: Q303451engi386.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=32431

---

MS01-050 - 不正な Excel または PowerPoint の文書がマクロのセキュリティを無視する

Posted: 2001/10/5

JP306603

Affected Products:

• Excel 2000
  • Office 2000 SR-1a
  • Office 2000 Service Pack 2

Patch: xl2000

• http://download.microsoft.com/download/excel2000/e2kmac/1/w98nt42kme/en-us/e2kmac.exe

JP306603

Affected Products:

• Excel 2002
  • Office 2002 Gold

Patch: xl2002

• http://download.microsoft.com/download/excel2002/exc1001/1/w98nt42kme/en-us/exc1001.exe

JP306603

Affected Products:

• PowerPoint 2000
  • Office 2000 SR-1a
  • Office 2000 Service Pack 2

Patch: Ppt2000

• http://download.microsoft.com/download/powerpoint2000/p2kmac/1/w98nt42kme/en-us/p2kmac.exe

JP306603

Affected Products:

• PowerPoint 2002
  • Office 2002 Gold

Patch: Ppt2002

• http://download.microsoft.com/download/powerpoint2002/ppt1001/1/w98nt42kme/en-us/ppt1001.exe

---

MS01-051 - 不正なドットなし IP アドレスにより Web ページがイントラネット ゾーンで処理されてしまう

Posted: 2001/10/11

JP306121

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP2

Patch: q306121.exe

• http://www.microsoft.com/windows/ie/downloads/critical/q306121/default.asp

JP306121

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP2

Patch: Q306121.exe

• http://www.microsoft.com/windows/ie/downloads/critical/q306121/default.asp

JP306121

Affected Products:

• Internet Explorer 6
  • Internet Explorer 6 Gold

Patch: q306121.Exe

• http://www.microsoft.com/windows/ie/downloads/critical/q306121/default.asp

---

MS01-052 - 無効な RDP データが Terminal Service を異常終了させる

Posted: 2001/10/18

JP307454

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q307454i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=33131

JP307454

Affected Products:

• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q307454_W2K_SP3_x86_en.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=33389

---

MS01-053 - ダウンロードされたアプリケーションが OS X の Internet Explorer 5.1 for Mac で実行される

Posted: 2001/10/23

JP311052

Affected Products:

• IE 5.1 for Macintosh
  • IE 5.1 for Macintosh Gold

Patch: MacIE501

• http://www.apple.com/macosx/upgrade/softwareupdates.html

---

MS01-054 - 無効なユニバーサル プラグ アンド プレイのリクエストがシステムのオペレーションを妨害する

Posted: 2001/11/01

Q311311

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: 309073USA8.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=34951

Q311311

Affected Products:

• Windows Me
  • Windows Me Gold

Patch: WinMEUPnP

• http://windowsupdate.microsoft.com

JP309521

Affected Products:

• Windows XP Home Edition
  • Windows XP Gold
• Windows XP Professional
  • Windows XP Gold

Patch: WinXPUPnP

• http://windowsupdate.microsoft.com

---

MS01-055 - 2001 年 11 月 13 日 Internet Explorer 用の累積的な修正プログラム

Posted: 2001/11/08

JP312461

Affected Products:

• Internet Explorer 6
  • Internet Explorer 6 Gold

Patch: q312461.exe

• http://www.microsoft.com/windows/ie/downloads/critical/q312461/default.asp

JP312461

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP2

Patch: Q312461.exe

• http://www.microsoft.com/windows/ie/downloads/critical/q312461/default.asp

---

MS01-056 - Windows Media Player の .ASF ファイル処理に、未チェックのバッファが含まれる

Posted: 2001/11/20

Q308567

Affected Products:

• Windows Media Player 7.1
  • Windows Media Player 7.1 Gold

Patch: wm308567.exe

• http://download.microsoft.com/download/winmediaplayer/Update/308567/WIN98MeXP/EN-US/wm308567.exe

Q308567

Affected Products:

• Windows Media Player 7.0
  • Windows Media Player 7.0 Gold

Patch: wM308567.exe

• http://download.microsoft.com/download/winmediaplayer/Update/308567/WIN98MeXP/EN-US/wm308567.exe

Q308567

Affected Products:

• Windows Media Player 6.4
  • Windows Media Player 6.4 Gold
• Windows Media Player 6.4 for Windows 2000
  • Windows Media Player 6.4 for Windows 2000 Gold

Patch: wm308567.Exe

• http://download.microsoft.com/download/winmediaplayer/Update/308567/WIN98MeXP/EN-US/wm308567.exe

Q309521

Affected Products:

• Windows Media Player for Windows XP
  • Windows Media Player for Windows XP Gold

Patch: WinXPUPnP

• http://windowsupdate.microsoft.com

Q308567

Affected Products:

• Windows Media Player 6.4 for Windows NT 4.0
  • Windows Media Player 6.4 for Windows NT 4.0 Gold

Patch: Wm308567.exe

• http://download.microsoft.com/download/winmediaplayer/Update/308567/WIN98MeXP/EN-US/wm308567.exe

---

MS01-057 - 特別な形式の HTML メールのスクリプトが Exchange 5.5 OWA で実行される

Posted: 2001/12/06

JP313576

Affected Products:

• Exchange Server 5.5
  • Exchange Server 5.5 SP4

Patch: Q313576i386.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=34402

---

MS01-058 - 2001 年 12 月 13 日 Internet Explorer 用の累積的な修正プログラム

Posted: 2001/12/13

JP313675

Affected Products:

• Internet Explorer 6
  • Internet Explorer 6 Gold

Patch: Q313675.exe

• http://www.microsoft.com/windows/ie/downloads/critical/Q313675/default.asp

JP313675

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP2

Patch: q313675.exe

• http://www.microsoft.com/windows/ie/downloads/critical/Q313675/default.asp

---

MS01-059 - ユニバーサル プラグ アンド プレイに含まれる未チェックのバッファによりシステムが侵害される

Posted: 2001/12/19

JP315000

Affected Products:

• Windows XP Home Edition
  • Windows XP Gold
• Windows XP Professional
  • Windows XP Gold

Patch: Q315000_WXP_SP1_x86_ENU.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=34951

Q315000

Affected Products:

• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold

Patch: 314941USA8.EXE

• http://www.microsoft.com/technet/security/bulletin

Q315000

Affected Products:

• Windows Me
  • Windows Me Gold

Patch: 314757USAM.EXE

• http://www.microsoft.com/technet/security/bulletin

---

MS01-060 - SQL Server テキスト フォーマット機能が未チェックのバッファを含む

Posted: 2001/12/20

JP304850

Affected Products:

• SQL Server 2000
  • SQL Server 2000 SP1

Patch: s80428i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=35067

JP304851

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 SP3

Patch: sql7

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=35685

---

MS02-001 - 信頼するドメインが認証データ内の SID (セキュリティ ID) のドメイン メンバシップを確認しない

Posted: 2002/01/22

JP311401

Affected Products:

• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Service Pack 2
• Windows 2000 Professional
  • Windows 2000 Service Pack 2

Patch: w2kSP2SRP1.exe

• http://www.microsoft.com/windows2000/downloads/critical/q311401/default.asp

JP311401

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Service Pack 2

Patch: w2kSP2SRP1.Exe

• http://www.microsoft.com/windows2000/downloads/critical/q311401/default.asp

JP317636

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q317636i.EXE

• http://www.microsoft.com/ntserver/terminalserver/downloads/critical/q317636/default.asp

---

MS02-002 - 不正なネットワーク リクエストにより Office v. X for Mac が異常終了する

Posted: 2002/02/06

JP317879

Affected Products:

• Office v. X for Mac
  • Office v. X for Mac Gold

Patch: MacPatch

• http://www.microsoft.com/mac/download

---

MS02-003 - Exchange 2000 System Attendant がレジストリ リモート アクセス権を不適切に設定する

Posted: 2002/02/07

JP316056

Affected Products:

• Exchange 2000 Server
  • Exchange 2000 SP2
• Exchange 2000 Enterprise Server
  • Exchange 2000 SP2

Patch: Q316056engi386.EXE

• http://www.microsoft.com/downloads/release.asp?ReleaseID=35462

---

MS02-004 - Telnet Server に含まれる未チェックのバッファにより、任意のコードが実行される

Posted: 2002/02/07

JP307298

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Interix 2.2
  • Interix 2.2 Gold

Patch: Q316056engi386.EXE

• http://www.microsoft.com/windows2000/downloads/security/q307298/default.asp

---

MS02-005 - 2002 年 2 月 11 日 Internet Explorer の累積的な修正プログラム

Posted: 2002/02/11

JP316059

Affected Products:

• Internet Explorer 6
  • Internet Explorer 6 Gold

Patch: q316059.exe

• http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp

JP316059

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP2

Patch: Q316059.exe

• http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp

JP316059

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP1

Patch: q316059.Exe

• http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp

JP316059

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP2

Patch: Q316059.Exe

• http://www.microsoft.com/windows/ie/downloads/critical/q316059/default.asp

---

MS02-006 - SNMP サービスに含まれる未チェックのバッファにより、任意のコードが実行される

Posted: 2002/02/12

JP314147

Affected Products:

• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Q314147i.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=36167

JP314147

Affected Products:

• Windows 95
  • Windows 95 Gold
  • Windows 95 SR 2.1
  • Windows 95 SR 2.5
• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Windows 98 SE
  • Windows 98se Gold
• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 4
  • Windows NT4 Terminal Server Service Pack 5
  • Windows NT4 Terminal Server Service Pack 6

Patch: nopatch

• http://www.microsoft.com/technet/security/bulletin

JP314147

Affected Products:

• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1
• Windows 2000 Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1
• Windows 2000 Professional
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1

Patch: Q314147_W2K_SP3_X86_EN.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=36142

JP314147

Affected Products:

• Windows XP Professional
  • Windows XP Gold
• Windows XP Home Edition
  • Windows XP Gold

Patch: Q314147_WXP_SP1_x86_ENU.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=36262

---

MS02-007 - SQL Server のリモート データ ソース関数に未チェックのバッファが含まれる

Posted: 2002/02/20

JP316333

Affected Products:

• SQL Server 2000
  • SQL Server 2000 SP2
• SQL Server Desktop Engine (MSDE) 2000
  • SQL Server Desktop Engine (MSDE) 2000 SP2

Patch: 8.00.0578.exe

• http://support.microsoft.com/default.aspx?scid=http://download.microsoft.com/download/SQLSVR2000/Update/8.00.0578/W982KMeXP/EN-US/8.00.0578.exe

JP318268

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 SP3
• SQL Server Desktop Engine (MSDE) 1.0
  • SQL Server 7.0 SP3

Patch: s71021a.exe

• http://support.microsoft.com/default.aspx?scid=http://download.microsoft.com/download/sql70/Update/s71021a/ALPHA/EN-US/s71021a.exe

---

MS02-008 - XMLHTTP コントロールにより、ローカル ファイルにアクセスすることができる

Posted: 2002/02/21

JP318202

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6
• Windows 2000 Professional
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
  • Windows 2000 Service Pack 3
• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows XP Home Edition
  • Windows XP Gold
• Windows XP Professional
  • Windows XP Gold

Patch: Q318202_MSXML20_x86_en.exe

• http://download.microsoft.com/download/xml/Patch/2.6/W9XNT4MeXP/EN-US/Q318202_MSXML20_x86.exe

JP318203

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6
• Windows 2000 Professional
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
  • Windows 2000 Service Pack 3
• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows XP Home Edition
  • Windows XP Gold
• Windows XP Professional
  • Windows XP Gold

Patch: Q318203_MSXML30_x86.exe

• http://download.microsoft.com/download/xml/Patch/3.0/W9XNT4MeXP/EN-US/Q318203_MSXML30_x86.exe

JP317244

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6
• Windows 2000 Professional
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 1
  • Windows 2000 Gold
  • Windows 2000 Service Pack 3
• Windows 2000 Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows 2000 Advanced Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows 2000 Datacenter Server
  • Windows 2000 Gold
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows XP Home Edition
  • Windows XP Gold
• Windows XP Professional
  • Windows XP Gold

Patch: msxml4qfe.exe

• http://download.microsoft.com/download/xml/Patch/Q317244/W9XNT4MeXP/EN-US/msxml4qfe.exe

---

MS02-009 - Internet Explorer の不正な VBScript 処理により Web ページがローカル ファイルを読み取る

Posted: 2002/02/21

JP318089

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP2
  • Internet Explorer 5.01 SP3

Patch: vbs51nen.exe

• http://www.microsoft.com/windows/ie/downloads/critical/q318089/default.asp

JP318089

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP1

Patch: vbs55nen.exe

• http://www.microsoft.com/windows/ie/downloads/critical/q318089/Default.asp

JP318089

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP2

Patch: Vbs55nen.exe

• http://www.microsoft.com/windows/ie/downloads/critical/q318089/default.Asp

JP318089

Affected Products:

• Internet Explorer 6
  • Internet Explorer 6 Gold

Patch: vbs56nen.exe

• http://www.microsoft.com/windows/ie/downloads/critical/q318089/Default.Asp

---

MS02-010 - ISAPI フィルタの未チェックのバッファにより、Commerce Server が攻撃を受ける

Posted: 2002/02/21

JP317615

Affected Products:

• Commerce Server 2000
  • Commerce Server 2000 SP2

Patch: tempcs

• http://www.microsoft.com/technet/security/bulletin

---

MS02-011 - 認証問題により、承認されていないユーザーが SMTP サービスに認証することができる

Posted: 2002/02/27

JP313450

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Service Pack 2

Patch: Q313450_W2K_SP3_X86_EN.Exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36556

JP289258

Affected Products:

• Exchange Server 5.5
  • Exchange Server 5.5 SP4

Patch: Q289258engi386.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=33423

---

MS02-012 - 不正なデータ送信リクエストにより Windows SMTP サービスが異常終了する

Posted: 2002/02/27

JP313450

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Service Pack 2

Patch: Q313450_W2K_SP3_X86_EN.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36556

JP313450

Affected Products:

• Windows XP Home Edition
  • Windows XP Gold
• Windows XP Professional
  • Windows XP Gold
• Internet Information Services 5.1
  • Windows XP Gold

Patch: Q313450_WXP_SP1_x86_ENU.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36636

---

MS02-013 - Java アプレットがブラウザ トラフィックをリダイレクトする

Posted: 2002/03/04

JP300845

Affected Products:

• Windows XP Professional
  • Windows XP Gold
• Windows XP Home Edition
  • Windows XP Gold
• Windows Me
  • Windows Me Gold
• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 4
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a
• Windows 98 SE
  • Windows 98se Gold
• Windows 98
  • Windows 98 Gold
  • Windows 98 SP1
• Microsoft Virtual Machine (VM)
  • Microsoft Virtual Machine (VM) Gold

Patch: msjavx86.exe

• http://www.microsoft.com/java/vm/dl_vm40.htm

JP300845

Affected Products:

• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Service Pack 2
• Windows 2000 Professional
  • Windows 2000 Service Pack 2

Patch: Q300845_W2K_SP3_X86_EN.exe

• http://www.microsoft.com/java/vm/dl_vm40.htm

---

MS02-014 - Windows Shell の未チェックのバッファにより、コードが実行される

Posted: 2002/03/07

JP313829

Affected Products:

• Windows 98 SE
  • Windows 98se Gold
• Windows 98
  • Windows 98 SP1
  • Windows 98 Gold

Patch: win9802-014

• http://www.microsoft.com/technet/security/bulletin

JP313829

Affected Products:

• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: Q313829i.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=36867

JP313829

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: q313829i.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=36869

JP313829

Affected Products:

• Windows 2000 Professional
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 2

Patch: Q313829_W2K_SP3_X86_EN.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=36880

---

MS02-015 - 2002年3月28日 Internet Explorer 用の累積的な修正プログラム

Posted: 2002/03/28

JP319182

Affected Products:

• Internet Explorer 6
  • Internet Explorer 6 Gold

Patch: q319182.exe

• http://download.microsoft.com/download/IE60/secpac26/6/W98NT42KMeXP/EN-US/q319182.exe

JP319182

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP2
  • Internet Explorer 5.01 SP3

Patch: Q319182.exe

• http://download.microsoft.com/download/ie501sp2/secpac26/5.01_sp2/W982KNT4/EN-US/q319182.exe

JP319182

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP1

Patch: q319182.Exe

• http://download.microsoft.com/download/ie55sp1/secpac26/5.5_sp1/WIN98Me/EN-US/q319182.exe

JP319182

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP2

Patch: Q319182.EXE

• http://download.microsoft.com/download/ie55sp2/secpac26/5.5_sp2/WIN98Me/EN-US/q319182.exe

---

MS02-016 - Q318593 : 読み取り専用アクセスのグループ ポリシー ファイルを開くと、ポリシーの適用が妨害される

Posted: 2002/04/04

JP318593

Affected Products:

• Windows 2000 Server
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 2

Patch: Q318593_W2K_SP3_X86_EN.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=36844

---

MS02-017 - Q311967: Multiple UNC Provider の未チェックのバッファによりコードが実行される

Posted: 2002/04/04

JP311967

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a

Patch: Q312895i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37630

JP311967

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: q312895i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37652

JP311967

Affected Products:

• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q311967_W2K_SP3_X86_EN.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37555

JP311967

Affected Products:

• Windows XP Professional
  • Windows XP Gold
• Windows XP Home Edition
  • Windows XP Gold

Patch: Q311967_WXP_SP1_x86_ENU.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37583

---

MS02-018 - Internet Information Services 用の累積的な修正プログラム (Q319733)

Posted: 2002/04/10

JP319733

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 5
  • Windows NT4 Service Pack 6a

Patch: Q319733i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37931

JP319733

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q319733_W2K_SP3_X86_EN.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37824

JP319733

Affected Products:

• Internet Information Services 5.1
  • Windows XP Gold

Patch: Q319733_WXP_SP1_x86_ENU.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=37857

JP319733

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q319733ts.exe

• http://www.microsoft.com/technet/security/bulletin

---

MS02-019 - Internet Explorer for Mac および Office for Mac の未チェックのバッファによってコードが実行される (Q321309)

Posted: 2002/04/16

JP321309

Affected Products:

• Excel v. X for Macintosh
  • Excel v. X for Macintosh Gold
• Excel 2001 for Macintosh
  • Excel 2001 for Macintosh Gold
• PowerPoint 2001 for Macintosh
  • PowerPoint 2001 for Macintosh Gold
• PowerPoint 98 for Macintosh
  • PowerPoint 98 for Macintosh Gold
• PowerPoint v. X for Macintosh
  • PowerPoint v. X for Macintosh Gold
• Internet Explorer 5.1 for Machintosh OS 8 and 9
  • Internet Explorer 5.1 for Machintosh OS 8 and 9 Gold
• Internet Explorer 5.1 for Macintosh OS X
  • Internet Explorer 5.1 for Macintosh OS X Gold
• Entourage 2001 for Macintosh
  • Entourage 2001 for Macintosh Gold
• Entourage v. X for Macintosh
  • Entourage v. X for Macintosh Gold
• Outlook Express 5 for Macintosh
  • Outlook Express 5 for Macintosh Gold

Patch: macpatches

• http://www.microsoft.com/technet/security/bulletin

---

MS02-020 - SQL 拡張プロシージャ機能に未チェックのバッファが含まれる (Q319507)

Posted:

JP318268

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 SP3
• SQL Server Desktop Engine (MSDE) 1.0
  • SQL Server 7.0 SP3

Patch: 7.00.1030_SQL7_sp3_x86_enu.exe

• http://download.microsoft.com/download/sql70/Patch/SP3/WIN98MeXP/EN-US/7.00.1030_SQL7_sp3_x86_enu.exe

JP316333

Affected Products:

• SQL Server Desktop Engine (MSDE) 2000
  • SQL Server Desktop Engine (MSDE) 2000 SP2
• SQL Server 2000
  • SQL Server 2000 SP2

Patch: 8.00.0608_SQL2K_sp2_x86_enu.exe

• http://download.microsoft.com/download/SQLSVR2000/Patch/SP2/WIN98MeXP/EN-US/8.00.0608_SQL2K_sp2_x86_enu.exe

---

MS02-021 - 電子メール エディタの問題により、返信または転送でスクリプトが実行される

Posted:

Q320441

Affected Products:

• Word 2002
  • Word 2002 Gold

Patch: wrd1003.exe

• http://rputools/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-021.asp

Q320536

Affected Products:

• Word 2000
  • Word 2000 Gold
  • Office 2000 SR-1
  • Office 2000 SR-1a
  • Office 2000 Service Pack 2

Patch: wrd0901.exe

• http://office.microsoft.com/downloads/2000/wrd0901.aspx

---

MS02-022 - MSN チャット コントロールの未チェックのバッファによりコードが実行される (Q321661) (MS02-022)

Posted: 2002/05/08

JP321661

Affected Products:

• MSN Messenger
  • MSN Messenger Gold

Patch: messenger

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38790

---

MS02-023 - 2002 年 5 月 15 日 Internet Explorer 用の累積的な修正プログラム (Q321232) (MS02-023)

Posted: 2002/05/15

JP321232

Affected Products:

• Internet Explorer 6
  • Internet Explorer 6 Gold

Patch: q321232.exe

• http://www.microsoft.com/windows/ie/downloads/critical/Q321232/default.asp

JP321232

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP2

Patch: Q321232.exe

• http://www.microsoft.com/windows/ie/downloads/critical/Q321232/default.asp

JP321232

Affected Products:

• Internet Explorer 5.5
  • Internet Explorer 5.5 SP1

Patch: Q321232.Exe

• http://www.microsoft.com/windows/ie/downloads/critical/Q321232/default.asp

JP321232

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP2
  • Internet Explorer 5.01 SP3

Patch: q321232.Exe

• http://www.microsoft.com/windows/ie/downloads/critical/Q321232/default.asp

---

MS02-024 - Windows Debugger の認証問題により、アクセス権が昇格する (Q320206)

Posted: 2002/05/22

JP320206

Affected Products:

• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q320206_W2K_SP4_X86_EN.exe

• http://download.microsoft.com/download/win2000platform/Patch/Q320206/NT5/EN-US/Q320206_W2K_SP4_X86_EN.exe

JP320206

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a

Patch: Q320206i.exe

• http://download.microsoft.com/download/winntsp/Patch/Q320206/NT4/EN-US/Q320206i.exe

JP320206

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: q320206i.exe

• http://download.microsoft.com/download/winntterminal/Patch/Q320206/NT4/EN-US/Q320206i.exe

---

MS02-025 - 不正なメール属性により Exchange 2000 が CPU リソースを使い果たす (Q320436)

Posted: 2002/05/28

JP320436

Affected Products:

• Exchange 2000 Server
  • Exchange 2000 SP2
• Exchange 2000 Enterprise Server
  • Exchange 2000 SP2

Patch: Q320436enui386.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38951

---

MS02-026 - ASP.NET ワーカー プロセスに未チェックのバッファが含まれる (Q322289)

Posted: 2002/06/06

JP322289

Affected Products:

• .NET Framework
  • .NET Framework Gold

Patch: NDP10_QFEM_Q322289_En.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=39298

---

MS02-027 - Gopher プロトコル ハンドラの未チェックのバッファにより、攻撃者の任意のコードが実行される (Q323889)

Posted: 2002/06/11

JP323889

Affected Products:

• Internet Explorer 5.01
  • Internet Explorer 5.01 SP2
• Internet Explorer 5.5
  • Internet Explorer 5.5 SP1
  • Internet Explorer 5.5 SP2
• Internet Explorer 6
  • Internet Explorer 6 Gold

Patch: Placeholder IE

• http://www.microsoft.com/technet/security/bulletin

JP323889

Affected Products:

• Proxy Server 2.0
  • Proxy Server 2.0 Gold

Patch: 29106_ENU_i386_zip.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=39861

JP323889

Affected Products:

• ISA Server 2000
  • ISA Server 2000 SP1

Patch: isahf177.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=39856

---

MS02-028 - HTR のチャンクされたエンコードのヒープ オーバーランにより Web サーバーのセキュリティが侵害される (Q321599)

Posted: 2002/06/11

JP321599

Affected Products:

• Internet Information Services 5.0
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q321599_W2K_SP4_X86_EN.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=39217

JP321599

Affected Products:

• Internet Information Server 4.0
  • Windows NT4 Service Pack 6a

Patch: Q321599i.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=39579

---

MS02-029 - リモート アクセス サービスの電話帳の未チェックのバッファによりコードが実行される (Q318138)

Posted: 2002/06/11

JP318138

Affected Products:

• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Professional
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2
• Windows 2000 Server
  • Windows 2000 Service Pack 1
  • Windows 2000 Service Pack 2

Patch: Q318138_W2K_SP3_X86_EN.exe

• http://download.microsoft.com/download/win2000platform/Patch/Q318138/NT5/EN-US/Q318138_W2K_SP3_X86_EN.exe

JP318138

Affected Products:

• Windows XP Home Edition
  • Windows XP Gold
• Windows XP Professional
  • Windows XP Gold

Patch: Q318138_WXP_SP1_x86_ENU.exe

• http://www.microsoft.com/downloads/release.asp?ReleaseID=38833

JP318138

Affected Products:

• Windows NT Server 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Workstation 4.0
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, Enterprise Edition
  • Windows NT4 Service Pack 6a

Patch: Q318138i.exe

• http://www.microsoft.com/ntserver/nts/downloads/security/q318138/default.asp

JP318138

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition
  • Windows NT4 Terminal Server Service Pack 6

Patch: q318138i.exe

• http://www.microsoft.com/ntserver/terminalserver/downloads/security/q318138/default.asp

JP318138

Affected Products:

• Windows NT Server 4.0, Enterprise Edition, RRAS
  • Windows NT4 Service Pack 6a
• Windows NT Server 4.0, RRAS
  • Windows NT4 Service Pack 6a
• Windows NT Workstation 4.0, RRAS
  • Windows NT4 Service Pack 6a

Patch: Q318138i.Exe

• http://www.microsoft.com/ntserver/nts/downloads/security/q318138/default.asp

JP318138

Affected Products:

• Windows NT Server 4.0, Terminal Server Edition RRAS
  • Windows NT4 Terminal Server Service Pack 6

Patch: Q318138i.EXE

• http://www.microsoft.com/ntserver/terminalserver/downloads/security/q318138/default.asp

---

MS02-030 - SQLXML の未チェックのバッファによりコードが実行される (Q321911)

Posted: 2002/06/12

JP321911

Affected Products:

• SQL Server 2000
  • SQL Server 2000 SP2
• MDAC 2.6
  • MDAC2.6 Gold

Patch: Q321858_SQL_Security_MDAC26.exe

• http://download.microsoft.com/download/SQLSVR2000/SQLXML/Q321858/NT45XP/EN-US/Q321858_SQL_Security_MDAC26.exe

JP321911

Affected Products:

• MDAC 2.7
  • MDAC2.7 Gold
• SQL Server 2000
  • SQL Server 2000 SP2

Patch: Q321858_SQL_Security_MDAC27.exe

• http://download.microsoft.com/download/SQLSVR2000/SQLXML/Q321858/NT45XP/EN-US/Q321858_SQL_Security_MDAC27.exe

JP321911

Affected Products:

• SQL Server 2000
  • SQL Server 2000 SP2

Patch: SQLXML2_Q321460.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38480

JP321911

Affected Products:

• SQL Server 2000
  • SQL Server 2000 SP2

Patch: SQLXML3_Q320833.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=38481

---

MS02-031 - Excel for Windows および Word for Windows 用の累積的な修正プログラム (Q324458)

Posted: 2002/06/19

JP324126

Affected Products:

• Excel 2000
  • Office 2000 SR-1a
• Office 2000
  • Office 2000 SR-1a

Patch: exc0901.exe

• http://download.microsoft.com/download/Excel2000/Patch/exc0901/W982KMeXP/EN-US/exc0901.exe

JP323548

Affected Products:

• Office XP
  • Office XP SP1
• Excel 2002
  • Office XP SP1

Patch: exc1002.exe

• http://download.microsoft.com/download/Excel2002/Patch/exc1002/W982KMeXP/EN-US/exc1002.exe

JP323547

Affected Products:

• Office XP
  • Office XP SP1
• Word 2002
  • Office XP SP1

Patch: wrd1004.exe

• http://download.microsoft.com/download/Word2002/Patch/wrd1004/W982KMeXP/EN-US/wrd1004.exe

---

MS02-032 - 2002 年 6 月 26 日 Windows Media Player 用の累積的な修正プログラム (Q320920)

Posted: 2002/06/26

JP320920

Affected Products:

• Windows Media Player 6.4
  • Windows Media Player 6.4 Gold
• Windows Media Player 6.4 for Windows 2000
  • Windows Media Player 6.4 for Windows 2000 Gold

Patch: wm320920_64.exe

• http://download.microsoft.com/download/winmediaplayer/Update/320920/W98NT42KMe/EN-US/wm320920_64.exe

JP320920

Affected Products:

• Windows Media Player 6.4 for Windows NT 4.0
  • Windows Media Player 6.4 for Windows NT 4.0 Gold

Patch: Wm320920_64.exe

• http://download.microsoft.com/download/winmediaplayer/Update/320920/W98NT42KMe/EN-US/wm320920_64.exe

JP320920

Affected Products:

• Windows Media Player 7.1
  • Windows Media Player 7.1 Gold

Patch: wm320920_71.exe

• http://download.microsoft.com/download/winmediaplayer/Update/320920/W982KMe/EN-US/wm320920_71.exe

JP320920

Affected Products:

• Windows Media Player for Windows XP
  • Windows Media Player for Windows XP Gold

Patch: wm320920_8.exe

• http://download.microsoft.com/download/winmediaplayer/Update/320920/WXP/EN-US/wm320920_8.exe

---

MS02-033 - プロファイル サービスの未チェックのバッファにより Commerce Server でコードが実行される (Q322273)

Posted: 2002/06/26

JP322273

Affected Products:

• Commerce Server 2000
  • Commerce Server 2000 Gold
  • Commerce Server 2000 SP2
• Commerce Server 2002
  • Commerce Server 2002 Gold

Patch: tempcs2

• http://download.microsoft.com/download/comserver/Patch/1.1/NT5/EN-US/Q322273_EN.EXE

---

MS02-034 - SQL Server 用の累積的な修正プログラム (Q316333)

Posted: 2002/07/10

JP316333

Affected Products:

• SQL Server 2000
  • SQL Server 2000 SP2
• SQL Server Desktop Engine (MSDE) 2000
  • SQL Server Desktop Engine (MSDE) 2000 SP2

Patch: 8.00.0650_enu.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=40474

---

MS02-035 - SQL Server のインストール プロセスで、パスワードがシステムに残る (Q263968)

Posted: 2002/07/10

JP263968

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 Gold
  • SQL Server 7.0 SP1
  • SQL Server 7.0 SP3
  • SQL Server 7.0 SP4

Patch: SQLKillPwd.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=40205

JP263968

Affected Products:

• SQL Server 2000
  • SQL Server 2000 Gold
  • SQL Server 2000 SP1
  • SQL Server 2000 SP2

Patch: SQL2kKillPwd.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=40206

---

MS02-036 - Microsoft Metadirectory Services の認証問題により、権限が昇格する (Q317138)

Posted: 2002/07/24

JP317138

Affected Products:

• Microsoft Metadirectory Services 2.2
  • Microsoft Metadirectory Services 2.2 SP1

Patch: Q317138.EXE

• http://download.microsoft.com/download/mms22/Patch/Q317138/NT5/EN-US/Q317138.EXE

---

MS02-037 - SMTP クライアント EHLO コマンドへのサーバー応答で、バッファ オーバーランが発生する (Q326322)

Posted: 2002/07/24

JP326322

Affected Products:

• Exchange Server 5.5
  • Exchange Server 5.5 SP4

Patch: Q326322enui386.EXE

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=40666

---

MS02-038 - SQL Server 2000 ユーティリティの未チェックのバッファにより、コードが実行される (Q316333)

Posted: 2002/07/24

JP316333

Affected Products:

• SQL Server 2000
  • SQL Server 2000 SP2
• SQL Server Desktop Engine (MSDE) 2000
  • SQL Server Desktop Engine (MSDE) 2000 SP2

Patch: 8.00.0655_enu.exe

• http://download.microsoft.com/download/SQLSVR2000/Update/8.00.0655/W98NT42KMeXP/EN-US/8.00.0655_enu.exe

---

MS02-039 - SQL Server 2000 解決サービスのバッファのオーバーランにより、コードが実行される (Q323875)

Posted: 2002/07/24

JP323875

Affected Products:

• SQL Server 2000
  • SQL Server 2000 SP2

Patch: Q319243_MDAC27_x86.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=40602

---

MS02-040 - MDAC 機能の未チェックのバッファにより、SQL Server が侵害される (Q326573)

Posted: 2002/07/30

JP326573

Affected Products:

• MDAC 2.5
  • MDAC 2.5 SP2
• SQL Server 7.0
  • SQL Server 7.0 SP4

Patch: Q323264_MDAC25_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=41076

JP326573

Affected Products:

• MDAC 2.6
  • MDAC 2.6 SP2
• SQL Server 2000
  • SQL Server 2000 SP2
• SQL Server 7.0
  • SQL Server 7.0 SP4

Patch: Q323266_MDAC26_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=41077

JP326573

Affected Products:

• MDAC 2.7
  • MDAC2.7 Gold
• SQL Server 2000
  • SQL Server 2000 SP2
• SQL Server 7.0
  • SQL Server 7.0 SP4

Patch: Q323263_MDAC27_x86_en.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=41072

---

MS02-041 - Content Management Server の未チェックのバッファにより、サーバーが侵害される (Q326075)

Posted:

JP326075

Affected Products:

• Content Management Server 2001
  • Content Management Server 2001 SP1

Patch: mcms2001srp1.exe

• http://www.microsoft.com/Downloads/Release.asp?ReleaseID=41266

---

MS02-042 - 接続マネージャの問題により、権限が昇格する (Q326886)

Posted: 2002/08/15

Q326886

Affected Products:

• Windows 2000 Advanced Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows 2000 Datacenter Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows 2000 Professional
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3
• Windows 2000 Server
  • Windows 2000 Service Pack 2
  • Windows 2000 Service Pack 3

Patch: Q326886_W2K_SP4_X86_EN.exe

• http://www.microsoft.com/Release.asp?ReleaseID=41406

---

MS02-043 - SQL Server 用の累積的な修正プログラム (Q316333)

Posted: 2002/08/15

Q327068

Affected Products:

• SQL Server 7.0
  • SQL Server 7.0 SP4
• SQL Server Desktop Engine (MSDE) 1.0
  • SQL Server 7.0 SP4

Patch: 7.00.1076_enu.exe

• http://www.microsoft.com/Release.asp?ReleaseID=Q327068

Q316333

Affected Products:

• SQL Server 2000
  • SQL Server 2000 SP2
• SQL Server Desktop Engine (MSDE) 2000
  • SQL Server Desktop Engine (MSDE) 2000 SP2

Patch: 8.00.0667_enu.exe

• http://www.microsoft.com/Release.asp?ReleaseID=Q316333

---