Mssecure - 2003-10-04
Source: mssecure.cab
Data Updated: 10/3/2003
Data Version: 1.0.1.501
MSBA/Tool Version: 1.1.1 3.32
MS98-001 - Disabling Creation of Local Groups on a Domain by Non-Administrative Users
Posted: 1998/06/01
169556
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: CREATALS_x86.exe
MS98-002 - Error Message Vulnerability Against Secured Internet Servers
Posted: 1998/06/26
148427
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Exchange Server 5.5
- Exchange Server 5.5 Gold
- Exchange Server 5.5 SP1
Patch: ssl-fixi.exe
MS98-003 - File Access Issue with Windows NT Internet Information Server
Posted: 1998/07/02
188806
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
Patch: iis3fixi.exe
188806
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Personal Web Server 4.0
- Windows NT4 Service Pack 3
Patch: iis4fixi.exe
MS98-004 - Unauthorized ODBC Data Access with RDS and IIS
Posted: 1998/07/14
184375
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q184375
MS98-005 - Unwanted Data Issue with Office 98 for the Macintosh
Posted: 1998/07/17
189529
Affected Products:
- Office 98 for Macintosh
- Office 98 for Macintosh Gold
Patch: 98-005
MS98-006 - Potential Denial-of-Service in IIS FTP Server due to Passive Connections
Posted: 1998/07/23
189262
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
Patch: ftpfix4i.exe
189262
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
Patch: ftpfix3i.exe
MS98-007 - Potential SMTP and NNTP Denial-of-Service Vulnerabilities
Posted: 1998/07/24
188369
Affected Products:
- Exchange Server 5.0
- Exchange Server 5.0 SP1
- Exchange Server 5.0 SP2
Patch: psp2stri.exe
188341
Affected Products:
- Exchange Server 5.0
- Exchange Server 5.0 SP1
- Exchange Server 5.0 SP2
Patch: psp2imsi.exe
188341
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 Gold
Patch: MS98-007
MS98-008 - Long file name Security Issue affecting Microsoft Outlook 98 and Microsoft Outlook Express 4.x
Posted: 1998/07/27
175807
Affected Products:
- Outlook 98
- Outlook 98 Gold
Patch: outptch2.exe
175807
Affected Products:
- Outlook Express 4.01
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 Gold
Patch: oelong
MS98-009 - Windows NT Privilege Elevation Attack
Posted: 1998/07/27
190288
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
Patch: privfixi.exe
MS98-010 - Information on the Back Orifice Program
Posted: 1998/08/04
237280
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: MS98-010
MS98-011 - Window.External JScript Vulnerability in Microsoft Internet Explorer 4.0
Posted: 1998/08/17
191200
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
Patch: jscript.asp
Posted: 1998/09/04
168485
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
Patch: xframe.asp
MS98-015 - Untrusted Scripted Paste Issue in Microsoft Internet Explorer 4.01
Posted: 1998/10/16
169245
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
Patch: paste.asp
MS98-016 - Dotless IP Address Issue in Microsoft Internet Explorer 4
Posted: 1998/10/23
168617
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP1
Patch: dotless.asp
MS98-019 - IIS GET Vulnerability
Posted: 1998/12/21
192296
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
Patch: infget4i.exe
192296
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 4
Patch: infget3i.exe
MS98-018 - Excel CALL Vulnerability
Posted: 1998/12/10
196791
Affected Products:
- Office 97
- Office 97 SR-2/SR-2b
- Excel 97
- Office 97 SR-2/SR-2b
Patch: Xl8p9pkg
MS98-020 - Frame Spoof Vulnerability
Posted: 1998/12/23
167614
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP1
Patch: spoof.asp
MS98-017 - Named Pipes Over RPC Vulnerability
Posted: 1998/11/19
195733
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: nprpcfxi.exe
- ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP4/archive/nprpc-fix/
MS98-012 - Updates available for Security Vulnerabilities in Microsoft PPTP
Posted: 1998/08/18
189771
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
Patch: dun40.exe
189595
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
Patch: pptpfixi.exe
189594
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
Patch: rrasfixi.exe
154091
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: msdun13.exe
MS98-014 - RPC Spoofing Denial of Service on Windows NT
Posted: 1998/09/29
193233
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
Patch: snk-fixi.exe
193233
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT 4 Terminal Server Gold
Patch: Snk-fixi.exe
MS99-001 - Exposure in Forms 2.0 TextBox Control that allows data to be read from user's Clipboard
Posted: 1999/01/21
214757
Affected Products:
- Office 97
- Office 97 SR-2/SR-2b
- Outlook 98
- Office 97 SR-2/SR-2b
- Project 98
- Office 97 SR-2/SR-2b
- Visual Basic 5.0
- Visual Basic 5.0 Gold
- Word 97
- Office 97 SR-2/SR-2b
- Excel 97
- Office 97 SR-2/SR-2b
- PowerPoint 97
- Office 97 SR-2/SR-2b
Patch: fm2paste.exe
MS99-002 - Word 97 Template Vulnerability
Posted: 1999/01/21
214652
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: Wd97SP.EXE
MS99-003 - IIS Malformed FTP List Request Vulnerability
Posted: 1999/02/03
188348
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
Patch: ftpls3i.exe
188348
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
Patch: ftpls4i.exe
MS99-007 - Taskpads Scripting Vulnerability
Posted: 1999/02/22
218619
Affected Products:
- Windows 98 Resource Kit
- Windows 98 Resource Kit Gold
- Windows 98 Resource Kit Sampler
- Windows 98 Resource Kit Sampler Gold
Patch: tmcpatch.exe
218619
Affected Products:
- BackOffice Resource Kit SE
- BackOffice Resource Kit SE Gold
Patch: itmcpatch.exe
MS99-010 - File Access Vulnerability in Personal Web Server
Posted: 1999/03/26
217763
Affected Products:
- Personal Web Server 4.0
- Personal Web Server 4.0 Gold
Patch: Pwssecup.exe
216453
Affected Products:
- FrontPage 98 Personal Web Server 1.0
- FrontPage 98 Personal Web Server 1.0 Gold
Patch: fppws98.exe
217765
Affected Products:
- FrontPage 97 Personal Web Server 1.0
- FrontPage 97 Personal Web Server 1.0 Gold
Patch: Q217765
MS99-005 - BackOffice Server 4.0 Does Not Delete Installation Setup File
Posted: 1999/02/12
217004
Affected Products:
- BackOffice Server 4.0
- BackOffice Server 4.0 Gold
Patch: Q217004
MS99-004 - Authentication Processing Error in Windows NT 4.0 Service Pack 4
Posted: 1999/02/08
214840
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: msv-fixi.exe
MS99-006 - Windows NT Known DLLs List Vulnerability
Posted: 1999/02/19
218473
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: Smssfixi.exe
218473
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT 4 Terminal Server Gold
Patch: Smssfixi.Exe
MS99-008 - Windows NT Screen Saver Vulnerability
Posted: 1999/03/12
221991
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: Scrnsavi.exe
221991
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT 4 Terminal Server Gold
Patch: Scrnsavi.Exe
MS99-009 - Malformed Bind Request Vulnerability
Posted: 1999/03/16
221989
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP2
Patch: PSP2DIRI.EXE
MS99-013 - File Viewers Vulnerability
Posted: 1999/05/07
232449
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
Patch: fix2450i.exe
231656
Affected Products:
- Site Server 3.0, Commerce Edition
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
Patch: viewfixi.exe
MS99-015 - Malformed Help File Vulnerability
Posted: 1999/05/17
231605
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: winhlp-i.exe
MS99-016 - Malformed Phonebook Entry Vulnerability
Posted: 1999/05/20
230677
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
Patch: rasffixi.exe
MS99-017 - RAS and RRAS Password Vulnerability
Posted: 1999/05/27
230681
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: raspassword-fix
233303
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: rpwdfixi.exe
MS99-020 - Malformed LSA Request Vulnerability
Posted: 1999/06/23
231457
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
Patch: lsareqi.exe
231457
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
Patch: lsareqi.Exe
MS99-021 - CSRSS Worker Thread Exhaustion Vulnerability
Posted: 1999/06/23
233323
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: csrssfxi.exe
MS99-023 - Malformed Image Header Vulnerability
Posted: 1999/06/30
234557
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
Patch: krnlifxi.exe
234557
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
Patch: Krnlifxi.exe
MS99-024 - Unprotected IOCTLs Vulnerability
Posted: 1999/07/06
On a terminal server, such a program could disable the keyboard and mouse on the console.
236359
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: ioctlfxi.exe
236359
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
Patch: Ioctlfxi.exe
MS99-025 - Unauthorized Access to IIS Servers through ODBC Data Access with RDS
Posted: 1999/07/17
184375
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q184375
MS99-026 - Malformed Dialer Entry Vulnerability
Posted: 1999/07/29
237185
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: dialrfxi.exe
237185
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
Patch: Dialrfxi.exe
MS99-027 - Encapsulated SMTP Address Vulnerability
Posted: 1999/08/06
237927
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP2
Patch: psp2imci.zip
MS99-028 - Terminal Server Connection Request Flooding Vulnerability
Posted: 1999/08/09
228724
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: tsmemfxi.exe
MS99-029 - Malformed HTTP Request Header Vulnerability
Posted: 1999/08/11
238349
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: vdext4i.exe
MS99-031 - Virtual Machine Sandbox Vulnerability
Posted: 1999/08/25
240346
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: msjavx86.exe
MS99-034 - Fragmented IGMP Packet Vulnerability
Posted: 1999/09/03
238329
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: igmpfixi.exe
238329
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: Igmpfixi.exe
238453
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 238453US5.exe
238453
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 238453US8.EXE
MS99-036 - Windows NT 4.0 Does Not Delete Unattended Installation File
Posted: 1999/09/10
155197
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: MS99-036
MS99-038 - Spoofed Route Pointer Vulnerability
Posted: 1999/09/20
238453
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
Patch: ipsrfixi.exe
MS99-039 - Domain Resolution and FTP Download Vulnerabilities
Posted: 1999/09/23
241805
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: iprftp4i.exe
241562
Affected Products:
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.5 Gold
Patch: q242559.exe
MS99-041 - RASMAN Security Descriptor Vulnerability
Posted: 1999/09/30
242294
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: fixrasi.exe
242294
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT4 Terminal Server Service Pack 5
Patch: fixrasi.Exe
MS99-045 - Virtual Machine Verifier Vulnerability
Posted: 1999/10/21
244283
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: msjavx86.exe
MS99-046 - Improve TCP Initial Sequence Number Randomness
Posted: 1999/10/22
243835
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: q243835sp5i.exe
243835
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q243835i.exe
243835
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: Q243835i.EXE
MS99-047 - Malformed Spooler Request Vulnerability
Posted: 1999/11/04
243649
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q243649.exe
MS99-050 - Server-side Page Reference Redirect Vulnerability
Posted: 1999/12/08
246094
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q246094.exe
256094
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q246094.exe
246094
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q246094.Exe
MS99-055 - Malformed Resource Enumeration Argument Vulnerability
Posted: 1999/12/09
The primary effect of the failure is to cause named pipes to fail, which prevents many other system services from operating.
246045
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q246045.EXE
MS99-056 - Syskey Keystream Reuse Vulnerability
Posted: 1999/12/16
248183
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q248183.EXE
248183
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 4
Patch: Q248183ts.exe
MS99-057 - Malformed Security Identifier Request Vulnerability
Posted: 1999/12/16
248183
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q248183.EXE
MS00-001 - Malformed IMAP Request Vulnerability
Posted: 2000/01/04
246731
Affected Products:
- Microsoft Commercial Internet System 2.0
- Microsoft Commercial Internet System 2.0 Gold
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.5 Gold
Patch: q246731engi.EXE
MS00-002 - Malformed Conversion Data Vulnerability
Posted: 2000/01/20
249881
Affected Products:
- Word 98
- Word 98 Gold
- PowerPoint 98
- PowerPoint 98 Gold
- Word 97
- Word 97 Gold
Patch: WW5Pkg.exe
249881
Affected Products:
- Word 2000
- Word 2000 Gold
- PowerPoint 2000
- PowerPoint 2000 Gold
Patch: WW5pkg.exe
MS00-003 - Spoofed LPC Port Request Vulnerability
Posted: 2000/01/12
247869
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q247869i.EXE
MS00-004 - RDISK Registry Enumeration File Vulnerability
Posted: 2000/01/21
The RDISK utility is used to create an Emergency Repair Disk (ERD) in order to record machine state information as a contingency against system failure. During execution, RDISK creates a temporary file containing an enumeration of the registry. The ACLs on the file allow global read permission, and as a result, a malicious user who knew that the administrator was running RDISK could open the file and read the registry enumeration information as it was being created. RDISK erases the file upon successful completion, so under normal conditions there would be no lasting vulnerability.By default, the file is not shared and therefore could not be read by other network user
249108
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q249108i.exe
249108
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 4
Patch: q249108i.EXE
MS00-005 - Malformed RTF Control Word Vulnerability
Posted: 2000/01/17
249973
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q249973i.EXE
249973
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.5
- Windows 95 SR 2.1
Patch: 249973USA5.exe
249973
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 249973USA8.exe
249973
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
Patch: q249973ts.exe
MS00-006 - Malformed Hit-Highlighting Argument Vulnerability
Posted: 2000/01/26
The first vulnerability is the "Malformed Hit-Highlighting Argument" vulnerability. The ISAPI filter that implements the hit-highlighting (also known as "WebHits") functionality does not adequately constrain what files can be requested. By providing a deliberately-malformed argument in a request to hit-highlight a document, it is possible to escape the virtual directory. This would allow any file residing on the server itself, and on the same logical drive as the web root directory, to be retrieved regardless of permissions. This variant could allow the source of server-side files such as .ASP files to be read. The new variant affects only Index Server 2.0, and Windows 2000 customers who applied the original patch were never at risk from it. The second vulnerability involves the error message that is returned when a user requests a non-existent Internet Data Query file. The error message provides the physical path to the web directory that was contained in the request. Although this vulnerability would not allow a malicious user to alter or view any data, it could be a valuable reconnaissance tool for mapping the file structure of a web server. This variant could allow a malicious user to read files. The variant was eliminated by the original patch, and customers who applied the original version of the patch were never at risk from it. Indexing Services in Windows 2000 is affected only by the "Malformed Hit-Highlighting" vulnerability - it is not affected by the second vulnerability.
251170
Affected Products:
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: Q251170_W2K_SP1_X86_en.EXE
252463
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Index Server 2.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q252463i.EXE
MS00-007 - Recycle Bin Creation Vulnerability
Posted: 2000/02/01
The Windows NT Recycle Bin for a given user maps to a folder, whose name is based on the owner's SID. The folder is created the first time the user deletes a file, and the owner is given sole permissions to it. However, if a malicious user could create the folder before the bona fide one were created, he or she could assign any desired permissions to it. This would allow him or her to create, modify or delete files in the Recycle Bin
248399
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: q248399i.exe
MS00-008 - Registry Permissions Vulnerability
Posted: 2000/03/09
259496
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q259496i.exe
MS00-011 - VM File Reading Vulnerability
Posted: 2000/02/18
The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.x and Internet Explorer 5.x contains a security vulnerability that could allow a Java applet to operate outside the bounds set by the sandbox. A malicious user could write a Java applet that could read - but not change, delete or add - files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet.
253562
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- Windows Me
- Windows Me Gold
Patch: msjavx86.exe
287030
Affected Products:
- Microsoft Virtual Machine (VM)
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_EN.exe
MS00-021 - Malformed TCP/IP Print Request Vulnerability
Posted: 2000/03/30
A specially-malformed print request could cause TCPSVC.EXE to crash, which would not only prevent the server from providing printing services, but also would stop several other services, most importantly DHCP.
257870
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q257870i.EXE
257870
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: Q257870_W2K_SP1_x86_en.EXE
257870
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q257870ts.exe
MS00-020 - Desktop Separation Vulnerability
Posted: 2000/06/15
By design, processes are constrained to run within a windows station, and the threads in the process run in one or more desktops. A process in one windows station should not be able to access desktops belonging to another windows station. However, due to an implementation error, this could happen under very specific circumstances. This could allow a process belonging to a low-privilege user to view inputs or output that belong to another desktop within the same session, and potentially obtain information such as passwords
260197
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: q260197_w2k_sp1_x86_en.exe
MS00-026 - Mixed Object Access Vulnerability
Posted: 2000/04/20
Active Directory allows for access control of directory objects on a per-attribute basis. However, the vulnerability at issue here could allow a malicious user to modify object attributes that he does not have permission to modify, as long as he combined the operation in a particular way with ones involving attributes that he does have permission to modify.The vulnerability does not afford the malicious user an opportunity to modify all objects in a class ? only the specific class objects for which he has permission to modify at least one attribute. Further, the vulnerability provides no capability to bypass normal authentication or Windows 2000 auditing, so administrators could determine if this vulnerability were being exploited, and by wh
259401
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: q259401_w2k_sp1_x86_en.exe
MS00-027 - Malformed Environment Variable Vulnerability
Posted: 2000/04/20
CMD.EXE, the command processor for Windows NT 4.0 and Windows 2000, has an unchecked buffer in part of the code that handles environment strings. It could be used to mount denial of service attacks in certain cases. If a server provides batch or other script files, a malicious user could potentially provide arguments that would create an extremely large environment string and overflow the buffer. This would cause the process to fail, and the memory allocated to the process would not be made available again until a dialogue had been cleared on the operator's console. By repeatedly running the batch file, the malicious user could potentially make some or all of the memory on the server temporarily unavailabl
259622
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q259622i.exe
259622
Affected Products:
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: q259622_w2k_sp1_x86_en.exe
259622
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q259622i.EXE
MS00-029 - IP Fragment Reassembly Vulnerability
Posted: 2000/05/19
The affected systems contain a flaw in the code that performs IP fragment reassembly. If a continuous stream of fragmented IP datagrams with a particular malformation were sent to an affected machine, it could be made to devote most or all of its CPU availability to processing them. The data rate needed to completely deny service varies depending on the machine and network conditions, but in most cases even relatively moderate rates would suffice.The vulnerability would not allow a malicious user to compromise data on the machine or usurp administrative control over it. Although it has been reported that the attack in some cases will cause an affected machine to crash, affected machines in all Microsoft testing returned to normal service shortly after the fragments stopped arriving. Machines protected by a proxy server or a firewall that drops fragmented packets would not be affected by this vulnerability. The machines most likely to be affected by this vulnerability would be machines located on the edge of a network such as web servers or proxy servers
259728
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q259728i.EXE
259728
Affected Products:
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
Patch: Q259728_W2K_SP1_x86_en.EXE
259728
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q259728i.EXE
259728
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 259728USA5.EXE
259728
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 259728USA8.EXE
MS00-032 - Protected Store Key Length Vulnerability
Posted: 2000/06/01
By design, the Protected Store should always encrypt the information using the strongest cryptography available on the machine. An attacker would need to gain complete administrative control over the machine that houses the Protected Store in order to gain access to it, and even then would still need to mount a brute-force cryptographic attack against it.
260219
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: q260219_w2k_sp1_x86_en.exe
MS00-036 - ResetBrowser Frame and Host Announcement Frame Vulnerabilities
Posted: 2000/05/25
The two vulnerabilities are:The "ResetBrowser Frame" vulnerability, which affects both Windows NT 4.0 and Windows 2000. Like most implementations, the Windows implementation provides the ability for a Master Browser to shut down other browsers via the ResetBrowser frame. However, there is no capability to configure a browser to ignore ResetBrowser frames. This could allow a malicious user to shut down browsers on his subnet as a denial of service attack against the browser service, or, in the worst case, to shut down all browsers and declare his machine the new Master Browser.The "HostAnnouncement Flooding" vulnerability, which does not affect Windows 2000. Because there is no means of limiting the size of the browse table in Windows NT 4.0, a malicious user could send a huge number of bogus HostAnnouncement frames to a Master Browser. The resulting replication traffic could consume The "ResetBrowser Frame" vulnerability, which affects both Windows NT 4.0 and Windows 2000. Like most implementations, the Windows implementation provides the ability for a Master Browser to shut down other browsers via the ResetBrowser frame. However, there is no capability to configure a browser to ignore ResetBrowser frames. This could allow a malicious user to shut down browsers on his subnet as a denial of service attack against the browser service, or, in the worst case, to shut down all browsers and declare his machine the new Master Browser. The HostAnnouncement Flooding vulnerability, which does not affect Windows 2000. Because there is no means of limiting the size of the browse table in Windows NT 4.0, a malicious user could send a huge number of bogus HostAnnouncement frames to a Master Browser. The resulting replication traffic could consume most or all of the network bandwidth and cause other problems in processing the table as well.
262694
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q262694i.EXE
262694
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q262694_W2K_SP2_x86_en.EXE
262694
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q262694ts.exe
MS00-040 - Remote Registry Access Authentication Vulnerability
Posted: 2000/06/08
264684
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q264684i.EXE
264684
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q264684ts.exe
MS00-047 - NetBIOS Name Server Protocol Spoofing Vulnerability
Posted: 2000/07/27
By design, NBNS allows network peers to assist in managing name conflicts. Also by design, it is an unauthenticated protocol and therefore subject to spoofing. A malicious user could misuse the Name Conflict and Name Release mechanisms to cause another machine to conclude that its name was in conflict. Depending on the scenario, the machine would as a result either be unable to register a name on the network, or would relinquish a name it already had registered. The result in either case would be the same - the machine would not respond requests sent to the conflicted name anymore. This will reduce but not eliminate the threat of spoofing. Customers needing additional protection may wish to consider using IPSec in Windows 2000 to authenticate all sessions on ports 137-139
269239
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: q269239i.exe
269239
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q269239_W2K_SP2_x86_en.EXE
269239
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q269239i.exe
MS00-052 - Relative Shell Path Vulnerability
Posted: 2000/07/28
Because of the circumstances in place at system startup time, the normal search order would cause any file named Explorer.exe in the %Systemdrive%\ directory to be loaded in place of the bona fide version. This could provide an opportunity for a malicious user to cause code of his choice to run when another user subsequently logged onto the same machine.
269049
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q269049i.EXE
269049
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q269049i.exe
269049
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q269049_w2k_sp2_x86_en.exe
MS00-053 - Service Control Manager Named Pipe Impersonation Vulnerability
Posted: 2000/08/02
The Service Control Manager (services.exe) is an administrative tool provided in Windows 2000 that allows system services (Server, Workstation, Alerter, ClipBook, etc.) to be created or modified. The SCM creates a named pipe for each service as it starts, however, should a malicious program predict and create the named pipe for a specific service before the service starts, the program could impersonate the privileges of the service. This could allow the malicious program to run in the context of the given service, with either specific user or LocalSystem privileges. The primary risk from this vulnerability is that a malicious user could exploit this vulnerability to gain additional privileges on the local machine. A malicious user would require the ability to log onto the target machine interactively and run arbitrary programs in order to exploit this vulnerability, and as a result, workstations and terminal servers would be at greatest risk.
269523
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269523_W2K_SP2_x86_en.EXE
MS00-057 - File Permission Canonicalization Vulnerability
Posted: 2000/08/10
A canonicalization error can, under certain conditions, cause IIS 4.0 or 5.0 to apply incorrect permissions to certain types of files. If an affected file residing in a folder with restrictive permissions were requested via a particular type of malformed URL, the permissions actually used would be those of a folder in the file's parentage chain, but not those of the folder the file actually resides in. If the ancestor folder's permissions were more permissive than those of the correct folder, the malicious user would gain additional privileges to the affected file.
269862
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: prmcan4i.exe
269862
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269862_W2K_SP2_x86_en.EXE
MS00-059 - Java VM Applet Vulnerability
Posted: 2000/08/21
This vulnerability would allow an applet to bypass this restriction. If a user visited a web site operated by a malicious user, the site could start an applet that would be able to establish a connection with another web site and forward any information from the web session to the malicious user?s site.
271752
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- Windows Me
- Windows Me Gold
Patch: msjavx86.exe
287030
Affected Products:
- Microsoft Virtual Machine (VM)
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_EN.exe
MS00-060 - IIS Cross-Site Scripting Vulnerabilities
Posted: 2000/08/25
If a malicious web site operator were able to lure a user to his site, and had identified a third-party web site that was vulnerable to CSS, he could potentially use the vulnerability to "inject" script into a web page created by the other web site, which would then be delivered to the user. The net effect would be to cause the malicious user's script to run on the user's machine using the trust afforded the other site. The vulnerability can affect any software that runs on a web server, accepts user input, and blindly uses it to generate web pages.
260347
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: crsscri.exe
275657
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q275657_W2K_SP2_x86_en.EXE
MS00-062 - Local Security Policy Corruption Vulnerability
Posted: 2000/08/28
This vulnerability could allow a malicious user to corrupt parts of a Windows 2000 system's local security policy, with the effect of disrupting domain membership and trust relationship information. If a workstation or member server were attacked via this vulnerability, it would effectively remove the machine from the domain; if a domain controller were attacked, it could no longer process domain logon requests.
269609
Affected Products:
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
Patch: Q269609_W2K_SP1_x86_en.EXE
MS00-063 - Invalid URL Vulnerability
Posted: 2000/09/05
271652
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q271652i.EXE
271652
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q271652I.EXE
MS00-065 - Still Image Service Privilege Escalation Vulnerability
Posted: 2000/09/06
An unchecked buffer exists in the 'Still Image Service' on Windows 2000 hosts. A locally logged-on user can execute malicious code that will use the still image service to escalate their permissions equal to that of the Still Image Service, namely, LocalSystem.
272736
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q272736_w2k_sp2_x86_en.exe
MS00-066 - Malformed RPC Packet Vulnerability
Posted: 2000/09/11
A denial of service can occur when a malicious client sends a particular malformed RPC (Remote Procedure Call) packet to the server, causing the RPC service to fail. A server behind a firewall that blocks ports 135-139 and 445 will not be affected by this vulnerability from the Internet.
272303
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q272303_w2k_sp2_x86_en.exe
MS00-067 - Windows 2000 Telnet Client NTLM Authentication Vulnerability
Posted: 2000/09/14
A vulnerability exists because the client will, by default, perform NTLM authentication when connecting to the remote telnet server. This could allow a malicious user to obtain another user's NTLM authentication credentials without the user's knowledge. A malicious user could exploit this behavior by creating a carefully-crafted HTML document that, when opened, could attempt to initiate a Telnet session to a rogue telnet server - automatically passing NTLM authentication credentials to the malicious server's owner. The malicious user could then use an offline brute force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources.
272743
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q272743_w2k_sp2_x86_en.exe
MS00-068 - OCX Attachment Vulnerability
Posted: 2000/09/26
274303
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: WMSU28412.EXE
MS00-069 - Simplified Chinese IME State Recognition Vulnerability
Posted: 2000/09/29
Input Method Editors (IMEs) enable character-based languages such as Chinese to be entered via a standard 101-key keyboard. When an IME is installed as part of the system setup, it is available by default as part of the logon screen. In such a case, the IME should recognize that it is running in the context of the LocalSystem and not in the context of a user, and restrict certain functions. This vulnerability only affects the Simplified Chinese version of Windows 2000 by default - customers using any other version of Windows 2000 are not affected. Even if the Simplified Chinese IMEs were installed after setup as part of a language pack, it would not be present as part of the logon screen and therefore would not pose a security threat. The vulnerability allows only the local machine to be compromised, but does not grant any domain privileges (unless, of course, the local machine happens to be a domain controller). Because the vulnerability is exposed as part of the logon screen, it could only be exploited by a user who had physical access to a keyboard, or who could start a terminal server session on an affected machine.
270676
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q270676_w2k_sp2_x86_en.exe
MS00-070 - Multiple LPC and LPC Ports Vulnerabilities
Posted: 2000/10/03
The "Invalid LPC Request" vulnerability, which affects only Windows NT 4.0. By levying an invalid LPC request, it would be possible to make the affected system fail. The "LPC Memory Exhaustion" vulnerability, which affects both Windows NT 4.0 and Windows 2000. By levying spurious LPC requests, it could be possible to increase the number of queued LPC messages to the point where kernel memory was depleted. The "Predictable LPC Message Identifier" vulnerability, which affects both Windows NT 4.0 and Windows 2000. Any process that knows the identifier of an LPC message can access it; however, the identifiers can be predicted. In the simplest case, a malicious user could access other process' LPC ports and feed them random data as a denial of service attack. In the worst case, it could be possible under certain conditions to send bogus requests to a privileged process in order to gain additional local privileges. A new variant of the previously-reported "Spoofed LPC Port Request" vulnerability. This vulnerability affects Windows NT 4.0 and Windows 2000, and could, under a very restricted set of conditions, allow a malicious user to create a process that would run under the security context of an already-running process, potentially including System processes. Because LPC can only be used on the local machine, none of these vulnerabilities could be exploited remotely. Instead, a malicious user could only exploit them on machines that he could log onto interactively. Typically, workstations and terminal servers would be chiefly at risk, because, if normal security practices have been followed, normal users will not be allowed to log onto critical servers interactively. This also means that, even in the worst case, the vulnerability would only confer additional local - not domain - privileges on the malicious user
266433
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q266433i.exe
266433
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: q266433_w2k_sp2_x86_en.exe
Posted: 2000/10/10
273991
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 273991usam.exe
273991
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SE
- Windows 98 SE Gold
Patch: 273991USA8.EXE
273991
Affected Products:
- Windows 95
- Windows 95 Gold
Patch: 273991USA5.EXE
MS00-073 - Malformed IPX NMPI Packet Vulnerability
Posted: 2000/10/11
273727
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 273727USAM.EXE
273727
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 273727USA8.EXE
273727
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 273727USA5.EXE
MS00-074 - WebTV for Windows Denial of Service Vulnerability
Posted: 2000/10/11
274113
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 274113usam.exe
274113
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 274113USA8.EXE
MS00-076 - Cached Web Credentials Vulnerability
Posted: 2000/10/12
When a user authenticates to a secured web page via Basic Authentication, IE caches the userid and password that were used, in order to minimize the number of times the user must authenticate to the same site. By design, IE should only send the cached credentials to secured pages on the site. However, it will actually send them to non-secure pages on the site as well. If a malicious user had complete control of another user?s network communications, he could wait until another user logged onto a secured site, then spoof a request for a non-secured page in order to collect the credentials.
273868
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q273868.exe
MS00-077 - NetMeeting Desktop Sharing Vulnerability
Posted: 2000/10/13
The denial of service can occur when a malicious client sends a particular malformed string to a port which the NetMeeting service is listening on and with Remote Desktop Sharing enabled.
273854
Affected Products:
- NetMeeting
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: NM30.EXE
299796
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q299796_W2k_SP3_x86_en.exe
MS00-078 - Web Server Folder Traversal Vulnerability
Posted: 2000/10/17
Due to a canonicalization error in IIS 4.0 and 5.0, a particular type of malformed URL could be used to access files and folders that lie anywhere on the logical drive that contains the web folders. This would potentially enable a malicious user who visited the web site to gain additional privileges on the machine ? specifically, it could be used to gain privileges commensurate with those of a locally logged-on user. Gaining these permissions would enable the malicious user to add, change or delete data, run code already on the server, or upload new code to the server and run it.
269862
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: prmcan4i.exe
269862
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269862_W2K_SP2_x86_en.EXE
MS00-079 - HyperTerminal Buffer Overflow Vulnerability
Posted: 2000/10/18
274548
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 274548usam.exe
274548
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 274548USA8.EXE
276471
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q276471_W2K_SP3_x86_en.EXE
304158
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q304158i.exe
MS00-080 - Session ID Cookie Marking Vulnerability
Posted: 2000/10/23
If a user initiated a session with a secure web page, a Session ID cookie would be generated and sent to the user, protected by SSL. But if the user subsequently visited a non-secure page on the same site, the same Session ID cookie would be exchanged, this time in plaintext. If a malicious user had complete control over the communications channel, he could read the plaintext Session ID cookie and use it to connect to the user?s session with the secure page. At that point, he could take any action on the secure page that the user could take.
274149
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: secsesi.exe
274149
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q274149_W2K_SP2_x86_en.EXE
MS00-081 - New Variant of VM File Reading Vulnerability
Posted: 2000/10/25
The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.x and Internet Explorer 5.x contains a security vulnerability that could allow a Java applet to operate outside the bounds set by the sandbox. A malicious user could write a Java applet that could read ? but not change, delete or add ? files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet.
287030
Affected Products:
- Microsoft Virtual Machine (VM)
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_EN.exe
277014
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- Windows Me
- Windows Me Gold
Patch: msjavx86.Exe
MS00-082 - Malformed MIME Header Vulnerability
Posted: 2000/10/31
248838
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP3
Patch: Q248838engI.EXE
MS00-083 - Netmon Protocol Parsing Vulnerability
Posted: 2000/11/01
274835
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q274835i.EXE
274835
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q274835_W2K_SP2_x86_en.EXE
273476
Affected Products:
- Systems Management Server 1.2
- Systems Management Server 1.2 SP4
Patch: Q273476c.EXE
273476
Affected Products:
- Systems Management Server 2.0
- Systems Management Server 2.0 Gold
- Systems Management Server 2.0 SP1
- Systems Management Server 2.0 SP2
Patch: Q273476c.exe
274835
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q274835ts.exe
MS00-084 - Indexing Services Cross Site Scripting Vulnerability
Posted: 2000/11/02
The Cross-Site Scripting (CSS) vulnerability results when web applications don?t properly validate inputs before using them in dynamic web pages. If a malicious web site operator were able to lure a user to his site, and had identified a third-party web site that was vulnerable to CSS, he could potentially use the vulnerability to ?inject? script into a web page created by the other web site, which would then be delivered to the user. The net effect would be to cause the malicious user?s script to run on the user?s machine using the trust afforded the other site. The vulnerability can affect any software that runs on a web server, accepts user input, and uses it to generate web pages without sufficient validation. Microsoft has identified an Indexing Service component (CiWebHitsFile) that, when called from a specially crafted URL, is vulnerable to this scenario.
278499
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q278499_W2K_SP2_x86_en.EXE
278499
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q278499i.EXE
MS00-085 - ActiveX Parameter Validation Vulnerability
Posted: 2000/11/02
An ActiveX control that ships as part of Windows 2000 contains an unchecked buffer. If the control was called from a web page or HTML mail using a specially-malformed parameter, it would be possible to cause code to execute on the machine via a buffer overrun. This could potentially enable a malicious user to take any desired action on the user's machine, limited only by the permissions of the user.
278511
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q278511_W2K_SP2_x86_en.EXE
MS00-086 - Web Server File Request Parsing Vulnerability
Posted: 2000/11/06
The ability to execute operating system commands on the web server would enable a malicious user to take virtually any action that an interactively-logged on user could take. He could, for instance, add, delete or change files on the server, run code that was already on the server, or upload code of his choice and run it.
277873
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: arbexei.exe
277873
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q277873_W2K_SP2_x86_en.EXE
MS00-087 - Terminal Server Login Buffer Overflow Vulnerability
Posted: 2000/11/08
277910
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 4
Patch: q277910i.exe
MS00-088 - Exchange User Account Vulnerability
Posted: 2000/11/16
278523
Affected Products:
- Exchange 2000 Server
- Exchange 2000 Gold
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
Patch: Q278523ENGI.EXE
MS00-089 - Domain Account Lockout Vulnerability
Posted: 2000/11/21
274372
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
Patch: q274372_w2k_sp2_x86_en.exe
MS00-090 - .ASX Buffer Overrun and .WMS Script Execution Vulnerabilities
Posted: 2000/11/22
280419
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wmsu34419.EXE
280419
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
- Windows Media Player 6.4 for Windows 2000
- Windows Media Player 6.4 for Windows 2000 Gold
Patch: wmsu33995.exe
280419
Affected Products:
- Windows Media Player 6.4 for Windows NT 4.0
- Windows Media Player 6.4 for Windows NT 4.0 Gold
Patch: Wmsu33995.exe
MS00-091 - Incomplete TCP/IP Packet Vulnerability
Posted: 2000/11/30
There is a denial of service vulnerability that affects Windows NT 4.0 Windows 95, 98, 98 Second Edition and Windows Me. By sending a flood of specially malformed TCP/IP packets to a victim?s machine a malicious user could cause either of two effects. In the most likely case, the flood would temporarily prevent any networking resources on an affected computer from responding to client requests; as soon as the packets stopped arriving, the machine would resume normal operation. In a less likely case, the system could hang, and remain unresponsive until it was rebooted. This vulnerability could only be exploited if TCP port 139 was open on the target machine. If the server service or File/Print sharing were disabled on a computer it would not be susceptible to this vulnerability
275567
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- Windows Me
- Windows Me Gold
Patch: q275567i.exe
275567
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q275567ts.exe
MS00-092 - Extended Stored Procedure Parameter Parsing Vulnerability
Posted: 2000/12/01
280380
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP2
Patch: s70918i.exE
280380
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Gold
Patch: s80233i.exe
MS00-093 - Browser Print Template and File Upload via Form Vulnerabilities
Posted: 2000/12/01
279328
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q279328.exe
279328
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q279328.exe
279328
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q279328.Exe
MS00-094 - Phone Book Service Buffer Overflow Vulnerability
Posted: 2000/12/04
276575
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q276575_W2K_SP2_x86_en.EXE
276575
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q276575i.exe
276575
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q276575ts.exe
MS00-095 - Registry Permissions Vulnerability
Posted: 2000/12/06
265714
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q265714i.EXE
265714
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q265714i.exe
MS00-096 - SNMP Parameters Vulnerability
Posted: 2000/12/06
This vulnerability is virtually identical to the SNMP Parameters vulnerability affecting Windows NT 4.0 systems and discussed in Microsoft Security Bulletin MS00-095. The SNMP Parameters key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters, provides the SNMP community name and SNMP management station identifiers, if they exist. SNMP community strings may allow either read or read-write access to the SNMP service. If no read-write access strings exist, the user could only use this vulnerability to read information through SNMP that is normally available to local users. If read-write access strings do exist, a malicious user could use this vulnerability to make changes to any system using the same community string for read-write access. It is important to remember that SNMP v1.0 has no security by design, and any user who could monitor network traffic could also obtain the SNMP community strings. SNMP is not installed on Windows NT 4.0 machines by default. It should be noted that the information revealed by this vulnerability is normally transmitted in plaintext across SNMP-managed networks. As a result, even in the absence of incorrect registry permissions, a malicious user could carry out the same attack if she could monitor network communicatio
266794
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q266794_W2K_SP2_x86_en.EXE
MS00-097 - Severed Windows Media Server Connection Vulnerability
Posted: 2000/12/15
281256
Affected Products:
- Windows Media Services 4.1
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows Media Services 4.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: WMSU35924.EXE
MS00-098 - Indexing Service File Enumeration Vulnerability
Posted: 2000/12/19
An ActiveX control that ships as part of Indexing Service is incorrectly marked as safe for scripting, thereby enabling it to be executed by web site applications. The control at issue here could be used to enumerate files and folders, and to view their properties. It would not be necessary for Indexing Service to be running in order for the vulnerability to be exploited; however, if it were running, the control also could be used to search for files containing specific words. The vulnerability could not be used to read files, except via a fairly unlikely scenario discussed in detail in the FAQ. It could not be used under any conditions to change, add or delete information on the user?s computer.
280838
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q280838_W2K_SP2_x86_en.EXE
MS00-099 - Directory Service Restore Mode Password Vulnerability
Posted: 2000/12/20
271641
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q271641_W2K_SP2_x86_en.EXE
MS00-100 - Malformed Web Form Submission Vulnerability
Posted: 2000/12/22
The FrontPage Server Extensions (FPSE) ship with and are installed by default as part of IIS 4.0 and 5.0. The most familiar FPSE functions allow web site and content management; however, FPSE also provides browse-time support functions. Among the functions included in the latter category are ones that help process web forms that have been submitted by a user. A vulnerability exists in one of these functions. If a malicious user levied a specially-malformed form submission to an affected server, it would cause the IIS service to fail. The vulnerability does not provide the opportunity to misuse any of the FPSE administrative or content management functions.
280322
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q280322_W2K_SP2_x86_en.EXE
280322
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: Q280322i.EXE
280322
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q280322
MS01-001 - Web Client Will Perform NTLM Authentication Regardless of Security Settings
Posted: 2001/01/11
The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and publish files via web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user?s web site ? either by browsing to the site or by opening an HTML mail that initiated a session with it an application on the site could capture the user?s NTLM credentials. The malicious user could then use an offline brute force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources. The vulnerability would only provide the malicious user with the cryptographically protected NTLM authentication credentials of another user.
282132
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 282132usam.exe
282132
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q282132_W2K_SP2_x86_en
282132
Affected Products:
- Office 2000
- Office 2000 SR-1a
- Office 2000 SR-1
- Office 2000 Service Pack 2
Patch: fpwec
MS01-002 - PowerPoint 2000 File Parser Contains Unchecked Buffer
Posted: 2001/01/22
If an attacker inserted specially chosen data into a PowerPoint file and could entice another user into opening the file on his machine, the data would overrun the buffer, causing either of two effects.
285978
Affected Products:
- PowerPoint 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000 Service Pack 2
Patch: ppt2ksec.exe
285978
Affected Products:
- PowerPoint 97
- PowerPoint 97 Gold
Patch: ppt97sec.exe
MS01-003 - Weak Permissions on Winsock Mutex Can Allow Service Failure
Posted: 2001/01/24
This could enable an attacker who had the ability to run code on a local machine to monopolize the mutex, thereby preventing any other processes from using the resource that it controlled. This would have the effect of preventing the machine from participating in the network.
279336
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q279336i.EXE
279336
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q279336i.exe
MS01-004 - Malformed .HTR Request Allows Reading of File Fragments
Posted: 2001/01/29
This one could enable an attacker to request a file in a way that would cause it to be processed by the .HTR ISAPI extension. The result of doing this is that fragments of server-side files like .ASP files could potentially be sent to the attacker.
285985
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: frgvuli.exe
285985
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q285985_W2K_SP3_x86_en.EXE
MS01-005 - Packaging Anomaly Could Cause Hotfixes to be Removed
Posted: 2001/01/30
Microsoft packages all Windows 2000 hotfixes (including security patches) with a catalog file that lists all of the valid hotfixes that have been issued to date. The catalog is digitally signed to ensure its integrity, and Windows File Protection uses the signed catalog to determine which hotfixes are valid. An error in the production of the catalog files for English language Windows 2000 Post Service Pack 1 hotfixes made available through December 18, 2000 could, under very unlikely circumstances, cause Windows File Protection to remove a valid hotfix from a system. The removal of a hotfix could cause a customer?s system to revert to a version of a Windows 2000 module that contained a security vulnerability. Windows File Protection will only remove valid hotfixes from a Windows 2000 system under a very restrictive set of circumstances
281767
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
Patch: Q281767_W2K_SP2_x86_en.EXE
285083
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
Patch: Q285083_W2K_SP2_x86_en.EXE
MS01-006 - Invalid RDP Data Can Cause Terminal Server Failure
Posted: 2001/01/31
286132
Affected Products:
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q286132_W2K_SP2_x86_en.EXE
MS01-007 - Network DDE Agent Requests Can Enable Code to Run in System Context
Posted: 2001/02/05
A vulnerability exists because, in Windows 2000, the Network DDE Agent runs using the Local System security context and processes all requests using this context, rather than that of the user. This would give an attacker an opportunity to cause the Network DDE Agent to run code of her choice in Local System context, as a means of gaining complete control over the local machine.
285851
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q285851_W2K_SP3_x86_en.EXE
MS01-008 - Malformed NTLMSSP Request Can Enable Code to Run with System Privileges
Posted: 2001/02/07
A flaw in the NTLM Security Support Provider (NTLMSSP) service could potentially allow a non-administrative user to gain administrative control over the system. In order to perform this attack the user would need a valid login account and the ability to execute arbitrary code on the system. This vulnerability could only be exploited by an attacker who could log onto the affected machine interactively. However, best practices strongly suggest that unprivileged users not be allowed to interactively log onto business-critical servers like domain controllers, ERP servers, print and file servers, database servers, and others. If this recommendation has been followed, machines such as these would not be at risk from this vulnerability and, as a result, the machines most likely to be affected would be workstations and terminal servers.
280119
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q280119i.EXE
280119
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q280119i.exe
MS00-009 - Image Source Redirect Vulnerability
Posted: 2000/02/16
When a web server navigates a window from one domain into another one, the IE security model checks the server's permissions on the new page. However, it is possible for a web server to open a browser window to a client-local file, then navigate the window to a page that is in the web site's domain in such a way that the data in the client-local file is accessible to the new window. The data would only be accessible to the new window for a very brief period, but the result is that it could be possible for a malicious web site operator to view files on the computer of a visiting user.
251109
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: Q251109.exe
251109
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: q251109.exe
MS01-009 - Malformed PPTP Packet Stream Can Cause Kernel Exhaustion
Posted: 2001/02/13
The PPTP service in Windows NT 4.0 has a flaw in a part of the code that handles a particular type of data packet, which results in a leak of kernel memory resulting in a denial of service vulnerability.
283001
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q283001i.exe
283001
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q283001ts.exe
MS01-010 - Windows Media Player Skins Files Can Enable Java Code to Execute
Posted: 2001/02/14
If a Windows Media Player skin (.WMZ) file were downloaded from a malicious web site, it could potentially cause the deployment of zipped Java code to a known location on the visiting user?s machine. Since the Java code would reside in a known location on the machine, script hosted on a hostile web site or embedded in a hostile HTML mail message could potentially invoke the script in the local computer security zone to take arbitrary action on the user?s machine.
287045
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wmsu38041
MS01-011 - Malformed Request to Domain Controller Can Cause CPU Exhaustion
Posted: 2001/02/20
A core service running on all Windows 2000 domain controllers (but not on any other machines) contains a flaw affecting how it processes a certain type of invalid service request. Specifically, the service should handle the request at issue here by determining that it is invalid and simply dropping it; in fact, the service performs some resource-intensive processing and then sends a response. If an attacker sent a continuous stream of such requests to an affected machine, it could consume most or all of the machine?s CPU availability. This could cause the domain controller to process requests for service slowly or not at all, and could limit the number of new logons the machine could process and the number of Kerberos tickets that could be issued.
299687
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q299687_W2K_SP3_x86_en.EXE
MS00-075 - Microsoft VM ActiveX Component Vulnerability
Posted: 2000/10/12
If a user visited a malicious web site that exploited this vulnerability, a Java applet on one of the web pages could run any desired ActiveX control, even ones that are marked as unsafe for scripting. This would enable the malicious web site operator to take any desired action on the user?s machine.
275609
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- Windows Me
- Windows Me Gold
Patch: msjavx86.exe
287030
Affected Products:
- Microsoft Virtual Machine (VM)
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_EN.exe
MS00-071 - Word Mail Merge Vulnerability
Posted: 2000/10/05
274226
Affected Products:
- Word 2000
- Office 2000 SR-1a
Patch: wrdacc.exe
272749
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: wdac97.exe
MS00-044 - Absent Directory Browser Argument Vulnerability
Posted: 2000/07/14
The vulnerabilities could allow a malicious user to stop the web server from providing useful service, or to extract certain types of information from it.
267559
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: htrdos4i.exe
267559
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q267559_W2K_SP2_x86_en.EXE
MS00-045 - Persistent Mail-Browser Link Vulnerability
Posted: 2000/07/20
This could allow the browser window to retrieve the text of mails subsequently displayed in the preview pane, and relay it to the malicious user.
261255
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
- Outlook Express 5.01
- Internet Explorer 5.01 Gold
Patch: q261255.exe
261255
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Outlook Express 4.01
- Internet Explorer 4.01 SP2
Patch: Q261255.exe
MS00-046 - Cache Bypass Vulnerability
Posted: 2000/07/20
If an HTML mail created an HTML file outside the cache, it would run in the Local Computer Zone when opened. This could allow it to open a file on the user's computer and send it a malicious user's web site. The vulnerability also could be used as a way of placing an executable file on the user's machine, which the malicious user would then seek to launch via some other means.
261255
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
- Outlook Express 5.01
- Internet Explorer 5.01 Gold
Patch: q261255.exe
261255
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Outlook Express 4.01
- Internet Explorer 4.01 SP2
Patch: Q261255.exe
MS00-048 - Stored Procedure Permissions Vulnerability
Posted: 2000/07/07
266766
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP2
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP2
Patch: s70918i.eXe
MS00-051 - Excel REGISTER.ID Function Vulnerability
Posted: 2000/07/26
269263
Affected Products:
- Excel 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: xl9p3pkg.exe
269252
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: xl8p10pkg.exe
MS00-054 - Malformed IPX Ping Packet Vulnerability
Posted: 2000/08/03
265334
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 265334US5.EXE
265334
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 265334USA8.EXE
MS00-056 - Microsoft Office HTML Object Tag Vulnerability
Posted: 2000/08/09
269880
Affected Products:
- Office 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- PowerPoint 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Word 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Excel 2000
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: Of9data.exe
MS00-058 - Specialized Header Vulnerability
Posted: 2000/08/14
If an IIS server receives a file request that contains a specialized header as well as one of several particular characters at the end, the expected ISAPI extension processing may not occur. The result is that the source code of the file would be sent to the browser.
256888
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q256888_W2K_SP1_x86_en.EXE
MS00-061 - Money Password Vulnerability
Posted: 2000/08/25
272232
Affected Products:
- Money 2000
- Money 2000 Gold
- Money 2001
- Money 2001 Gold
Patch: 272232_MON_8.0
- On the Tools menu, click Update Internet Information.
MS00-042 - Active Setup Download Vulnerability
Posted: 2000/06/29
The flaws in downloading .cab file would allow a malicious web site operator to download a Microsoft-signed .cab file as a means of overwriting a file on the user's machine. By overwriting system files, this could allow the malicious user to render the machine unusable.
269368
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q269368.Exe
265258
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q265258.exe
265258
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q265258.exe
265258
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q265258.Exe
MS00-043 - Malformed E-mail Header Vulnerability
Posted: 2000/07/18
Under certain conditions, the vulnerability could allow a malicious user to cause code of his choice to execute on another user's computer.
261255
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
- Outlook Express 5.01
- Internet Explorer 5.01 Gold
Patch: q261255.exe
267884
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Outlook Express 4.01
- Internet Explorer 4.01 SP2
Patch: Q261255.exe
MS00-064 - Unicast Service Race Condition Vulnerability
Posted: 2000/09/06
273014
Affected Products:
- Windows Media Services 4.0
- Windows Media Services 4.0 Gold
- Windows Media Services 4.1
- Windows Media Services 4.1 Gold
Patch: WMSU27678.EXE
MS00-033 - Frame Domain Verification and Unauthorized Cookie Access and Malformed Component Attribute Vulnerabilities
Posted: 2000/05/17
269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
MS00-039 - SSL Certificate Validation Vulnerabilities
Posted: 2000/06/05
269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
MS00-041 - DTS Password Vulnerability
Posted: 2000/06/13
264880
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
- SQL Server 7.0 SP2
Patch: s70918i.Exe
MS00-049 - Office HTML Script and IE Script Vulnerabilities
Posted: 2000/07/13
268365
Affected Products:
- Excel 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- PowerPoint 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: Addinsec.exe
268365
Affected Products:
- PowerPoint 97
- PowerPoint 97 Gold
- Office 97
- Office 97 Gold
Patch: ppt97sec.EXE
269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q269368.Exe
269368
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q269368.Exe
MS00-050 - Telnet Server Flooding Vulnerability
Posted: 2000/07/24
The denial of service can occur when a malicious client sends a particular malformed string to the server through the Telnet service provided as part of Windows 2000 products.
267843
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: q267843_w2k_sp2_x86_en.exe
MS00-055 - Scriptlet Rendering Vulnerability
Posted: 2000/08/09
269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q269368.Exe
269368
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q269368.Exe
MS00-034 - Office 2000 UA Control Vulnerability
Posted: 2000/05/12
262767
Affected Products:
- Office 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- PowerPoint 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Outlook 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Word 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Excel 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Photo Draw 2000 Version 2
- Photo Draw 2000 Version 2 Gold
- Photo Draw 2000 Version 1
- PictureIt 2000 Gold
- Photo Draw 2000 Version 1 Gold
- Publisher 2000
- Publisher 2000 Gold
- Project 2000
- Project 2000 Gold
- FrontPage 2000
- FrontPage 2000 Gold
- Works 2000
- Works 2000 Gold
- Access 2000
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: Uactlsec.exe
MS00-035 - SQL Server 7.0 Service Pack Password Vulnerability
Posted: 2000/05/30
263968
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
- SQL Server 7.0 SP2
Patch: killpwd.exe
MS00-037 - HTML Help File Code Execution Vulnerability
Posted: 2000/06/02
The HTML Help facility provides the ability to launch code via shortcuts included in HTML Help files. If a compiled HTML Help (.chm) file were referenced by a malicious web site, it could potentially be used to launch code on a visiting user's computer without the user's approval. Such code could take any actions that the user could take, including adding, changing or deleting data, or communicating with a remote web site.
259166
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: hhupd.exe
259166
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q259166_W2K_SP1_x86_en.EXE
MS00-038 - Malformed Windows Media Encoder Request Vulnerability
Posted: 2000/05/30
264133
Affected Products:
- Windows Media Encoder 4.0
- Windows Media Encoder 4.0 Gold
- Windows Media Encoder 4.1
- Windows Media Encoder 4.1 Gold
Patch: WMSU20935a.EXE
MS00-010 - Site Wizard Input Validation Vulnerability
Posted: 2000/02/18
252614
Affected Products:
- Site Server 3.0, Commerce Edition
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
- Site Server 3.0 SP3
- Site Server 3.0 SP4
Patch: Q252614.zip
MS00-012 - Remote Agent Permissions Vulnerability
Posted: 2000/02/22
249847
Affected Products:
- Systems Management Server 2.0
- Systems Management Server 2.0 Gold
- Systems Management Server 2.0 SP1
Patch: Q249847i.EXE
MS00-013 - Misordered Windows Media Services Handshake Vulnerability
Posted: 2000/02/23
253943
Affected Products:
- Windows Media Services 4.0
- Windows Media Services 4.0 Gold
- Windows Media Services 4.1
- Windows Media Services 4.1 Gold
Patch: WMSU4954_NT4.EXE
253943
Affected Products:
- Windows Media Services 4.1
- Windows Media Services 4.1 Gold
- Windows Media Services 4.0
- Windows Media Services 4.0 Gold
Patch: WMSU4954_Win2000.EXE
MS00-014 - SQL Query Abuse Vulnerability
Posted: 2000/03/08
256052
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
- SQL Server 7.0 Gold
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 Gold
- SQL Server 7.0 SP1
Patch: s70780i.exe
MS00-015 - Clip Art Buffer Overrun Vulnerability
Posted: 2000/03/06
256167
Affected Products:
- Office 2000
- Office 2000 Gold
- Works 2000
- Works 2000 Gold
- PictureIt 2000
- PictureIt 2000 Gold
- Home Publishing 2000
- Home Publishing 2000 Gold
- Publisher 99
- Publisher 99 Gold
- Photo Draw 2000 Version 1
- Photo Draw 2000 Version 1 Gold
- Greetings 2000
- Greetings 2000 Gold
Patch: cilupdt.exe
MS00-016 - Malformed Media License Request Vulnerability
Posted: 2000/03/17
257200
Affected Products:
- Windows Media Rights Manager 1
- Windows Media Rights Manager 1 Gold
Patch: WMRMU8912_NT4.EXE
MS00-017 - DOS Device in Path Name Vulnerability
Posted: 2000/03/16
256015
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 256015USA5.EXE
256015
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 256015USA8.EXE
MS00-018 - Chunked Encoding Post Vulnerability
Posted: 2000/03/20
252693
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: chkenc4i.exe
Posted: 2000/03/30
Under certain fairly unusual conditions, the vulnerability could cause a web server to send the source code of .ASP and other files to a visiting user.
249599
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: uncsec4i.exe
249599
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q249599_W2K_SP1_X86_en.EXE
MS00-022 - XLM Text Macro Vulnerability
Posted: 2000/04/03
255605
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: xl8p9pkg.exe
MS00-023 - Myriad Escaped Characters Vulnerability
Posted: 2000/04/12
Special characters can be embedded in URLs by use of so-called escaped character sequences. By providing a specially-malformed URL with an extremely large number of escaped characters, a malicious user could arbitrarily increase the work factor associated with parsing the escaped characters, thereby consuming much or all of the CPU availability on the server and preventing useful work from being done.
254142
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: escseq4i.exe
254142
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q254142_W2K_SP1_x86_en.EXE
MS00-024 - OffloadModExpo Registry Permissions Vulnerability
Posted: 2000/04/12
259496
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 4
Patch: Q259496i.exe
259496
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q259496i.Exe
MS00-025 - Link View Server-Side Component Vulnerability
Posted: 2000/04/14
259799
Affected Products:
- FrontPage 98 Server Extensions
- FrontPage 98 Server Extensions Gold
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Personal Web Server 4.0
- Personal Web Server 4.0 Gold
Patch: Q259799
MS00-028 - Server-Side Image Map Components Vulnerability
Posted: 2000/04/21
260267
Affected Products:
- FrontPage 97 Server Extensions
- FrontPage 97 Server Extensions Gold
- FrontPage 98 Server Extensions
- FrontPage 98 Server Extensions Gold
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Personal Web Server 4.0
- Personal Web Server 4.0 Gold
Patch: Q260267
MS00-030 - Malformed Extension Data in URL Vulnerability
Posted: 2000/05/11
In compliance with RFC 2396, the algorithm in IIS that processes URLs has flexibility built in to allow it to process any arbitrary sequence of file extensions or subresource identifiers (referred to in the RFC as path_segments). By providing an URL that contains specially-malformed file extension information, a malicious user could misuse this flexibility in order to arbitrarily increase the work factor associated with parsing the URL. This could consume much or all of the CPU availability on the server and prevent useful work from being done.
260205
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: myrdot4i.exe
260205
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q260205_W2K_SP1_x86_en.EXE
MS00-031 - Undelimited .HTR Request and File Fragment Reading via .HTR Vulnerabilities
Posted: 2000/05/10
The vulnerabilities could, respectively, be used to slow an affected web server's response or to obtain the source code of certain types of files under very restricted conditions.
267559
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q267559_W2K_SP2_x86_en.EXE
260838
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: ismpst4i.exe
MS99-053 - Windows Multithreaded SSL ISAPI Filter Vulnerability
Posted: 1999/12/02
244613
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
Patch: sslune4i.exe
MS99-054 - WPAD Spoofing Vulnerability
Posted: 1999/12/01
247333
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q247333
MS99-058 - Virtual Directory Naming Vulnerability
Posted: 1999/12/21
238606
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 4
Patch: vrdcon4i.exe
MS99-059 - Malformed TDS Packet Header Vulnerability
Posted: 1999/12/20
248749
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
Patch: S70761i.exe
MS99-060 - HTML Mail Attachment Vulnerability
Posted: 1999/12/22
249082
Affected Products:
- Outlook Express 5 for Macintosh
- Outlook Express 5 for Macintosh Gold
- Internet Explorer 4.5 for Macintosh
- Internet Explorer 4.5 for Macintosh Gold
Patch: MacFiles
MS99-061 - Escape Character Parsing Vulnerability
Posted: 1999/12/21
246401
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: unschx4i.exe
MS99-052 - Legacy Credential Caching Vulnerability
Posted: 1999/11/29
168115
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 168115us5.exe
168115
Affected Products:
- Windows 98
- Windows 98 Gold
Patch: 168115us8.exe
MS99-051 - IE Task Scheduler Vulnerability
Posted: 1999/11/29
246972
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q246972
MS99-049 - File Access URL Vulnerability
Posted: 1999/11/12
245729
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 245729us5.exe
245729
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
Patch: 245729us8.exe
MS99-048 - Active Setup Control Vulnerability
Posted: 1999/11/11
244540
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q244540.exe
244540
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q244540.exe
MS99-044 - Excel SYLK Vulnerability
Posted: 1999/10/20
241900
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: xl8p7pkg.exe
241901
Affected Products:
- Excel 2000
- Office 2000 Gold
- Office 2000
- Office 2000 Gold
Patch: xl9p2pkg.exe
MS99-043 - Javascript Redirect Vulnerability
Posted: 1999/10/18
244356
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q244356.exe
244357
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q244357.exe
MS99-042 - IFRAME ExecCommand Vulnerability
Posted: 1999/10/11
243638
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q243638.exe
MS99-040 - Download Behavior Vulnerability
Posted: 1999/09/28
243638
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q243638.exe
MS99-037 - ImportExportFavorites Vulnerability
Posted: 1999/09/10
241361
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q241361.exe
241361
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: Q241361.exe
MS99-035 - Set Cookie Header Caching Vulnerability
Posted: 1999/09/10
238647
Affected Products:
- Site Server 3.0
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
- Site Server 3.0, Commerce Edition
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
- Microsoft Commercial Internet System 2.0
- Microsoft Commercial Internet System 2.0 Gold
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.5 Gold
Patch: q238647x86eng.exe
MS99-033 - Malformed Telnet Argument Vulnerability
Posted: 1999/09/09
240163
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: telnet95.exe
240163
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: TelnetUp.EXE
MS99-032 - scriptlet.typelib/Eyedog Vulnerability
Posted: 1999/08/31
240308
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 5
- Internet Explorer 5 Gold
- Outlook Express 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
Patch: q240308.exe
MS99-030 - Office ODBC Vulnerabilities
Posted: 1999/08/20
141796
Affected Products:
- Office 95
- Office 95 Gold
Patch: Jet30Pkg.exe
239105
Affected Products:
- Office 97
- Office 97 Gold
- Office 97 SR-1
- Office 97 SR-2/SR-2b
Patch: jetCopkg.exe
239471
Affected Products:
- Office 2000
- Office 2000 Gold
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: JetcoPkg.exe
MS99-022 - Double Byte Code Page Vulnerability
Posted: 1999/06/24
233335
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: fesrc3i.exe
233335
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 3
Patch: fesrc4i.exe
MS99-019 - Malformed HTR Request Vulnerability
Posted: 1999/06/15
234905
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: extfixi.exe
MS99-018 - Malformed Favorites Icon Vulnerability
Posted: 1999/05/27
241361
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q241361.exe
241361
Affected Products:
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
Patch: Q241361.exe
MS99-014 - Excel 97 Virus Warning Vulnerabilities
Posted: 1999/05/07
231304
Affected Products:
- Office 97
- Office 97 SR-2/SR-2b
- Excel 97
- Office 97 SR-2/SR-2b
Patch: Xl8p9pkg.exe
MS99-012 - MSHTML Update Available for Internet Explorer
Posted: 1999/04/21
226325
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: mshtml5.exe
226325
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
Patch: mshtml4.exe
MS99-011 - DHTML Edit Vulnerability
Posted: 1999/04/21
226326
Affected Products:
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: DHTMLED5.EXE
MS01-012 - Outlook - Outlook Express VCard Handler Contains Unchecked Buffer
Posted: 2001/02/22
Outlook Express provides several components that are used both by it and, if installed on the machine, Outlook. One such component, used to process vCards, contains an unchecked buffer. By creating a vCard and editing it to contain specially chosen data, then sending it to another user, an attacker could cause either of two effects to occur if the recipient opened it. In the less serious case, the attacker could cause the mail client to fail. If this happened, the recipient could resume normal operation by restarting the mail client and deleting the offending mail. In the more serious case, the attacker could cause the mail client to run code of her choice on the user?s machine. Such code could take any desired action, limited only by the permissions of the recipient on the machine.
283908
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
- Outlook Express 5.5
- Internet Explorer 5.5 SP1
Patch: q283908.exe
283908
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
- Outlook Express 5.01
- Internet Explorer 5.01 SP1
Patch: Q283908.exe
MS01-013 - Windows 2000 Event Viewer Contains Unchecked Buffer
Posted: 2001/02/26
This is a buffer overrun vulnerability. By entering a specially malformed record into a machine?s event log, an attacker could cause either of two effects to occur when the record was subsequently opened. In the least serious case, he could cause the event viewer to fail. In the more serious case, he could cause the event viewer?s functionality to be modified while running, in order to perform a task of his choosing on the other user?s machine.
285156
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q285156_W2K_SP3_x86_en.EXE
MS01-014 - Malformed URL Can Cause Service Failure in IIS 5.0 and Exchange 2000
Posted: 2001/03/01
This is a denial of service vulnerability. It could enable an attacker to temporarily disrupt service on an affected web, or to temporarily disrupt web-based access to an affected mail server. Although the server in either case would automatically resume normal operation, any sessions in progress at the time of the attack would be lost. The vulnerability does not provide any opportunity for the attacker to usurp administrative control over the server, or to add, change or delete data on it.
286818
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Gold
Patch: Q286818_W2K_SP3_x86_en.EXE
287678
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
- Exchange 2000 Server
- Exchange 2000 Gold
Patch: Q287678engi386.EXE
MS01-015 - IE Can Divulge Location of Cached Content
Posted: 2001/03/06
The IE security architecture provides a caching mechanism that is used to store content that needs to be downloaded and processed on the user's local machine. The purpose of the cache is to obfuscate the physical location of the cached content, in order to ensure that the web page or HTML e-mail will work through the IE security architecture to access the information. This ensures that the uses of the information can be properly restricted. A vulnerability exists because it is possible for a web page or HTML e-mail to learn the physical location of cached content. Armed with this information, an attacker could cause the cached content to be opened in the Local Computer Zone. This would enable him to launch compiled HTML help (.CHM) files that contain shortcuts to executables, thereby enabling him to run the executables.
279328
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q279328.exe
286045
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q286045.exe
286043
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q286043.exe
279328
Affected Products:
- Windows Script 5.1
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: scripten.exe
279328
Affected Products:
- Windows Script 5.1
- Windows 95 SR 2.5
- Windows 95 SR 2.1
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 98 Gold
- Windows 98 SP1
Patch: ste51en.exe
279328
Affected Products:
- Windows Script 5.5
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Scripten.exe
279328
Affected Products:
- Windows Script 5.5
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98 Gold
- Windows 98 SP1
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Scr55en.exe
MS01-016 - Malformed WebDAV Request Can Cause IIS to Exhaust CPU Resources
Posted: 2001/03/08
WebDAV is an extension to the HTTP protocol that allows remote authoring and management of web content. In the Windows 2000 implementation of the protocol, IIS 5.0 performs initial processing of all WebDAV requests, then forwards the appropriate commands to the WebDAV process. However, a flaw exists in the way WebDAV handles a particular type of malformed request. If a stream of such requests were directed at an affected server, it would consume all CPU availability on the server.
291845
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q291845_W2K_SP2_x86_en.EXE
MS01-017 - Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
Posted: 2001/03/22
VeriSign, Inc., recently advised Microsoft that on January 29 and 30, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is ?Microsoft Corporation?. The ability to sign executable content using keys that purport to belong to Microsoft would clearly be advantageous to an attacker who wished to convince users to allow the content to run. The certificates could be used to sign programs, ActiveX controls, Office macros, and other executable content. Of these, signed ActiveX controls and Office macros would pose the greatest risk, because the attack scenarios involving them would be the most straightforward. Both ActiveX controls and Word documents can be delivered via either web pages or HTML mails. ActiveX controls can be automatically invoked via script, and Word documents can be automatically opened via script unless the user has applied the Office Document Open Confirmation Tool. However, even though the certificates say they are owned by Microsoft, they are not bona fide Microsoft certificates, and content signed by them would not be trusted by default. Trust is defined on a certificate-by-certificate basis, rather than on the basis of the common name. As a result, a warning dialogue would be displayed before any of the signed content could be executed, even if the user had previously agreed to trust other certificates with the common name ?Microsoft Corporation?. The danger, of course, is that even a security-conscious user might agree to let the content execute, and might agree to always trust the bogus certificates. VeriSign has revoked the certificates, and they are listed in VeriSign?s current Certificate Revocation List (CRL). However, because VeriSign?s code-signing certificates do not specify a CRL Distribution Point (CDP), it is not possible for any browser?s CRL-checking mechanism to download the VeriSign CRL and use it. Microsoft is developing an update that rectifies this problem. The update package includes a CRL containing the two certificates, and an installable revocation handler that consults the CRL on the local machine, rather than attempting to use the CDP mechanism.
293818
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- Windows Me
- Windows Me Gold
Patch: Crlupd.exe
293818
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: crlupd.exe
293818
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: crlupdts.exe
293818
Affected Products:
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: crlupD.exe
MS01-018 - Visual Studio VB-TSQL Object Contains Unchecked Buffer
Posted: 2001/03/27
The VB-TSQL debugger object that ships with Visual Studio 6.0 Enterprise Edition has an unchecked buffer in the code that processes parameters for one of the object?s methods. The object can, by design, be programmatically accessed remotely. If the object were to be referenced by a program that contained specially malformed data within the parameter, either of two outcomes would result. In the less serious case, the attacker could cause the object to fail on the hosting machine. In the more serious case, the attacker could exploit the buffer overrun to run code of the attacker's choice on the hosting machine. The debugger object (vbsdicli.exe) is installed by default with Visual Studio 6.0 Enterprise Edition and runs in the context of the interactively logged-on user. The attacker could only execute a successful attack if he knew that a user had the component installed and that the user was logged in at the time of the attack.
281297
Affected Products:
- Visual Studio 6.0
- Visual Studio 6.0 SP 5
- Visual Basic 6.0
- Visual Basic 6.0 Gold
Patch: Q281297.EXE
MS01-019 - Passwords for Compressed Folders are Recoverable
Posted: 2001/03/28
Plus! 98, an optional package that extends Windows 98 and Windows 98 Second Edition, introduced a data compression feature called Compressed Folders that was also included in Windows Me. For interoperability with leading third-party compression tools, it provides a password protection option for folders that have been compressed. However, due to a flaw in the package?s implementation, the passwords used to protect the folders are recorded in a file on the user?s system. If an attacker gained access to an affected machine on which password-protected folders were stored, she could learn the passwords and access the files. It is important to understand that, although this flaw does constitute a security vulnerability, the password protection feature is not intended to provide strong security. It was included in the products to enable interoperability with password-protection features in other third-party data compression products, and is only intended to provide protection against casual inspection. Customers who need strong protection for files should use Windows® 2000. The patch will prevent passwords from being written to the user?s system in the future. However, as discussed in the FAQ, after applying the patch, it is important to also delete c:\windows\dynazip.log, in order to ensure that all previously-recorded passwords are deleted.
252694
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 252694usa8.exe
252694
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 252694usam.exe
MS01-020 - Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Posted: 2001/03/29
Because HTML e-mails are simply web pages, IE can render them and open binary attachments in a way that is appropriate to their MIME types. However, a flaw exists in the type of processing that is specified for certain unusual MIME types. If an attacker created an HTML e-mail containing an executable attachment, then modified the MIME header information to specify that the attachment was one of the unusual MIME types that IE handles incorrectly, IE would launch the attachment automatically when it rendered the e-mail. An attacker could use this vulnerability in either of two scenarios. She could host an affected HTML e-mail on a web site and try to persuade another user to visit it, at which point script on a web page could open the mail and initiate the executable. Alternatively, she could send the HTML mail directly to the user. In either case, the executable attachment, if it ran, would be limited only by user?s permissions on the system.
290108
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: Q290108.exe
290108
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q290108.exe
MS01-021 - Web Request Can Cause Access Violation in ISA Server Web Proxy Service
Posted: 2001/04/16
The ISA Server Web Proxy service does not correctly handle web requests that contain a particular type of malformed argument. Processing such a request would result in an access violation, which would cause the Web Proxy service to fail. This would disrupt all ingoing and outgoing web proxy requests until the service was restarted.
295279
Affected Products:
- ISA Server 2000
- ISA Server 2000 Gold
Patch: isahf63.exe
MS01-022 - WebDAV Service Provider Can Allow Scripts to Levy Requests as User
Posted: 2001/04/18
The Microsoft Data Access Component Internet Publishing Provider provides access to WebDAV resources over the Internet. By design, it should differentiate between requests made by a user and those made by a script running in the user?s browser. However, because of an implementation flaw, it handles all requests in the security context of the user. As a result, if a user browsed to a web page or opened an HTML e-mail that contained script, that script could access web-based resources as the user. The specific actions an attacker could take via this vulnerability would depend on the Web-based resources available to the user, and the user?s privileges on them. However, it is likely that at a minimum, the attacker could browse the user?s intranet, and potentially access web-based e-mail as well.
296441
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- Windows Me
- Windows Me Gold
Patch: rbupdate.exe
296441
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Rbupdate.exe
MS01-023 - Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server
Posted: 2001/05/01
Windows 2000 introduced native support for the Internet Printing Protocol (IPP), an industry-standard protocol for submitting and controlling print jobs over HTTP. The protocol is implemented in Windows 2000 via an ISAPI extension that is installed by default as part of Windows 2000 but which can only be accessed via IIS 5.0. A security vulnerability results because the ISAPI extension contains an unchecked buffer in a section of code that handles input parameters. This could enable a remote attacker to conduct a buffer overrun attack and cause code of her choice to run on the server. Such code would run in the Local System security context. This would give the attacker complete control of the server, and would enable her to take virtually any action she chose. The attacker could exploit the vulnerability against any server with which she could conduct a web session. No other services would need to be available, and only port 80 (HTTP) or 443 (HTTPS) would need to be open. Clearly, this is a very serious vulnerability, and Microsoft strongly recommends that all IIS 5.0 administrators install the patch immediately. Customers who cannot install the patch can protect their systems by removing the mapping for the Internet Printing ISAPI extension. However, it is important to understand that if Web Printing is enabled via Group Policy, this would override the settings made in the Internet Services Manager. As the FAQ discusses in more detail, customers who have enabled Web Printing via Group Policy should disable it first, then unmap the Internet Printing ISAPI extension.
296576
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q296576_W2K_SP2_x86_en.EXE
MS01-024 - Malformed Request to Domain Controller Can Cause Memory Exhaustion
Posted: 2001/05/08
A core service running on all Windows 2000 domain controllers (but not on any other machines) contains a memory leak, which can be triggered when it attempts to process a certain type of invalid service request. By repeatedly sending such a request, an attacker could deplete the available memory on the server. If memory were sufficiently depleted, the domain controller could become unresponsive, which would prevent it from processing logon requests or issuing new Kerberos tickets. An affected machine could be put back into service by rebooting.
299687
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q299687_W2K_SP3_x86_en.EXE
MS01-025 - Index Server Search Function Contains Unchecked Buffer
Posted: 2001/05/10
The patches discussed below address two security vulnerabilities that are unrelated to each other except in the sense that both affect Index Server 2.0. The first vulnerability is a buffer overrun vulnerability. Index Server 2.0 has an unchecked buffer in a function that processes search requests. If an overly long value were provided for a particular search parameter, it would overrun the buffer. If the buffer were overrun with random data, it would cause Index Server to fail. If it were overrun with carefully selected data, code of the attacker?s choice could be made to run on the server, in the Local System security context. The second vulnerability affects both Index Server 2.0 and Indexing Service in Windows 2000, and is a new variant of the ?Malformed Hit-Highlighting? vulnerability discussed in Microsoft Security Bulletin MS00-006. The new variant has almost the same scope as the original vulnerability, but potentially exposes a new file type If an attacker provided an invalid search request, she could read ?include? files residing on the web server. The new patch eliminates all known variants of the vulnerability.
294472
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Index Server 2.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q294472i.exe
296185
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Index Server 2.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q296185i.exe
296185
Affected Products:
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q296185_W2K_SP3_x86_en.EXE
MS01-026 - 14 May 2001 Cumulative Patch for IIS
Posted: 2001/05/14
This update eliminates three new vulnerabilities: A vulnerability that could enable a malicious user to run operating system commands on an affected server. A vulnerability that could allow a malicious user to enter a File Transfer Protocol (FTP) command, which can cause IIS 5.0 to fail. FTP is the protocol used for copying files to and from remote computer systems on a network. A vulnerability that can enable a malicious user to access a guest account using the FTP service.
293826
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q293826_W2K_SP3_x86_en.EXE
295534
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q295534i.exe
MS01-027 - Flaws in Web Server Certificate Validation Could Enable Spoofing
Posted: 2001/05/16
A patch is available to eliminate two newly discovered vulnerabilities affecting Internet Explorer, both of which could enable an attacker to spoof trusted web sites.
295106
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q295106.exe
299618
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q299618.exe
MS01-028 - RTF Document Linked to Template Can Run Macros Without Warning
Posted: 2001/05/21
The Word 2000 Security Update: Macro Vulnerability addresses a vulnerability that could allow malicious code to run in a Rich Text Format (RTF) document without warning. Under normal circumstances, you will see a warning in Word 2000 when you open a document attached to a template containing macros. However, it is possible for an RTF document to be linked to a template containing macros in such a way that a macro can run with no warning issued. This could cause damage to data or allow unauthorized retrieval of data from your system when you visit a Web site or open an e-mail message.
288266
Affected Products:
- Word 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000 Service Pack 2
Patch: wd2kmsec.exe
288266
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: wd97mcrs.exe
MS01-029 - Windows Media Player .ASX Processor Contains Unchecked Buffer
Posted: 2001/05/23
This update addresses two security vulnerabilities that are related to each other only by the fact that they both affect Windows Media Player. The two vulnerabilities are a buffer overrun in the functionality used to process Active Stream Redirector (.ASX) files, and a vulnerability affecting how Windows Media Player handles Internet shortcuts. In addition, this update addresses a potential privacy vulnerability that was recently identified.
296138
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
- Windows Media Player 6.4 for Windows 2000
- Windows Media Player 6.4 for Windows 2000 Gold
Patch: WMSU47357.exe
296138
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: mp71.exe
296138
Affected Products:
- Windows Media Player 6.4 for Windows NT 4.0
- Windows Media Player 6.4 for Windows NT 4.0 Gold
Patch: Wmsu47357.exe
MS01-030 - Incorrect Attachment Handling in Exchange OWA Can Execute Script
Posted: 2001/06/06
OWA is a service of Exchange 5.5 and 2000 Server that allows users to use a web browser to access their Exchange mailbox. However, a flaw exists in the interaction between OWA and IE for message attachments. If an attachment contains HTML code including script, the script will be executed when the attachment is opened, regardless of the attachment type. Because OWA requires that scripting be enabled in the zone where the OWA server is located, this script could take action against the users Exchange mailbox. An attacker could use this flaw to construct an attachment containing malicious script code. The attacker could then send the attachment in a message to the user. If the user opened the attachment in OWA, the script would execute and could take action against the user?s mailbox as if it were the user, including, under certain circumstances, manipulation of messages or folders.
301361
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q301361i386.EXE
299535
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
- Exchange 2000 Server
- Exchange 2000 Gold
Patch: Q299535engi386.EXE
MS01-031 - Predictable Named Pipes Could Enable Privilege Elevation via Telnet
Posted: 2001/06/07
299553
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q299553_W2K_SP3_x86_en.EXE
MS01-032 - SQL Query Method Enables Cached Administrator Connection to be Reused
Posted: 2001/06/12
299717
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Gold
Patch: s80296i.exe
299717
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
Patch: s70996i.exe
MS01-033 - Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise
Posted: 2001/06/18
300972
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q300972_W2K_SP3_x86_en.EXE
300972
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Index Server 2.0
- Windows NT4 Service Pack 6a
Patch: Q300972i.exe
300972
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q300972ts.exe
MS01-034 - Malformed Word Document Could Enable Macro to Run Automatically
Posted: 2001/06/21
288266
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: wd97mcrs.exe
288266
Affected Products:
- Word 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000 Service Pack 2
Patch: wd2kmsec.exe
302294
Affected Products:
- Word 2002
- Word 2002 Gold
Patch: WRD1001.exe
MS01-035 - FrontPage Server Extension Sub-Component Contains Unchecked Buffer
Posted: 2001/06/21
300477
Affected Products:
- FrontPage 2000 Server Extensions
- Windows 2000 Service Pack 2
Patch: Q300477_W2K_SP3_x86_en.EXE
300477
Affected Products:
- FrontPage 2000 Server Extensions
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q300477.exe
MS01-036 - Function Exposed via LDAP over SSL Could Enable Passwords to be Changed
Posted: 2001/06/25
299687
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q299687_W2K_SP3_x86_en.EXE
MS01-037 - Authentication Error in SMTP Service Could Allow Mail Relaying
Posted: 2001/07/05
302755
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q302755_W2k_SP3_x86_en.exe
MS01-038 - Outlook View Control Exposes Unsafe Functionality
Posted: 2001/07/12
303833
Affected Products:
- Outlook 2000
- Office 2000 Service Pack 2
Patch: outlctlx.exe
303825
Affected Products:
- Outlook 2002
- Outlook 2002 Gold
Patch: olk1003.exe
MS01-039 - Services for Unix 2.0 Telnet and NFS Services Contain Memory Leaks
Posted: 2001/07/24
294380
Affected Products:
- Services for Unix 2.0 (NT)
- Services for Unix 2.0 (NT) Gold
Patch: q294380_sfu_2_x86.exe
301514
Affected Products:
- Services for Unix 2.0 (NT)
- Services for Unix 2.0 (NT) Gold
Patch: q301514_sfu_2_x86.exe
294380
Affected Products:
- Services for Unix 2.0 (Win2K)
- Services for Unix 2.0 (Win2K) Gold
Patch: q294380_sfu_2_x86.Exe
- http://download.microsoft.com/download/win2000platform/patch/q294380/nt5/en-us/q294380_sfu_2_x86.exe
301514
Affected Products:
- Services for Unix 2.0 (Win2K)
- Services for Unix 2.0 (Win2K) Gold
Patch: q301514_sfu_2_x86.Exe
MS01-040 - Invalid RDP Data Can Cause Memory Leak in Terminal Services
Posted: 2001/07/25
292435
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q292435_w2k_sp3_x86_en.exe
292435
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: q292435i.exe
MS01-041 - Malformed RPC Request Can Cause Service Failure
Posted: 2001/07/26
299444
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q299444i.exe
299444
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q299444I.exe
298012
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q298012_w2k_sp3_x86_en.exe
298012
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
Patch: q298012_sql2000_x86_en.exe
298012
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP2
Patch: q298012_sql70sp2_x86_en.exe
304062
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: q304062engi386.exe
304063
Affected Products:
- Exchange 2000 Server
- Exchange 2000 Gold
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
Patch: q304063engi386.exe
299444
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q299444ts.exe
MS01-042 - Windows Media Player .NSC Processor Contains Unchecked Buffer
Posted: 2001/07/26
304404
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
- Windows Media Player 6.4 for Windows 2000
- Windows Media Player 6.4 for Windows 2000 Gold
Patch: wmsu55362.exe
304404
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: wMsu55362.exe
304404
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wmSu55362.exe
304404
Affected Products:
- Windows Media Player 6.4 for Windows NT 4.0
- Windows Media Player 6.4 for Windows NT 4.0 Gold
Patch: Wmsu55362.exe
MS01-043 - NNTP Service in Windows NT 4.0 and Windows 2000 Contains Memory Leak
Posted: 2001/08/14
303984
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q304876engi386.exe
303984
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q303984_w2k_sp3_x86_en.exe
MS01-044 - 15 August 2001 Cumulative Patch for IIS
Posted: 2001/08/15
301625
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Service Pack 5
Patch: q301625i.exe
301625
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q301625_w2k_sp3_x86_en.exe
MS01-045 - ISA Server H.323 Gatekeeper Service Contains Memory Leak
Posted: 2001/08/16
289503
Affected Products:
- ISA Server 2000
- ISA Server 2000 Gold
Patch: isahf68.exe
MS01-046 - Access Violation in Windows 2000 IRDA Driver Can Cause System to Restart
Posted: 2001/08/21
252795
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q252795_W2K_SP3_x86_en.EXE
MS01-047 - OWA Function Allows Unauthenticated User to Enumerate Global Address List
Posted: 2001/09/06
307195
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q307195engi386.EXE
MS01-048 - Malformed Request to RPC Endpoint Mapper Can Cause RPC Service to Fail
Posted: 2001/09/10
305399
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q305399i.EXE
305399
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q305399i.exe
305399
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q305399i.exe
MS01-049 - Deeply-nested OWA Request Can Consume Server CPU Availability
Posted: 2001/09/26
303451
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 SP1
- Exchange 2000 Server
- Exchange 2000 SP1
Patch: Q303451engi386.EXE
MS01-050 - Malformed Excel or PowerPoint Document Can Bypass Macro Security
Posted: 2001/10/04
306604
Affected Products:
- Excel 2000
- Office 2000 SR-1a
- Office 2000 Service Pack 2
Patch: xl2000
306606
Affected Products:
- Excel 2002
- Office XP Gold
Patch: xl2002
306603
Affected Products:
- PowerPoint 2000
- Office 2000 SR-1a
- Office 2000 Service Pack 2
Patch: Ppt2000
306606
Affected Products:
- PowerPoint 2002
- Office XP Gold
Patch: Ppt2002
MS01-051 - Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone
Posted: 2001/10/10
306121
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q306121.exe
306121
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q306121.exe
306121
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q306121.Exe
MS01-052 - Invalid RDP Data Can Cause Terminal Service Failure
Posted: 2001/10/18
307454
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q307454i.exe
307454
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q307454_W2K_SP3_x86_en.exe
MS01-053 - Downloaded Applications Can Execute on Mac IE 5.1 for OS X
Posted: 2001/10/23
311052
Affected Products:
- Internet Explorer 5.1 for Macintosh OS X
- Internet Explorer 5.1 for Macintosh OS X Gold
Patch: MacIE501
MS01-054 - Invalid Universal Plug and Play Request Can Disrupt System Operation
Posted: 2001/11/01
309521
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 309073USA8.EXE
309521
Affected Products:
- Windows Me
- Windows Me Gold
Patch: WinMEUPnP
309521
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q309521_x86.exe
MS01-055 - 13 November 2001 Cumulative Patch for IE
Posted: 2001/11/08
312461
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q312461.exe
312461
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q312461.exe
MS01-056 - Windows Media Player .ASF Processor Contains Unchecked Buffer
Posted: 2001/11/20
308567
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: wm308567.exe
308567
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wM308567.exe
308567
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
- Windows Media Player 6.4 for Windows 2000
- Windows Media Player 6.4 for Windows 2000 Gold
Patch: wm308567.Exe
309521
Affected Products:
- Windows Media Player for Windows XP
- Windows XP Gold
- Windows Media Player for Windows XP Gold
Patch: WinXPUPnP
308567
Affected Products:
- Windows Media Player 6.4 for Windows NT 4.0
- Windows Media Player 6.4 for Windows NT 4.0 Gold
Patch: Wm308567.exe
MS01-057 - Specially Formed Script in HTML Mail Can Execute in Exchange 5.5 OWA
Posted: 2001/12/06
313576
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q313576i386.exe
MS01-058 - 13 December 2001 Cumulative Patch for IE
Posted: 2001/12/13
313675
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q313675.exe
313675
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q313675.exe
MS01-059 - Unchecked Buffer in Universal Plug and Play Can Lead to System Compromise
Posted: 2001/12/19
315000
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q315000_WXP_SP1_x86_ENU.exe
315000
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 314941USA8.EXE
315000
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 314757USAM.EXE
MS01-060 - SQL Server Text Formatting Functions Contain Unchecked Buffers
Posted: 2001/12/20
304850
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP1
Patch: s80428i.exe
304851
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
Patch: sql7
MS02-001 - Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data
Posted: 2002/01/22
311401
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
Patch: w2kSP2SRP1.exe
311401
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
Patch: w2kSP2SRP1.Exe
317636
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q317636i.EXE
MS02-002 - Malformed Network Request Can Cause Office v. X for Mac to Fail
Posted: 2002/02/06
317879
Affected Products:
- Office v. X for Macintosh
- Office v. X for Macintosh Gold
Patch: MacPatch
MS02-003 - Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions
Posted: 2002/02/07
316056
Affected Products:
- Exchange 2000 Server
- Exchange 2000 SP2
- Exchange 2000 Enterprise Server
- Exchange 2000 SP2
Patch: Q316056engi386.EXE
MS02-004 - Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution
Posted: 2002/02/07
307298
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Interix 2.2
- Interix 2.2 Gold
Patch: Q307298_W2K_SP3_x86_en.exe
MS02-005 - 11 February 2002 Cumulative Patch for Internet Explorer
Posted: 2002/02/11
316059
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q316059.exe
316059
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q316059.exe
316059
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q316059.Exe
316059
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: Q316059.Exe
MS02-006 - Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run
Posted: 2002/02/12
314147
Affected Products:
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q314147i.exe
314147
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: nopatch
314147
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
Patch: Q314147_W2K_SP3_X86_EN.exe
314147
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Home Edition
- Windows XP Gold
Patch: Q314147_WXP_SP1_x86_ENU.exe
MS02-007 - SQL Server Remote Data Source Function Contain Unchecked Buffers
Posted: 2002/02/20
317979
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
Patch: 8.00.0578.exe
317979
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP3
Patch: s71021a.exe
MS02-008 - XMLHTTP Control Can Allow Access to Local Files
Posted: 2002/02/21
318202
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q318202_MSXML20_x86_en.exe
318203
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q318203_MSXML30_x86.exe
317244
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Gold
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: msxml4qfe.exe
MS02-009 - Incorrect VBScript Handling in IE Can Allow Web Pages to Read Local Files
Posted: 2002/02/21
318089
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: vbs51nen.exe
318089
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: vbs55nen.exe
318089
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Vbs55nen.exe
318089
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: vbs56nen.exe
MS02-010 - Unchecked Buffer in ISAPI Filter Could Allow Commerce Server Compromise
Posted: 2002/02/21
317615
Affected Products:
- Commerce Server 2000
- Commerce Server 2000 SP2
Patch: tempcs
MS02-011 - Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service
Posted: 2002/02/27
313450
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
Patch: Q313450_W2K_SP3_X86_EN.exe
289258
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q289258engi386.EXE
MS02-012 - Malformed Data Transfer Request Can Cause Windows SMTP Service to Fail
Posted: 2002/02/27
313450
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
Patch: Q313450_W2K_SP3_X86_EN.exe
313450
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- Internet Information Services 5.1
- Windows XP Gold
Patch: Q313450_WXP_SP1_x86_ENU.exe
MS02-013 - 04 March 2002 Cumulative VM Update
Posted: 2002/03/04
300845
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Home Edition
- Windows XP Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows 98 SE
- Windows 98 SE Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: msjavx86.eXe
300845
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
Patch: Q300845_W2K_SP3_X86_EN.exe
MS02-014 - Unchecked Buffer in Windows Shell Could Lead to Code Execution
Posted: 2002/03/07
313829
Affected Products:
- Windows 98 SE
- Windows 98 SE Gold
- Windows 98
- Windows 98 SP1
- Windows 98 Gold
Patch: win9802-014
313829
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q313829i.exe
313829
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q313829i.exe
313829
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
Patch: Q313829_W2K_SP3_X86_EN.exe
MS02-015 - 28 March 2002 Cumulative Patch for Internet Explorer
Posted: 2002/03/28
319182
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q319182.exe
319182
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
- Internet Explorer 5.01 SP3
Patch: Q319182.exe
319182
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q319182.Exe
319182
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q319182.EXE
MS02-016 - Opening Group Policy Files for Exclusive Read Blocks Policy Application (Q318593)
Posted: 2002/04/04
318593
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
Patch: Q318593_W2K_SP3_X86_EN.exe
MS02-017 - Unchecked Buffer in the Multiple UNC Provider Could Enable Code Execution (Q311967)
Posted: 2002/04/04
311967
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q312895i.exe
311967
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q312895i.exe
311967
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q311967_W2K_SP3_X86_EN.exe
311967
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Home Edition
- Windows XP Gold
Patch: Q311967_WXP_SP1_x86_ENU.exe
MS02-018 - Cumulative Patch for Internet Information Service (Q319733)
Posted: 2002/04/10
319733
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q319733i.exe
319733
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q319733_W2K_SP3_X86_EN.exe
319733
Affected Products:
- Internet Information Services 5.1
- Windows XP Gold
Patch: Q319733_WXP_SP1_x86_ENU.exe
319733
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q319733ts.exe
MS02-019 - Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309)
Posted: 2002/04/16
321309
Affected Products:
- Excel v. X for Macintosh
- Excel v. X for Macintosh Gold
- Excel 2001 for Macintosh
- Excel 2001 for Macintosh Gold
- PowerPoint 2001 for Macintosh
- PowerPoint 2001 for Macintosh Gold
- PowerPoint 98 for Macintosh
- PowerPoint 98 for Macintosh Gold
- PowerPoint v. X for Macintosh
- PowerPoint v. X for Macintosh Gold
- Internet Explorer 5.1 for Machintosh OS 8 and 9
- Internet Explorer 5.1 for Machintosh OS 8 and 9 Gold
- Internet Explorer 5.1 for Macintosh OS X
- Internet Explorer 5.1 for Macintosh OS X Gold
- Entourage 2001 for Macintosh
- Entourage 2001 for Macintosh Gold
- Entourage v. X for Macintosh
- Entourage v. X for Macintosh Gold
- Outlook Express 5 for Macintosh
- Outlook Express 5 for Macintosh Gold
Patch: macpatches
MS02-020 - SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507)
Posted: 2002/04/17
319507
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP3
Patch: 7.00.1030_SQL7_sp3_x86_enu.exe
319507
Affected Products:
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
- SQL Server 2000
- SQL Server 2000 SP2
Patch: 8.00.0608_SQL2K_sp2_x86_enu.exe
MS02-021 - E-mail Editor Flaw Could Lead to Script Execution on Reply or Forward (Q321804)
Posted: 2002/04/25
320441
Affected Products:
- Word 2002
- Word 2002 Gold
Patch: wrd1003.exe
320536
Affected Products:
- Word 2000
- Word 2000 Gold
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000 Service Pack 2
Patch: wrd0901.exe
MS02-022 - Unchecked Buffer in MSN Chat Control Can Lead to Code Execution (Q321661)
Posted: 2002/05/08
321661
Affected Products:
- MSN Messenger
- MSN Messenger Gold
Patch: messenger
MS02-023 - 15 May 2002 Cumulative Patch for Internet Explorer (Q321232)
Posted: 2002/05/15
321232
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q321232.exe
321232
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q321232.exe
321232
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: Q321232.Exe
321232
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
- Internet Explorer 5.01 SP3
Patch: q321232.Exe
MS02-024 - Authentication Flaw in Windows Debugger Can Lead to Elevated Privileges (Q320206)
Posted: 2002/05/22
320206
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q320206_W2K_SP4_X86_EN.exe
320206
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q320206i.exe
320206
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q320206i.exe
MS02-025 - Malformed Mail Attribute Can Cause Exchange 2000 to Exhaust CPU Resources (Q320436)
Posted: 2002/05/28
320436
Affected Products:
- Exchange 2000 Server
- Exchange 2000 SP2
- Exchange 2000 Enterprise Server
- Exchange 2000 SP2
Patch: Q320436enui386.EXE
MS02-026 - Unchecked Buffer in ASP.NET Worker Process (Q322289)
Posted: 2002/06/06
322289
Affected Products:
- .NET Framework
- .NET Framework Gold
Patch: NDP10_QFEM_Q322289_En.exe
MS02-027 - Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice (Q323889)
Posted: 2002/06/11
323889
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: 323889_IE5.01_SP2
323889
Affected Products:
- Proxy Server 2.0
- Proxy Server 2.0 Gold
Patch: 29106_ENU_i386_zip.exe
323889
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: isahf177.exe
323889
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: 323889_IE5.5_SP1
323889
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: 323889_IE5.5_SP2
323889
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: 323889_IE6.0
323889
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
Patch: 323889_IE5.01_SP3
MS02-028 - Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise (Q321599)
Posted: 2002/06/11
321599
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q321599_W2K_SP4_X86_EN.exe
321599
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q321599i.exe
MS02-029 - Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138)
Posted: 2002/06/11
318138
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q318138_W2K_SP3_X86_EN.exe
318138
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q318138_WXP_SP1_x86_ENU.exe
318138
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q318138i.exe
318138
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q318138i.exe
318138
Affected Products:
- Microsoft Routing and Remote Access Server for Windows NT 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Terminal Server Service Pack 6
Patch: Q318138i.Exe
MS02-030 - Unchecked Buffer in SQLXML Could Lead to Code Execution (Q321911)
Posted: 2002/06/12
321911
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
Patch: 321911_SQL_2000.80_SP2
MS02-031 - Cumulative Patches for Excel and Word for Windows (Q324458)
Posted: 2002/06/19
324126
Affected Products:
- Excel 2000
- Office 2000 SR-1a
Patch: exc0901.exe
323548
Affected Products:
- Excel 2002
- Office XP SP1
Patch: exc1002.exe
323547
Affected Products:
- Word 2002
- Office XP SP1
Patch: wrd1004.exe
MS02-032 - Cumulative Patch for Windows Media Player (Q320920)
Posted: 2002/06/26
320920
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
- Windows Media Player 6.4 for Windows 2000
- Windows Media Player 6.4 for Windows 2000 Gold
Patch: wm320920_64.exe
- http://download.microsoft.com/download/winmediaplayer/update/320920/w98nt42kme/en-us/wm320920_64.exe
320920
Affected Products:
- Windows Media Player 6.4 for Windows NT 4.0
- Windows Media Player 6.4 for Windows NT 4.0 Gold
Patch: Wm320920_64.exe
- http://download.microsoft.com/download/winmediaplayer/update/320920/w98nt42kme/en-us/wm320920_64.exe
320920
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: wm320920_71.exe
320920
Affected Products:
- Windows Media Player for Windows XP
- Windows XP Gold
- Windows Media Player for Windows XP Gold
Patch: wm320920_8.exe
MS02-033 - Unchecked Buffer in Profile Service Could Allow Code Execution in Commerce Server (Q322273)
Posted: 2002/06/26
322273
Affected Products:
- Commerce Server 2000
- Commerce Server 2000 Gold
- Commerce Server 2000 SP2
- Commerce Server 2002
- Commerce Server 2002 Gold
Patch: tempcs2
MS02-034 - Cumulative Patch for SQL Server (Q316333)
Posted: 2002/07/10
322853
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
Patch: 8.00.0650_enu.exe
MS02-035 - SQL Server Installation Process May Leave Passwords on System (Q263968)
Posted: 2002/07/10
263968
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 Gold
- SQL Server 7.0 SP1
- SQL Server 7.0 SP3
- SQL Server 7.0 SP4
- SQL Server 7.0 SP2
Patch: killpwd.exe
263968
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
- SQL Server 2000 SP1
- SQL Server 2000 SP2
Patch: SQL2kKillPwd.exe
MS02-036 - Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation (Q317138)
Posted: 2002/07/24
317138
Affected Products:
- Microsoft Metadirectory Services 2.2
- Microsoft Metadirectory Services 2.2 SP1
Patch: Q317138.EXE
MS02-037 - Server Response To SMTP Client EHLO Command Results In Buffer Overrun (Q326322)
Posted: 2002/07/24
326322
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q326322enui386.EXE
MS02-038 - Unchecked Buffer in SQL Server 2000 Utilities Could Allow Code Execution (Q316333)
Posted: 2002/07/24
316333
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
Patch: 8.00.0686_enu.exe
MS02-039 - Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875)
Posted: 2002/07/24
323875
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
Patch: Q319243_MDAC27_x86.exe
MS02-040 - Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise (Q326573)
Posted: 2002/07/30
326573
Affected Products:
- MDAC 2.5
- MDAC 2.5 SP2
- SQL Server 7.0
- SQL Server 7.0 SP4
Patch: Q323264_MDAC25_x86_en.exe
326573
Affected Products:
- MDAC 2.6
- MDAC 2.6 SP2
- SQL Server 2000
- SQL Server 2000 SP2
Patch: Q323266_MDAC26_x86_en.exe
326573
Affected Products:
- MDAC 2.7
- MDAC 2.7 Gold
Patch: Q323263_MDAC27_x86_en.exe
MS02-041 - Unchecked Buffer in Content Management Server Could Enable Server Compromise (Q326075)
Posted: 2002/08/06
326075
Affected Products:
- Content Management Server 2001
- Content Management Server 2001 SP1
Patch: mcms2001srp1.exe
MS02-042 - Flaw in Network Connection Manager Could Enable Privilege Elevation (Q326886)
Posted: 2002/08/15
326886
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q326886_W2K_SP4_X86_EN.exe
MS02-043 - Cumulative Patch for SQL Server (Q316333)
Posted: 2002/08/15
327068
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP4
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP4
Patch: 7.00.1076_enu.exe
316333
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
Patch: 8.00.0686_enu.exe
MS02-044 - Unsafe Functions in Office Web Components (Q328130)
Posted: 2002/08/21
328130
Affected Products:
- Project 2002
- Project 2002 Gold
Patch: prj1001.exe
328130
Affected Products:
- Project Server 2002
- Project Server 2002 Gold
Patch: ps1001en.exe
- http://download.microsoft.com/download/microsoftproject2002/ps1001en/10/WIN98MeXP/EN-US/ps1001en.exe
328130
Affected Products:
- Office 2000
- Office 2000 Service Pack 2
- Office 2000 Gold
- Office XP
- Office XP SP1
- Office XP Gold
- Small Business Server 2000
- Small Business Server 2000 Gold
- ISA Server 2000
- ISA Server 2000 SP1
- ISA Server 2000 Gold
- Commerce Server 2000
- Commerce Server 2000 SP2
- Commerce Server 2000 Gold
- Commerce Server 2002
- Commerce Server 2002 Gold
- BizTalk Server 2002
- BizTalk Server 2002 Gold
- BizTalk Server 2000
- BizTalk Server 2000 Gold
- BackOffice Server 2000
- BackOffice Server 2000 Gold
- Office Web Components 2000
- Office Web Components 2000 Gold
- Office Web Components 2002
- Office Web Components 2002 Gold
Patch: owcupd.exe
Posted: 2002/08/21
326830
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
Patch: Q326830_W2K_SP4_X86_EN.exe
326830
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q326830_WXP_SP1_x86_ENU.exe
326830
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q326830i.exe
326830
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q326830i.Exe
MS02-046 - Buffer Overrun in TSAC ActiveX Control Could Allow Code Execution (Q327521)
Posted: 2002/08/21
327521
Affected Products:
- Microsoft Terminal Services Advanced Client (TSAC) ActiveX control
- Microsoft Terminal Services Advanced Client (TSAC) ActiveX control Gold
Patch: tswebsetup.exe
MS02-047 - Cumulative Patch for Internet Explorer (Q323759)
Posted: 2002/08/21
323759
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q323759.exe
323759
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: Q323759.exe
323759
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q323759.Exe
323759
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q323759.Exe
323759
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
Patch: q323759.EXe
MS02-048 - Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172)
Posted: 2002/08/28
323172
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q323172_WXP_SP1_x86_ENU.exe
323172
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q323172i.exe
323172
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q323172i.Exe
323172
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 323172USAM.EXE
323172
Affected Products:
- Windows 98 SE
- Windows 98 SE Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
Patch: 323172USA8.EXE
323172
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: q323172_W2K_SP4_X86_EN.exe
MS02-049 - Flaw Could Enable Web Page to Launch Visual FoxPro 6.0 Application Without Warning (Q326568)
Posted: 2002/09/04
326568
Affected Products:
- Visual FoxPro 6.0
- Visual FoxPro 6.0 Gold
Patch: vfp_q326568_en.exe
MS02-050 - Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)
Posted: 2002/09/04
329115
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q329115i.Exe
329115
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q329115i.EXE
329115
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q329115_WXP_SP2_x86_ENU.exe
329115
Affected Products:
- Windows 98 SE
- Windows 98 SE Gold
- Windows 98
- Windows 98 Gold
Patch: Q329115-Win98
329115
Affected Products:
- Windows Me
- Windows Me Gold
Patch: Q329115-WinME
329115
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q329115_W2K_SP4_X86_EN.exe
MS02-051 - Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380)
Posted: 2002/09/18
324380
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 1
Patch: Q324380_W2K_SP4_X86_EN.exe
324380
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q324380_WXP_SP1_x86_ENU.exe
MS02-052 - Flaw in Java VM JDBC Classes Could Allow Code Execution (Q329077)
Posted: 2002/09/18
329077
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: vm-sfix3.exe
MS02-053 - Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096)
Posted: 2002/09/24
324096
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- FrontPage 2000 Server Extensions
- FrontPage 2000 Server Extensions Gold
Patch: FPSE0901.exe
324096
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- FrontPage 2000 Server Extensions
- FrontPage 2000 Server Extensions Gold
Patch: Q324096_W2K_SP4_X86_EN.exe
- http://download.microsoft.com/download/win2000pro/Patch/Q324096/NT5/EN-US/Q324096_W2K_SP4_X86_EN.exe
324096
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
- FrontPage 2000 Server Extensions
- FrontPage 2000 Server Extensions Gold
Patch: Q324096_WXP_SP1_x86_ENU.exe
324096
Affected Products:
- FrontPage Server Extensions 2002
- FrontPage Server Extensions 2002 Gold
Patch: MS02-053FPSE2002
MS02-054 - Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048)
Posted: 2002/10/02
329048
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 329048USAM.EXE
329048
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q329048_WXP_SP2_x86_ENU.exe
329048
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: q329048_WXP_SP2_x86_ENU.exe
329048
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 329048USA8.EXE
MS02-055 - Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255)
Posted: 2002/10/02
323255
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q323255_WXP_SP2_x86_ENU.exe
323255
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q323255_W2K_SP4_X86_EN.exe
323255
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Hhupd.exe
323255
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
Patch: 323255USA8.EXE
323255
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 323255USAM.EXE
MS02-056 - Cumulative Patch for SQL Server (Q316333)
Posted: 2002/10/02
316333
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
Patch: 8.00.0686_enu.exe
316333
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP4
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP4
Patch: 7.00.1078_enu.exe
MS02-057 - Flaw in Services for Unix 3.0 Interix SDK Could Allow Code Execution (Q329209)
Posted: 2002/10/02
329209
Affected Products:
- Services For Unix 3.0 Interix SDK
- Services For Unix 3.0 Interix SDK Gold
Patch: q329209_sfu_3_x86_en.exe
MS02-058 - Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise (Q328676)
Posted: 2002/10/09
328676
Affected Products:
- Outlook Express 5.5
- Internet Explorer 5.5 SP2
Patch: OE55-Q328676
328676
Affected Products:
- Outlook Express 6.0
- Internet Explorer 6 SP1
Patch: OE60-Q328676
MS02-059 - Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure (Q330008)
Posted: 2002/10/16
330008
Affected Products:
- Word 2002
- Office XP SP2
Patch: Word2002MS02-059
330008
Affected Products:
- Word 2000
- Office 2000 Service Pack 1
- Office 2000 Service Pack 2
Patch: Word2000MS02-059
330008
Affected Products:
- Word 97
- Word 97 Gold
- Word 98
- Word 98 Gold
Patch: Word98JMS02-059
330008
Affected Products:
- Word v. X for Macintosh
- Office v. X for Macintosh SR 1
Patch: Wordx.VMacMS02-059
330008
Affected Products:
- Word 2001 for Macintosh
- Office 2001 for Macintosh SR1
Patch: Word2001MacMS02-059
330008
Affected Products:
- Word 98 for Macintosh
- Word 98 for Macintosh Gold
Patch: Word98MacMS02-059
330008
Affected Products:
- Excel 2002
- Office XP SP2
Patch: Excel2002MS02-059
MS02-060 - Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940)
Posted: 2002/10/16
328940
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q328940_WXP_SP1_x86_ENU.exe
MS02-061 - Elevation of Privilege in SQL Server Web Tasks (Q316333)
Posted: 2002/10/16
316333
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP4
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP4
Patch: 7.00.1078_enu.exe
316333
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
Patch: 8.00.0686_enu.exe
MS02-062 - Cumulative Patch for Internet Information Service (Q327696)
Posted: 2002/10/30
327696
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q327696I.EXE
327696
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q327696_W2K_SP4_X86_EN.exe
327696
Affected Products:
- Internet Information Services 5.1
- Windows XP Service Pack 1
- Windows XP Gold
Patch: Q327696_WXP_SP2_x86_ENU.exe
MS02-063 - Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834)
Posted: 2002/10/30
329834
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q329834_W2K_SP4_X86_EN.exe
329834
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Home Edition
- Windows XP Gold
Patch: q329834_WXP_SP2_x86_ENU.exe
329834
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q329834_WXP_SP2_x86_ENU.exe
MS02-064 - Windows 2000 Default Permissions Could Allow Trojan Horse Program (Q327522)
Posted: 2002/10/30
327522
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: W2K_MS02-064
MS02-065 - Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414)
Posted: 2002/11/19
329414
Affected Products:
- MDAC 2.1
- MDAC 2.1 Gold
- MDAC 2.1 SP1
- MDAC 2.1 SP1A
- MDAC 2.1 SP2
- MDAC 2.5
- MDAC 2.5 Gold
- MDAC 2.5 SP1
- MDAC 2.5 SP2
- MDAC 2.5 SP3
- MDAC 2.6
- MDAC 2.6 Gold
- MDAC 2.6 SP1
- MDAC 2.6 SP2
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: q329414_mdacall_x86.exe
MS02-066 - Cumulative Patch for Internet Explorer (Q328970)
Posted: 2002/11/20
328970
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
Patch: q328970.exe
328970
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q328970.Exe
328970
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q328970.Exe
328970
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q328970.EXe
MS02-067 - E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail (331866)
Posted: 2002/12/04
331866
Affected Products:
- Outlook 2002
- Office XP SP2
Patch: MS02-067
MS02-068 - Cumulative Patch for Internet Explorer (324929)
Posted: 2002/12/04
324929
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q324929.Exe
324929
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q324929.Exe
324929
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q324929.EXe
MS02-069 - Flaw in Microsoft VM Could Enable System Compromise (810030)
Posted: 2002/12/11
810030
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 1
- Windows NT4 Service Pack 2
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 1
- Windows NT4 Service Pack 2
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 6
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 1
- Windows NT4 Service Pack 2
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6
- Windows NT4 Service Pack 6a
- Windows 95
- Windows 95 Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SE
- Windows 98 SE Gold
- Windows Me
- Windows Me Gold
Patch: msjavwu.exe
810030
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q810030_W2K.exe
MS02-070 - Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)
Posted: 2002/12/11
329170
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q329170_W2K_SP4_X86_EN.exe
329170
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q329170_WXP_SP2_x86_ENU.exe
329170
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q329170_WXP_SP2_x86_ENU.Exe
MS02-071 - Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310)
Posted: 2002/12/11
328310
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q328310_W2K_SP4_X86_EN.exe
328310
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q328310_WXP_SP2_x86_ENU.exe
328310
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q328310_WXP_SP2_x86_ENU.Exe
328310
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q328310i.exe
328310
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q328310i.EXE
MS02-072 - Unchecked Buffer in Windows Shell Could Enable System Compromise (Q329390)
Posted: 2002/12/17
329390
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q329390_WXP_SP2_x86_ENU.exe
329390
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q329390_WXP_SP2_x86_ENU.Exe
MS03-001 - Unchecked Buffer in Locator Service Could Lead to Code Execution (810833)
Posted: 2003/01/20
810833
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q810833i.exe
810833
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q810833i.Exe
810833
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q810833_W2K_SP4_X86_EN.exe
810833
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q810833_WXP_SP2_x86_ENU.exe
810833
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q810833_WXP_SP2_x86_ENU.Exe
MS03-002 - Cumulative Patch for Microsoft Content Management Server (810487)
Posted: 2003/01/21
810487
Affected Products:
- Content Management Server 2001
- Content Management Server 2001 SP1
Patch: mcms2001srp2.exe
MS03-003 - Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure (812262)
Posted: 2003/01/21
812262
Affected Products:
- Outlook 2002
- Office XP SP2
Patch: Olk1006.exe
MS03-004 - Cumulative Patch for Internet Explorer (810847)
Posted: 2003/02/05
810847
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
Patch: q810847.exe
810847
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q810847.Exe
810847
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q810847.Exe
810847
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q810847.EXe
MS03-005 - Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)
Posted: 2003/02/05
810577
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q810577_WXP_SP2_x86_ENU.exe
810577
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q810577_WXP_SP2_x86_ENU.Exe
MS03-006 - Flaw in Windows Me Help and Support Center Could Enable Code Execution (812709)
Posted: 2003/02/26
812709
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 812709USAM.exe
MS03-007 - Unchecked Buffer In Windows Component Could Cause Server Compromise (815021)
Posted: 2003/03/17
815021
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q815021_W2K_SP4_X86_EN.exe
815021
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q815021i.EXE
815021
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q815021i.exe
815021
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q815021_WXP_SP2_x86_ENU.exe
815021
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q815021_WXP_SP2_x86_ENU.Exe
MS03-008 - Flaw in Windows Script Engine could allow code execution (814078)
Posted: 2003/03/19
814078
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: js56nen.exe
814078
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SE
- Windows 98 SE Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: js56men.exe
MS03-009 - Flaw in ISA Server DNS intrusion detection filter can cause Denial of Service (331065)
Posted: 2003/03/19
331065
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: isahf256.exe
MS03-010 - Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953)
Posted: 2003/03/26
331953
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q331953_WXP_SP2_x86_ENU.exe
331953
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q331953_WXP_SP2_x86_ENU.Exe
331953
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q331953_W2K_SP4_X86_EN.exe
331953
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: NT4Workstation Note Message
331953
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
Patch: NT4 Server Note Message
331953
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: NT4 TS Note Message
MS03-011 - Flaw in Microsoft VM Could Enable System Compromise (816093)
Posted: 2003/04/09
816093
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q816093_W2K_SP4_X86_EN.exe
816093
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows 95
- Windows 95 Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SE
- Windows 98 SE Gold
- Windows Me
- Windows Me Gold
Patch: msjavwu.exe
MS03-012 - Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service (331066)
Posted: 2003/04/09
331066
Affected Products:
- Proxy Server 2.0
- Proxy Server 2.0 SP1
Patch: MS03-012MSProxyServer
331066
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: MS03-012MSISAServer
MS03-013 - Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493)
Posted: 2003/04/16
811493
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q811493i.EXE
811493
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q811493i.exe
811493
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q811493_W2K_SP4_X86_EN.exe
811493
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q811493_WXP_SP2_x86_ENU.exe
811493
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q811493_WXP_SP2_x86_ENU.Exe
MS03-014 - Cumulative Patch for Outlook Express (330994)
Posted: 2003/04/23
330994
Affected Products:
- Outlook Express 5.5
- Outlook Express 5.5 SP2
Patch: q330994.exe
330994
Affected Products:
- Outlook Express 6.0
- Outlook Express 6.0 Gold
Patch: Q330994.exe
330994
Affected Products:
- Outlook Express 6.0
- Outlook Express 6.0 SP1
Patch: Q330994.Exe
MS03-015 - Cumulative Patch for Internet Explorer (813489)
Posted: 2003/04/23
813489
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
Patch: q813489.exe
813489
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q813489.exe
813489
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q813489.Exe
813489
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q813489.EXe
MS03-016 - Cumulative Patch for BizTalk Server (815206)
Posted: 2003/04/30
815206
Affected Products:
- BizTalk Server 2000
- BizTalk Server 2000 SP2
Patch: BTS2000-815207-EN.EXE
815206
Affected Products:
- BizTalk Server 2002
- BizTalk Server 2002 Gold
Patch: BTS2002-815208-ENU.exe
MS03-017 - Flaw in Windows Media Player Skins Downloading Could Allow Code Execution (817787)
Posted: 2003/05/07
817787
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: WindowsMedia71-KB817787-x86-ENU.exe
817787
Affected Products:
- Windows Media Player for Windows XP
- Windows Media Player for Windows XP Gold
- Windows XP Gold
- Windows XP Service Pack 1
Patch: WindowsMedia8-KB817787-x86-ENU.exe
MS03-018 - Cumulative Patch for Internet Information Service (811114)
Posted: 2003/05/28
811114
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q811114I.EXE
811114
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q811114_W2K_SP4_X86_EN.exe
811114
Affected Products:
- Internet Information Services 5.1
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q811114_WXP_SP2_x86_ENU.exe
MS03-019 - Flaw in ISAPI extension for Windows Media Services could cause denial of service (817772)
Posted: 2003/05/28
817772
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsMedia41-KB817772-x86-ENU.exe
817772
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: WindowsMedia41-KB817772-x86-ENU.Exe
MS03-020 - Cumulative Patch for Internet Explorer (818529)
Posted: 2003/06/04
818529
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
Patch: q818529.exe
818529
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q818529.exe
818529
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q818529.Exe
818529
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q818529.EXe
818529
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB818529-x86-ENU.exe
MS03-021 - Flaw In Windows Media Player May Allow Media Library Access (819639)
Posted: 2003/06/25
819639
Affected Products:
- Windows Media Player 9.0
- Windows Media Player 9.0 Gold
Patch: WindowsMedia9-KB819639-x86-ENU.exe
MS03-022 - Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution (822343)
Posted: 2003/06/25
822343
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 4
Patch: WindowsMedia41-KB822343-x86-ENU.exe
MS03-023 - Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
Posted: 2003/07/09
823559
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: windows-kb823559-enu.exe
823559
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Windows-KB823559-ENU.exe
823559
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB823559-x86-ENU.exe
823559
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Gold
- Windows XP Professional
- Windows XP Service Pack 1
- Windows XP Gold
Patch: WindowsXP-KB823559-x86-ENU.exe
823559
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB823559-x86-ENU.exe
823559
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 823559USAM.EXE
823559
Affected Products:
- Windows 98 SE
- Windows 98 SE Gold
- Windows 98
- Windows 98 Gold
Patch: 823559USA8.EXE
MS03-024 - Buffer Overrun in Windows Could Lead to Data Corruption (817606)
Posted: 2003/07/09
817606
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q817606i.EXE
817606
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q817606i.exe
817606
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 3
Patch: Windows2000-KB817606-x86-ENU.exe
817606
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q817606_WXP_SP2_x86_ENU.exe
817606
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q817606_WXP_SP2_x86_ENU.Exe
MS03-025 - Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679)
Posted: 2003/07/09
822679
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 3
Patch: Windows2000-KB822679-x86-ENU.exe
MS03-026 - Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
Posted: 2003/07/16
823980
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q823980i.EXE
823980
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q823980i.exe
823980
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Service Pack 2
Patch: Windows2000-KB823980-x86-ENU.exe
823980
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB823980-x86-ENU.exe
823980
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB823980-x86-ENU.EXE
823980
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB823980-x86-ENU.exe
MS03-027 - Unchecked Buffer in Windows Shell Could Enable System Compromise (821557)
Posted: 2003/07/16
821557
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB821557-x86-ENU.exe
821557
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB821557-x86-ENU.EXE
MS03-028 - Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack (816456)
Posted: 2003/07/16
816456
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: ISA2000-KB816456-x86.exe
MS03-029 - Flaw in Windows Function Could Allow Denial of Service (823803)
Posted: 2003/07/23
823803
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB823803-x86-ENU.EXE
823803
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q823803i.exe
MS03-030 - Unchecked Buffer in DirectX Could Enable System Compromise (819696)
Posted: 2003/07/23
819696
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 SE Gold
- Windows Me
- Windows Me Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: DirectX9-KB819696-x86-ENU.exe
819696
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Q819696i.EXE
819696
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q819696i.exe
MS03-031 - Cumulative Patch for Microsoft SQL Server (815495)
Posted: 2003/07/23
815495
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP4
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP4
Patch: SQL70-KB815495-v7.00.1094-ENU.exe
815495
Affected Products:
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP3
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP3a
- SQL Server 2000
- SQL Server 2000 SP3
- SQL Server 2000 SP3a
Patch: SQL2000-KB815495-8.00.0818-ENU.exe
MS03-032 - Cumulative Patch for Internet Explorer (822925)
Posted: 2003/08/20
822925
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 SP4
Patch: q822925.exe
822925
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q822925.EXE
822925
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q822925.exe
822925
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q822925.EXE
822925
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB822925-x86-ENU.exe
MS03-033 - Unchecked Buffer in MDAC Function Could Enable System Compromise (823718)
Posted: 2003/08/20
Q823718
Affected Products:
- MDAC 2.5
- MDAC 2.5 SP2
- MDAC 2.5 SP3
Patch: Q823718_MDAC_SecurityPatch.exe
823718
Affected Products:
- MDAC 2.6
- MDAC 2.6 SP2
Patch: Q823718_MDAC_SecurityPatch.EXE
823718
Affected Products:
- MDAC 2.7
- MDAC 2.7 Gold
- MDAC 2.7 SP1
Patch: q823718_MDAC_SecurityPatch.exe
MS03-034 - Flaw in NetBIOS Could Lead to Information Disclosure (824105)
Posted: 2003/09/03
824105
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB824105-x86-ENU.EXE
824105
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB824105-x86-ENU.EXE
824105
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB824105-x86-ENU.exe
824105
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB824105-x86-ENU.exe
824105
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB824105-x86-ENU.EXE
824105
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB824105-x86-ENU.exe
MS03-035 - Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653)
Posted: 2003/09/03
827653
Affected Products:
- Word 2000
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000 Service Pack 3
- Works 2001
- Works 2001 Gold
- Office 2000
- Office 2000 Service Pack 3
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: office2000-kb824936-fullfile-enu.exe
827653
Affected Products:
- Works 2003
- Works 2003 Gold
- Word 2002
- Office XP SP2
- Office XP
- Office XP SP2
Patch: officexp-kb824934-fullfile-enu.exe
MS03-036 - Buffer Overrun in WordPerfect Converter Could Allow Code Execution (827103)
Posted: 2003/09/03
827103
Affected Products:
- Office 2000
- Office 2000 Service Pack 3
- Office 2000 SR-1
- Office 2000 SR-1a
- FrontPage 2000
- Office 2000 Service Pack 3
- Office 2000 SR-1
- Office 2000 SR-1a
- Publisher 2000
- Office 2000 Service Pack 3
- Office 2000 SR-1
- Office 2000 SR-1a
- Works 2001
- Works 2001 Gold
Patch: office2000-kb824993-fullfile-enu.exe
827103
Affected Products:
- Office XP
- Office XP SP2
- Office XP SP1
- FrontPage 2002
- Office XP SP1
- Office XP SP2
- Publisher 2002
- Office XP SP1
- Office XP SP2
- Works 2002
- Works 2002 Gold
- Works 2003
- Works 2003 Gold
Patch: officexp-kb824938-client-enu.exe
MS03-037 - Flaw in Visual Basic for Applications Could Allow Arbitrary Code execution (822715)
Posted: 2003/09/03
822715
Affected Products:
- Office 2000
- Office 2000 Service Pack 3
Patch: office2000-kb822035-fullfile-enu.exe
822715
Affected Products:
- Office XP
- Office XP SP2
Patch: officexp-kb822036-fullfile-enu.exe
822715
Affected Products:
- Project 2000
- Project 2000 SR1
Patch: project2000-kb822478-fullfile-enu.exe
822715
Affected Products:
- Project 2002
- Project 2002 Gold
Patch: project2002-kb822211-fullfile-enu.exe
822715
Affected Products:
- Visio 2002
- Visio 2002 Gold
Patch: visio2002-kb822212-fullfile-enu.exe
822715
Affected Products:
- VBA 5.0
- VBA 6.0
- Access 97
- Excel 97
- PowerPoint 97
- Word 97
- Word 98
- VBA 6.2
- VBA 6.3
Patch: VBAPatch
MS03-038 - Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104)
Posted: 2003/09/03
827104
Affected Products:
- Access 2000
- Office 2000 Service Pack 3
Patch: office2000-kb826292-fullfile-enu.exe
827104
Affected Products:
- Access 2002
- Office XP SP1
- Office XP SP2
Patch: officexp-kb826293-client-enu.exe
MS03-039 - Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
Posted: 2003/09/10
824146
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB824146-x86-ENU.EXE
824146
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB824146-x86-ENU.EXE
824146
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB824146-x86-ENU.EXE
824146
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB824146-x86-ENU.exe
824146
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB824146-x86-ENU.exe
824146
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB824146-x86-ENU.EXE
824146
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB824146-x86-ENU.exe
MS03-040 - Cumulative Patch for Internet Explorer (828750)
Posted: 2003/10/03
828750
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q828750.exe
828750
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q878750.exe
828750
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB828750-x86-ENU.exe
828750
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q828750.Exe
828750
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 SP4
Patch: Q828750.EXe
