Mssecure - 2004-06-08 (JPN)
Source: mssecure_1041.cab
Data Updated: 2004/06/08
Data Version: 2004.6.8.0
MSBA/Tool Version: 1.2 3.32
MS98-001 - Disabling Creation of Local Groups on a Domain by Non-Administrative Users
Posted: 1998/06/01
169556
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: CREATALS_x86.exe
MS98-002 - Error Message Vulnerability Against Secured Internet Servers
Posted: 1998/06/26
148427
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 Gold
- Exchange Server 5.5 SP1
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
Patch: ssl-fixi.exe
MS98-003 - File Access Issue with Windows NT Internet Information Server
Posted: 1998/07/02
188806
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
Patch: iis3fixi.exe
188806
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Personal Web Server 4.0
- Windows NT4 Service Pack 3
Patch: iis4fixi.exe
MS98-004 - Unauthorized ODBC Data Access with RDS and IIS
Posted: 1998/07/14
184375
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q184375
MS98-005 - Unwanted Data Issue with Office 98 for the Macintosh
Posted: 1998/07/17
189529
Affected Products:
- Office 98 for Macintosh
- Office 98 for Macintosh Gold
Patch: 98-005
MS98-006 - Potential Denial-of-Service in IIS FTP Server due to Passive Connections
Posted: 1998/07/23
189262
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
Patch: ftpfix3i.exe
189262
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
Patch: ftpfix4i.exe
MS98-007 - Potential SMTP and NNTP Denial-of-Service Vulnerabilities
Posted: 1998/07/24
188341
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 Gold
Patch: MS98-007
188341
Affected Products:
- Exchange Server 5.0
- Exchange Server 5.0 SP1
- Exchange Server 5.0 SP2
Patch: psp2imsi.exe
188369
Affected Products:
- Exchange Server 5.0
- Exchange Server 5.0 SP1
- Exchange Server 5.0 SP2
Patch: psp2stri.exe
MS98-008 - Long file name Security Issue affecting Microsoft Outlook 98 and Microsoft Outlook Express 4.x
Posted: 1998/07/27
175807
Affected Products:
- Outlook Express 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
Patch: oelong
175807
Affected Products:
- Outlook 98
- Outlook 98 Gold
Patch: outptch2.exe
MS98-009 - Windows NT Privilege Elevation Attack
Posted: 1998/07/27
190288
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
Patch: privfixi.exe
MS98-010 - Information on the Back Orifice Program
Posted: 1998/08/04
237280
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: MS98-010
MS98-011 - Window.External JScript Vulnerability in Microsoft Internet Explorer 4.0
Posted: 1998/08/17
191200
Affected Products:
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
Patch: jscript.asp
MS98-012 - Updates available for Security Vulnerabilities in Microsoft PPTP
Posted: 1998/08/18
189771
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
Patch: dun40.exe
154091
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: msdun13.exe
189595
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
Patch: pptpfixi.exe
189594
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
Patch: rrasfixi.exe
Posted: 1998/09/04
168485
Affected Products:
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
Patch: xframe.asp
MS98-014 - RPC Spoofing Denial of Service on Windows NT
Posted: 1998/09/29
193233
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
Patch: snk-fixi.exe
193233
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Gold
Patch: Snk-fixi.exe
MS98-015 - Untrusted Scripted Paste Issue in Microsoft Internet Explorer 4.01
Posted: 1998/10/16
169245
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
Patch: paste.asp
MS98-016 - Dotless IP Address Issue in Microsoft Internet Explorer 4
Posted: 1998/10/23
168617
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP1
Patch: dotless.asp
MS98-017 - Named Pipes Over RPC Vulnerability
Posted: 1998/11/19
195733
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
Patch: nprpcfxi.exe
- ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postsp4/archive/nprpc-fix/
MS98-018 - Excel CALL Vulnerability
Posted: 1998/12/10
196791
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: Xl8p9pkg
MS98-019 - IIS GET Vulnerability
Posted: 1998/12/21
192296
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 4
Patch: infget3i.exe
192296
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
Patch: infget4i.exe
MS98-020 - Frame Spoof Vulnerability
Posted: 1998/12/23
167614
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP1
Patch: spoof.asp
- v
MS99-001 - Exposure in Forms 2.0 TextBox Control that allows data to be read from user's Clipboard
Posted: 1999/01/21
214757
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
- Outlook 98
- Office 97 SR-2/SR-2b
- PowerPoint 97
- Office 97 SR-2/SR-2b
- Project 98
- Office 97 SR-2/SR-2b
- Visual Basic 5.0
- Visual Basic 5.0 Gold
- Word 97
- Office 97 SR-2/SR-2b
Patch: fm2paste.exe
MS99-002 - Word 97 Template Vulnerability
Posted: 1999/01/21
214652
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: Wd97SP.EXE
MS99-003 - IIS Malformed FTP List Request Vulnerability
Posted: 1999/02/03
188348
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
Patch: ftpls3i.exe
188348
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
Patch: ftpls4i.exe
MS99-004 - Authentication Processing Error in Windows NT 4.0 Service Pack 4
Posted: 1999/02/08
214840
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
Patch: msv-fixi.exe
MS99-005 - BackOffice Server 4.0 Does Not Delete Installation Setup File
Posted: 1999/02/12
217004
Affected Products:
- BackOffice Server 4.0
- BackOffice Server 4.0 Gold
Patch: Q217004
MS99-006 - Windows NT Known DLLs List Vulnerability
Posted: 1999/02/19
218473
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
Patch: Smssfixi.exe
218473
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Gold
Patch: Smssfixi.Exe
MS99-007 - Taskpads Scripting Vulnerability
Posted: 1999/02/22
218619
Affected Products:
- BackOffice Resource Kit SE
- BackOffice Resource Kit SE Gold
Patch: itmcpatch.exe
218619
Affected Products:
- Windows 98 Resource Kit
- Windows 98 Resource Kit Gold
- Windows 98 Resource Kit Sampler
- Windows 98 Resource Kit Gold
Patch: tmcpatch.exe
MS99-008 - Windows NT Screen Saver Vulnerability
Posted: 1999/03/12
221991
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
Patch: Scrnsavi.exe
221991
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Gold
Patch: Scrnsavi.Exe
MS99-009 - Malformed Bind Request Vulnerability
Posted: 1999/03/16
221989
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP2
Patch: PSP2DIRI.EXE
MS99-010 - File Access Vulnerability in Personal Web Server
Posted: 1999/03/26
216453
Affected Products:
- FrontPage 98 Personal Web Server 1.0
- FrontPage 98 Personal Web Server 1.0 Gold
Patch: fppws98.exe
217763
Affected Products:
- Personal Web Server 4.0
- Personal Web Server 4.0 Gold
Patch: Pwssecup.exe
217765
Affected Products:
- FrontPage 97 Personal Web Server 1.0
- FrontPage 97 Personal Web Server 1.0 Gold
Patch: Q217765
MS99-011 - DHTML Edit Vulnerability
Posted: 1999/04/21
226326
Affected Products:
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: DHTMLED5.EXE
MS99-012 - MSHTML Update Available for Internet Explorer
Posted: 1999/04/21
226325
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
Patch: mshtml4.exe
226325
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: mshtml5.exe
- v
MS99-013 - File Viewers Vulnerability
Posted: 1999/05/07
232449
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
Patch: fix2450i.exe
231656
Affected Products:
- Site Server 3.0, Commerce Edition
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
Patch: viewfixi.exe
- v
MS99-014 - Excel 97 Virus Warning Vulnerabilities
Posted: 1999/05/07
231304
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: Xl8p9pkg.exe
MS99-015 - Malformed Help File Vulnerability
Posted: 1999/05/17
231605
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: winhlp-i.exe
- v
MS99-016 - Malformed Phonebook Entry Vulnerability
Posted: 1999/05/20
230677
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
Patch: rasffixi.exe
MS99-017 - RAS and RRAS Password Vulnerability
Posted: 1999/05/27
230681
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: raspassword-fix
233303
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: rpwdfixi.exe
- v
MS99-018 - Malformed Favorites Icon Vulnerability
Posted: 1999/05/27
241361
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q241361.exe
241361
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: Q241361.exe
MS99-019 - Malformed HTR Request Vulnerability
Posted: 1999/06/15
234905
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: extfixi.exe
MS99-020 - Malformed LSA Request Vulnerability
Posted: 1999/06/23
231457
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
Patch: lsareqi.exe
231457
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
Patch: lsareqi.Exe
MS99-021 - CSRSS Worker Thread Exhaustion Vulnerability
Posted: 1999/06/23
233323
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: csrssfxi.exe
MS99-022 - Double Byte Code Page Vulnerability
Posted: 1999/06/24
233335
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: fesrc3i.exe
233335
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: fesrc4i.exe
MS99-023 - Malformed Image Header Vulnerability
Posted: 1999/06/30
234557
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
Patch: krnlifxi.exe
234557
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
Patch: Krnlifxi.exe
MS99-024 - Unprotected IOCTLs Vulnerability
Posted: 1999/07/06
On a terminal server, such a program could disable the keyboard and mouse on the console.
236359
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: ioctlfxi.exe
236359
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
Patch: Ioctlfxi.exe
MS99-025 - Unauthorized Access to IIS Servers through ODBC Data Access with RDS
Posted: 1999/07/17
184375
Affected Products:
- Internet Information Server 3.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q184375
MS99-026 - Malformed Dialer Entry Vulnerability
Posted: 1999/07/29
237185
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: dialrfxi.exe
237185
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
Patch: Dialrfxi.exe
MS99-027 - Encapsulated SMTP Address Vulnerability
Posted: 1999/08/06
237927
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP2
Patch: psp2imci.zip
MS99-028 - Terminal Server Connection Request Flooding Vulnerability
Posted: 1999/08/09
228724
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: tsmemfxi.exe
MS99-029 - Malformed HTTP Request Header Vulnerability
Posted: 1999/08/11
238349
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: vdext4i.exe
MS99-030 - Office 「ODBC ドライバ」 の脆弱性に対する対策
Posted: 1999/08/20
141796
Affected Products:
- Office 95
- Office 95 Gold
Patch: Jet30Pkg.exe
239105
Affected Products:
- Office 97
- Office 97 Gold
- Office 97 SR-1
- Office 97 SR-2/SR-2b
Patch: jetCopkg.exe
239471
Affected Products:
- Office 2000
- Office 2000 Gold
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: JetcoPkg.exe
MS99-031 - 「仮想マシン サンドボックス」 の脆弱性に対する対策
Posted: 1999/08/25
240346
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: msjavx86.exe
MS99-032 - 「Scriptlet.typlib/Eyedog」 の脆弱性に対する対策
Posted: 1999/08/31
240308
Affected Products:
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
- Internet Explorer 5
- Internet Explorer 5 Gold
- Outlook Express 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 4.01 SP1
- Internet Explorer 4.01 SP2
Patch: q240308ja86.exe
MS99-034 - 「断片化された IGMP パケット」 の脆弱性に対する対策
Posted: 1999/09/03
238453
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 238453US5.exe
238453
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 238453US8.EXE
238329
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: igmpfixi.exe
238329
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: Igmpfixi.exe
MS99-033 - 「改ざんされた Telnet 引数」 の脆弱性に対する対策
Posted: 1999/09/09
240163
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: telnet95.exe
240163
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: TelnetUp.EXE
MS99-035 - 「Set Cookie ヘッダによるキャッシュ」 の脆弱性に対する対策
Posted: 1999/09/10
238647
Affected Products:
- Microsoft Commercial Internet System 2.0
- Microsoft Commercial Internet System 2.0 Gold
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.5 Gold
- Site Server 3.0
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
- Site Server 3.0, Commerce Edition
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
Patch: q238647x86eng.exe
MS99-036 - 「Windows NT 4.0 が無人インストール ファイルを削除しない」 ことによる脆弱性に対する対策
Posted: 1999/09/10
155197
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: MS99-036
MS99-037 - 「ImportExportFavorites」 の脆弱性に対する対策
Posted: 1999/09/10
241361
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q241361.exe
241361
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: Q241361.exe
MS99-038 - 「パケットの不正情報によりソースルーティングが有効になる」脆弱性に対する対策
Posted: 1999/09/20
238453
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
Patch: ipsrfixi.exe
MS99-039 - 「ドメイン解決」、「FTPダウンロード」 の脆弱性に対する対策
Posted: 1999/09/23
241805
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: iprftp4i.exe
241562
Affected Products:
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.5 Gold
Patch: q242559.exe
MS99-040 - IE 5 「ダウンロード動作」の脆弱性に対する対策
Posted: 1999/09/28
243638
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q243638ja86.exe
MS99-041 - 「RASMAN セキュリティ記述子」 の脆弱性に対する対策
Posted: 1999/09/30
242294
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: fixrasi.exe
242294
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: fixrasi.Exe
MS99-042 - 「IFRAME ExecCommand」 の脆弱性に対する対策
Posted: 1999/10/11
243638
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q243638ja86.exe
MS99-043 - 「Javascript リダイレクト」 の脆弱性に対する対策
Posted: 1999/10/18
244356
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q244356.exe
244357
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q244357.exe
MS99-044 - 「Excel SYLK」の脆弱性に対する対策
Posted: 1999/10/20
241900
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: xl8p7pkg.exe
241901
Affected Products:
- Excel 2000
- Office 2000 Gold
- Office 2000
- Office 2000 Gold
Patch: xl9p2pkg.exe
MS99-045 - 「仮想マシン ベリファイア」 の脆弱性に対する対策
Posted: 1999/10/21
275609
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: msjavx86.exe
MS99-046 - 「TCP/IP のシーケンス番号が予測できてしまう」 脆弱性 に対する対策
Posted: 1999/10/22
243835
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: q243835i.exe
243835
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: Q243835i.EXE
243835
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
Patch: q243835sp5i.exe
MS99-047 - 「改ざんされたスプーラ リクエスト」 の脆弱性に対する対策
Posted: 1999/11/04
243649
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q243649.exe
MS99-048 - 「Active Setup Control」 の脆弱性に対する対策
Posted: 1999/11/11
244540
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q244540jax86.exe
244540
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q244540jax86.exe
MS99-049 - 「URL を用いたファイルアクセス」 の脆弱性に対する対策
Posted: 1999/11/12
245729
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 245729us5.exe
245729
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
Patch: 245729us8.exe
MS99-051 - 「IE タスク スケジューラ」 の脆弱性に対する対策
Posted: 1999/11/29
246972
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: q246972
MS99-052 - 「パスワードをキャッシュするレガシ メカニズムが与える」 脆弱性に対する対策
Posted: 1999/11/29
168115
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 168115us5.exe
168115
Affected Products:
- Windows 98
- Windows 98 Gold
Patch: 168115us8.exe
MS99-054 - 「WPAD Spoofing」 の脆弱性に対する対策
Posted: 1999/12/01
247333
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q247333
MS99-053 - 「マルチスレッド SSL ISAPI フィルタ」 の脆弱性に対する対策
Posted: 1999/12/02
244613
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: sslune4i.exe
MS99-050 - 「サーバー側参照リダイレクト」 の脆弱性に対する対策
Posted: 1999/12/08
246094
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q246094.exe
256094
Affected Products:
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: Q246094.exe
246094
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q246094.Exe
- v
MS99-055 - 「リソース カタログ要求に対し改ざんされた引数が渡された場合」 の脆弱性に対する対策
Posted: 1999/12/09
The primary effect of the failure is to cause named pipes to fail, which prevents many other system services from operating.
246045
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: q246045i.exe
MS99-056 - 「Syskey がキーストリームを再使用する」 の脆弱性に対する対策
Posted: 1999/12/16
248183
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: q248183i.exe
248183
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
Patch: Q248183ts.exe
MS99-057 - 「SID に無効な引数が渡された場合」 の脆弱性に対する対策
Posted: 1999/12/16
248183
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q248183.EXE
MS99-059 - 「不正なTDSパケット ヘッダ」 の脆弱性に対する対策
Posted: 1999/12/20
248749
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
Patch: S70761i.exe
MS99-058 - 「仮想ディレクトリの名前」 の脆弱性
Posted: 1999/12/21
238606
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: vrdcon4i.exe
MS99-061 - 「エスケープ文字解析」の脆弱性に対する対策
Posted: 1999/12/21
246401
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: unschx4i.exe
MS99-060 - 「HTML メール添付ファイル」 の脆弱性に対する対策
Posted: 1999/12/22
249082
Affected Products:
- Internet Explorer 4.5 for Macintosh
- Internet Explorer 4.5 for Macintosh Gold
- Outlook Express 5 for Macintosh
- Outlook Express 5 for Macintosh Gold
Patch: MacFiles
MS00-001 - 「不正な IMAP リクエスト 」 の脆弱性に対する対策
Posted: 2000/01/04
246731
Affected Products:
- Microsoft Commercial Internet System 2.0
- Microsoft Commercial Internet System 2.0 Gold
- Microsoft Commercial Internet System 2.5
- Microsoft Commercial Internet System 2.5 Gold
Patch: q246731jpni.EXE
MS00-003 - 「偽装 LPC ポート リクエスト」 の脆弱性に対する対策
Posted: 2000/01/12
247869
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q247869i.EXE
MS00-005 - 「RTF のコントロール ワードが改ざんされた場合」の脆弱性に対する対策
Posted: 2000/01/17
249973
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 249973USA5.exe
249973
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 249973USA8.exe
249973
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q249973i.EXE
249973
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
Patch: q249973ts.exe
MS00-002 - 「不正なコンバージョン データ」 の脆弱性に対する対策
Posted: 2000/01/20
249881
Affected Products:
- PowerPoint 2000
- Office 2000 Gold
- Word 2000
- Office 2000 Gold
Patch: WW5pkg.exe
249881
Affected Products:
- PowerPoint 98
- PowerPoint 98 Gold
- Word 97
- Office 97 Gold
- Word 98
- Word 98 Gold
Patch: WW5Pkg.exe
MS00-004 - 「RDISK レジストリ情報ファイル」 の脆弱性に対する対策
Posted: 2000/01/21
The RDISK utility is used to create an Emergency Repair Disk (ERD) in order to record machine state information as a contingency against system failure. During execution, RDISK creates a temporary file containing an enumeration of the registry. The ACLs on the file allow global read permission, and as a result, a malicious user who knew that the administrator was running RDISK could open the file and read the registry enumeration information as it was being created. RDISK erases the file upon successful completion, so under normal conditions there would be no lasting vulnerability.By default, the file is not shared and therefore could not be read by other network user
249108
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: q249108i.EXE
249108
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q249108i.exe
MS00-006 - 「Hit-Highlighting 引数の形式不良」 の脆弱性に対する対策
Posted: 2000/01/26
The first vulnerability is the "Malformed Hit-Highlighting Argument" vulnerability. The ISAPI filter that implements the hit-highlighting (also known as "WebHits") functionality does not adequately constrain what files can be requested. By providing a deliberately-malformed argument in a request to hit-highlight a document, it is possible to escape the virtual directory. This would allow any file residing on the server itself, and on the same logical drive as the web root directory, to be retrieved regardless of permissions. This variant could allow the source of server-side files such as .ASP files to be read. The new variant affects only Index Server 2.0, and Windows 2000 customers who applied the original patch were never at risk from it. The second vulnerability involves the error message that is returned when a user requests a non-existent Internet Data Query file. The error message provides the physical path to the web directory that was contained in the request. Although this vulnerability would not allow a malicious user to alter or view any data, it could be a valuable reconnaissance tool for mapping the file structure of a web server. This variant could allow a malicious user to read files. The variant was eliminated by the original patch, and customers who applied the original version of the patch were never at risk from it. Indexing Services in Windows 2000 is affected only by the "Malformed Hit-Highlighting" vulnerability - it is not affected by the second vulnerability.
251170
Affected Products:
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
Patch: Q251170_W2K_SP1_X86_en.EXE
252463
Affected Products:
- Index Server 2.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q252463i.EXE
MS00-007 - 「ごみ箱作成に伴う」 脆弱性に対する対策
Posted: 2000/02/01
The Windows NT Recycle Bin for a given user maps to a folder, whose name is based on the owner's SID. The folder is created the first time the user deletes a file, and the owner is given sole permissions to it. However, if a malicious user could create the folder before the bona fide one were created, he or she could assign any desired permissions to it. This would allow him or her to create, modify or delete files in the Recycle Bin
248399
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: jpnQ248399i.EXE
MS00-009 - 「Image Source Redirect」 の脆弱性に対する対策
Posted: 2000/02/16
When a web server navigates a window from one domain into another one, the IE security model checks the server's permissions on the new page. However, it is possible for a web server to open a browser window to a client-local file, then navigate the window to a page that is in the web site's domain in such a way that the data in the client-local file is accessible to the new window. The data would only be accessible to the new window for a very brief period, but the result is that it could be possible for a malicious web site operator to view files on the computer of a visiting user.
251109
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: q251109.exe
251109
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: Q251109.exe
MS00-010 - 「サイト ウィザード入力確認」 の脆弱性に対する対策
Posted: 2000/02/18
252614
Affected Products:
- Site Server 3.0, Commerce Edition
- Site Server 3.0 Gold
- Site Server 3.0 SP1
- Site Server 3.0 SP2
- Site Server 3.0 SP3
- Site Server 3.0 SP4
Patch: Q252614.zip
MS00-011 - 「VM ファイル参照 問題」 の脆弱性に対する対策
Posted: 2000/02/18
The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.x and Internet Explorer 5.x contains a security vulnerability that could allow a Java applet to operate outside the bounds set by the sandbox. A malicious user could write a Java applet that could read - but not change, delete or add - files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet.
253562
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: msjavx86.exe
253562
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_EN.exe
MS00-012 - 「リモート エージェントのアクセス許可」 の脆弱性に対する対策
Posted: 2000/02/22
249847
Affected Products:
- Systems Management Server 2.0
- Systems Management Server 2.0 Gold
- Systems Management Server 2.0 SP1
Patch: Q249847i.EXE
MS00-013 - 「Windows Media サービス ハンドシェイクの順序不良」 の脆弱性に対する対策
Posted: 2000/02/23
253943
Affected Products:
- Windows Media Services 4.0
- Windows NT4 Service Pack 6a
- Windows Media Services 4.1
- Windows NT4 Service Pack 6a
Patch: WMSU4954_NT4.EXE
253943
Affected Products:
- Windows Media Services 4.1
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: WMSU4954_Win2000.EXE
MS00-015 - 「Microsoft Clip Art Gallery」 における脆弱性に対する対策
Posted: 2000/03/06
256167
Affected Products:
- Greetings 2000
- Greetings 2000 Gold
- Home Publishing 2000
- Home Publishing 2000 Gold
- Office 2000
- Office 2000 Gold
- Photo Draw 2000 Version 1
- Photo Draw 2000 Version 1 Gold
- PictureIt 2000
- PictureIt 2000 Gold
- Publisher 99
- Publisher 99 Gold
- Works 2000
- Works 2000 Gold
Patch: cilupdt.exe
MS00-014 - 「SQL クエリー」 の脆弱性に対する対策
Posted: 2000/03/08
256052
Affected Products:
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 Gold
- SQL Server 7.0 SP1
- SQL Server 7.0
- SQL Server 7.0 Gold
- SQL Server 7.0 SP1
Patch: s70780i.exe
MS00-008 - 「レジストリ値のアクセス権」の脆弱性に対する対策
Posted: 2000/03/09
259496
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q259496i.exe
MS00-017 - 「パスに DOS デバイス名が含まれる場合」 の脆弱性に対する対策
Posted: 2000/03/16
256015
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 256015USA5.EXE
256015
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 256015USA8.EXE
MS00-016 - 「改ざんされたメディア ライセンス要求」の脆弱性に対する対策
Posted: 2000/03/17
257200
Affected Products:
- Windows Media Rights Manager 1
- Windows Media Rights Manager 1 Gold
Patch: WMRMU8912_NT4.EXE
MS00-018 - 「チャンクエンコーディングされたポスト」 の脆弱性に対する対策
Posted: 2000/03/20
252693
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: chkenc4i.exe
MS00-019 - 「仮想化された UNC シェア」 の脆弱性に対する対策
Posted: 2000/03/30
Under certain fairly unusual conditions, the vulnerability could cause a web server to send the source code of .ASP and other files to a visiting user.
249599
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q249599_W2K_SP1_X86_ja.EXE
249599
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: uncsec4i.exe
MS00-021 - 「改ざんされた TCP/IP 印刷リクエスト」 の脆弱性 に対する対策
Posted: 2000/03/30
A specially-malformed print request could cause TCPSVC.EXE to crash, which would not only prevent the server from providing printing services, but also would stop several other services, most importantly DHCP.
257870
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
Patch: Q257870_W2K_SP1_x86_ja.EXE
257870
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q257870i.EXE
257870
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q257870ts.exe
MS00-022 - 「XLM Text Macro」 の脆弱性に対する対策
Posted: 2000/04/03
255605
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: xl8p9pkg.exe
MS00-023 - 「無数のエスケープ文字」 の脆弱性に対する対策
Posted: 2000/04/12
Special characters can be embedded in URLs by use of so-called escaped character sequences. By providing a specially-malformed URL with an extremely large number of escaped characters, a malicious user could arbitrarily increase the work factor associated with parsing the escaped characters, thereby consuming much or all of the CPU availability on the server and preventing useful work from being done.
254142
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: escseq4i.exe
254142
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q254142_W2K_SP1_x86_ja.EXE
MS00-024 - 「改ざんされたレジストリが暗号キーに与える影響」 の脆弱性に対する対策
Posted: 2000/04/12
259496
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q259496i.exe
259496
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q259496i.Exe
MS00-025 - 「Link View サーバー側コンポーネント」 の脆弱性に対する対策
Posted: 2000/04/14
259799
Affected Products:
- FrontPage 98 Server Extensions
- FrontPage 98 Server Extensions Gold
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Personal Web Server 4.0
- Personal Web Server 4.0 Gold
Patch: Q259799
MS00-026 - 「オブジェクトに対する属性」 の脆弱性に対する対策
Posted: 2000/04/20
Active Directory allows for access control of directory objects on a per-attribute basis. However, the vulnerability at issue here could allow a malicious user to modify object attributes that he does not have permission to modify, as long as he combined the operation in a particular way with ones involving attributes that he does have permission to modify.The vulnerability does not afford the malicious user an opportunity to modify all objects in a class ? only the specific class objects for which he has permission to modify at least one attribute. Further, the vulnerability provides no capability to bypass normal authentication or Windows 2000 auditing, so administrators could determine if this vulnerability were being exploited, and by wh
259401
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
Patch: q259401_w2k_sp1_x86_ja.exe
MS00-027 - 「極端に長い環境文字列を生成する引数が指定された場合」 の脆弱性 に対する対策
Posted: 2000/04/20
CMD.EXE, the command processor for Windows NT 4.0 and Windows 2000, has an unchecked buffer in part of the code that handles environment strings. It could be used to mount denial of service attacks in certain cases. If a server provides batch or other script files, a malicious user could potentially provide arguments that would create an extremely large environment string and overflow the buffer. This would cause the process to fail, and the memory allocated to the process would not be made available again until a dialogue had been cleared on the operator's console. By repeatedly running the batch file, the malicious user could potentially make some or all of the memory on the server temporarily unavailabl
259622
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
Patch: q259622_w2k_sp1_x86_ja.exe
259622
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: q259622i.exe
259622
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q259622i.EXE
MS00-028 - 「サーバー側イメージ マップ コンポーネント」 の脆弱性に対する対策
Posted: 2000/04/21
260267
Affected Products:
- FrontPage 97 Server Extensions
- FrontPage 97 Server Extensions Gold
- FrontPage 98 Server Extensions
- FrontPage 98 Server Extensions Gold
- Internet Information Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Personal Web Server 4.0
- Personal Web Server 4.0 Gold
Patch: Q260267
MS00-031 - 「区切り文字なしの .HTR リクエスト」 および 「.HTR 経由のファイル フラグメントの読み取り」 の脆弱性に対する対策
Posted: 2000/05/10
The vulnerabilities could, respectively, be used to slow an affected web server's response or to obtain the source code of certain types of files under very restricted conditions.
260838
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: ismpst4i.exe
267559
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q267559_W2K_SP2_x86_ja.EXE
MS00-030 - 「URL 内の変形された拡張子データ」 の脆弱性に対する対策
Posted: 2000/05/11
In compliance with RFC 2396, the algorithm in IIS that processes URLs has flexibility built in to allow it to process any arbitrary sequence of file extensions or subresource identifiers (referred to in the RFC as path_segments). By providing an URL that contains specially-malformed file extension information, a malicious user could misuse this flexibility in order to arbitrarily increase the work factor associated with parsing the URL. This could consume much or all of the CPU availability on the server and prevent useful work from being done.
260205
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: myrdot4i.exe
260205
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q260205_W2K_SP1_x86_jp.EXE
MS00-034 - Microsoft Office 2000 および Office 2000 ファミリー製品の脆弱性に対する対策
Posted: 2000/05/12
262767
Affected Products:
- Access 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- Excel 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- FrontPage 2000
- FrontPage 2000 Gold
- Office 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- Outlook 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- Photo Draw 2000 Version 1
- Photo Draw 2000 Version 1 Gold
- Photo Draw 2000 Version 2
- Photo Draw 2000 Version 2 Gold
- PowerPoint 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- Project 2000
- Project 2000 Gold
- Publisher 2000
- Publisher 2000 Gold
- Word 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- Works 2000
- Works 2000 Gold
Patch: Uactlsec.exe
MS00-033 - 「フレームのドメイン照合」、「権限のない cookie アクセス」、「コンポーネント属性の変形」 の脆弱性に対する対策
Posted: 2000/05/17
269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
MS00-029 - 「断片化された IP パケットの組み立てなおし」 の脆弱性に対する対策
Posted: 2000/05/19
The affected systems contain a flaw in the code that performs IP fragment reassembly. If a continuous stream of fragmented IP datagrams with a particular malformation were sent to an affected machine, it could be made to devote most or all of its CPU availability to processing them. The data rate needed to completely deny service varies depending on the machine and network conditions, but in most cases even relatively moderate rates would suffice.The vulnerability would not allow a malicious user to compromise data on the machine or usurp administrative control over it. Although it has been reported that the attack in some cases will cause an affected machine to crash, affected machines in all Microsoft testing returned to normal service shortly after the fragments stopped arriving. Machines protected by a proxy server or a firewall that drops fragmented packets would not be affected by this vulnerability. The machines most likely to be affected by this vulnerability would be machines located on the edge of a network such as web servers or proxy servers
259728
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 259728USA5.EXE
259728
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 259728USA8.EXE
259728
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
Patch: Q259728_W2K_SP1_x86_ja.EXE
259728
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q259728i.EXE
259728
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q259728i.EXE
MS00-036 - 「ブラウザからの過度なアナウンス」 の脆弱性に対する対策
Posted: 2000/05/25
The two vulnerabilities are:The "ResetBrowser Frame" vulnerability, which affects both Windows NT 4.0 and Windows 2000. Like most implementations, the Windows implementation provides the ability for a Master Browser to shut down other browsers via the ResetBrowser frame. However, there is no capability to configure a browser to ignore ResetBrowser frames. This could allow a malicious user to shut down browsers on his subnet as a denial of service attack against the browser service, or, in the worst case, to shut down all browsers and declare his machine the new Master Browser.The "HostAnnouncement Flooding" vulnerability, which does not affect Windows 2000. Because there is no means of limiting the size of the browse table in Windows NT 4.0, a malicious user could send a huge number of bogus HostAnnouncement frames to a Master Browser. The resulting replication traffic could consume The "ResetBrowser Frame" vulnerability, which affects both Windows NT 4.0 and Windows 2000. Like most implementations, the Windows implementation provides the ability for a Master Browser to shut down other browsers via the ResetBrowser frame. However, there is no capability to configure a browser to ignore ResetBrowser frames. This could allow a malicious user to shut down browsers on his subnet as a denial of service attack against the browser service, or, in the worst case, to shut down all browsers and declare his machine the new Master Browser. The HostAnnouncement Flooding vulnerability, which does not affect Windows 2000. Because there is no means of limiting the size of the browse table in Windows NT 4.0, a malicious user could send a huge number of bogus HostAnnouncement frames to a Master Browser. The resulting replication traffic could consume most or all of the network bandwidth and cause other problems in processing the table as well.
262694
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q262694_W2K_SP2_x86_ja.EXE
262694
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q262694i.EXE
262694
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q262694ts.exe
MS00-035 - 「SQL Server 7.0 Service Pack のパスワード」 の脆弱性に対する対策
Posted: 2000/05/30
263968
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 Gold
- SQL Server 7.0 SP1
- SQL Server 7.0 SP2
- SQL Server 7.0 SP3
- SQL Server 7.0 SP4
Patch: killpwd.exe
MS00-038 - 「Windows Media Encoder の異常な形式の要求」 の脆弱性に対する対策
Posted: 2000/05/30
264133
Affected Products:
- Windows Media Encoder 4.0
- Windows Media Encoder 4.0 Gold
- Windows Media Encoder 4.1
- Windows Media Encoder 4.1 Gold
Patch: WMSU20935a.EXE
MS00-032 - 「Protected Store のキー暗号化」 の脆弱性に対する対策
Posted: 2000/06/01
By design, the Protected Store should always encrypt the information using the strongest cryptography available on the machine. An attacker would need to gain complete administrative control over the machine that houses the Protected Store in order to gain access to it, and even then would still need to mount a brute-force cryptographic attack against it.
260219
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
Patch: q260219_w2k_sp1_x86_ja.exe
MS00-037 - 「HTML Help File Code Execution」 の脆弱性に対する対策
Posted: 2000/06/02
The HTML Help facility provides the ability to launch code via shortcuts included in HTML Help files. If a compiled HTML Help (.chm) file were referenced by a malicious web site, it could potentially be used to launch code on a visiting user's computer without the user's approval. Such code could take any actions that the user could take, including adding, changing or deleting data, or communicating with a remote web site.
259166
Affected Products:
- Internet Explorer 4.0
- Internet Explorer 4.0 Gold
- Internet Explorer 4.01
- Internet Explorer 4.01 Gold
- Internet Explorer 5
- Internet Explorer 5 Gold
Patch: hhupd.exe
259166
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q259166_W2K_SP1_x86_en.EXE
MS00-039 - 「SSL 証明確認」 の脆弱性に対する対策
Posted: 2000/06/05
269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
MS00-040 - 「リモート レジストリ アクセス認証」 の脆弱性に対する対策
Posted: 2000/06/08
264684
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: jpnQ264684i.EXE
264684
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q264684ts.exe
MS00-041 - 「DTS パスワード」 の脆弱性に対する対策
Posted: 2000/06/13
264880
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP1
- SQL Server 7.0 SP2
Patch: s70918i.Exe
MS00-020 - 「デスクトップの分割による」 脆弱性に対する対策
Posted: 2000/06/15
By design, processes are constrained to run within a windows station, and the threads in the process run in one or more desktops. A process in one windows station should not be able to access desktops belonging to another windows station. However, due to an implementation error, this could happen under very specific circumstances. This could allow a process belonging to a low-privilege user to view inputs or output that belong to another desktop within the same session, and potentially obtain information such as passwords
260197
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
Patch: q260197_w2k_sp1_x86_ja.exe
MS00-042 - 「アクティブ セットアップ ダウンロード」 脆弱性に対する対策
Posted: 2000/06/29
The flaws in downloading .cab file would allow a malicious web site operator to download a Microsoft-signed .cab file as a means of overwriting a file on the user's machine. By overwriting system files, this could allow the malicious user to render the machine unusable.
265258
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q265258.exe
265258
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q265258.Exe
265258
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q265258.exe
269368
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q269368.Exe
MS00-048 - 「ストアドプロシージャの権限」 脆弱性に対する対策
Posted: 2000/07/07
266766
Affected Products:
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP2
- SQL Server 7.0
- SQL Server 7.0 SP2
Patch: s70918i.eXe
MS00-049 - 「Office HTML Script および IE Script」の脆弱性に対する対策
Posted: 2000/07/13
268365
Affected Products:
- Excel 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- PowerPoint 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: Addinsec.exe
268365
Affected Products:
- Office 97
- Office 97 Gold
- PowerPoint 97
- Office 97 Gold
Patch: ppt97sec.EXE
269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q269368.Exe
269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
269368
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q269368.Exe
MS00-044 - 「ディレクトリ ブラウザ引数の不在」 脆弱性に対する対策
Posted: 2000/07/14
The vulnerabilities could allow a malicious user to stop the web server from providing useful service, or to extract certain types of information from it.
267559
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: htrdos4i.exe
267559
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q267559_W2K_SP2_x86_jp.EXE
MS00-043 - 「改ざんされた電子メール ヘッダ」 の脆弱性に対する対策
Posted: 2000/07/18
Under certain conditions, the vulnerability could allow a malicious user to cause code of his choice to execute on another user's computer.
261255
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
- Outlook Express 5.01
- Internet Explorer 5.01 Gold
Patch: q261255.exe
261255
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Outlook Express 4.01
- Internet Explorer 4.01 SP2
Patch: Q261255.exe
MS00-045 - 「メールとブラウザがリンクしつづけてしまう」 脆弱性に対する対策
Posted: 2000/07/20
This could allow the browser window to retrieve the text of mails subsequently displayed in the preview pane, and relay it to the malicious user.
261255
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
- Outlook Express 5.01
- Internet Explorer 5.01 Gold
Patch: q261255.exe
261255
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Outlook Express 4.01
- Internet Explorer 4.01 SP2
Patch: Q261255.exe
MS00-046 - 「キャッシュ バイパス」 の脆弱性に対する対策
Posted: 2000/07/20
If an HTML mail created an HTML file outside the cache, it would run in the Local Computer Zone when opened. This could allow it to open a file on the user's computer and send it a malicious user's web site. The vulnerability also could be used as a way of placing an executable file on the user's machine, which the malicious user would then seek to launch via some other means.
261255
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
- Outlook Express 5.01
- Internet Explorer 5.01 Gold
Patch: q261255.exe
261255
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
- Outlook Express 4.01
- Internet Explorer 4.01 SP2
Patch: Q261255.exe
MS00-050 - 「Telnet Server Flooding」 の脆弱性に対する対策
Posted: 2000/07/24
The denial of service can occur when a malicious client sends a particular malformed string to the server through the Telnet service provided as part of Windows 2000 products.
267843
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: q267843_w2k_sp2_x86_ja.exe
MS00-051 - 「Excel REGISTER.ID 関数の脆弱性」 に対する対策
Posted: 2000/07/26
269252
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
- Office 97
- Office 97 SR-2/SR-2b
Patch: xl8p10pkg.exe
269263
Affected Products:
- Excel 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: xl9p3pkg.exe
MS00-047 - 「NetBIOS Name Server Protocol Spoofing」 の脆弱性に対する対策
Posted: 2000/07/27
By design, NBNS allows network peers to assist in managing name conflicts. Also by design, it is an unauthenticated protocol and therefore subject to spoofing. A malicious user could misuse the Name Conflict and Name Release mechanisms to cause another machine to conclude that its name was in conflict. Depending on the scenario, the machine would as a result either be unable to register a name on the network, or would relinquish a name it already had registered. The result in either case would be the same - the machine would not respond requests sent to the conflicted name anymore. This will reduce but not eliminate the threat of spoofing. Customers needing additional protection may wish to consider using IPSec in Windows 2000 to authenticate all sessions on ports 137-139
269239
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269239_W2K_SP2_x86_ja.EXE
269239
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: jpnq269239i.exe
269239
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: jpnQ269239i.exe
MS00-052 - 「Shell の相対パス」 の脆弱性に対する対策
Posted: 2000/07/28
Because of the circumstances in place at system startup time, the normal search order would cause any file named Explorer.exe in the %Systemdrive%\ directory to be loaded in place of the bona fide version. This could provide an opportunity for a malicious user to cause code of his choice to run when another user subsequently logged onto the same machine.
269049
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: q269049_w2k_sp2_x86_ja.exe
269049
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: q269049i.exe
269049
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q269049i.EXE
MS00-053 - 「サービス コントロール マネージャの名前付きパイプを利用したなりすまし」 の脆弱性に対する対策
Posted: 2000/08/02
The Service Control Manager (services.exe) is an administrative tool provided in Windows 2000 that allows system services (Server, Workstation, Alerter, ClipBook, etc.) to be created or modified. The SCM creates a named pipe for each service as it starts, however, should a malicious program predict and create the named pipe for a specific service before the service starts, the program could impersonate the privileges of the service. This could allow the malicious program to run in the context of the given service, with either specific user or LocalSystem privileges. The primary risk from this vulnerability is that a malicious user could exploit this vulnerability to gain additional privileges on the local machine. A malicious user would require the ability to log onto the target machine interactively and run arbitrary programs in order to exploit this vulnerability, and as a result, workstations and terminal servers would be at greatest risk.
269523
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269523_W2K_SP2_x86_ja.EXE
MS00-054 - 「無効な IPX Ping パケット」の脆弱性に対する対策
Posted: 2000/08/03
265334
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 265334US5.EXE
265334
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 265334USA8.EXE
MS00-055 - 「Scriptlet によるレンダリング」 の脆弱性に対する対策
Posted: 2000/08/09
269368
Affected Products:
- Internet Explorer 4.01
- Internet Explorer 4.01 SP2
Patch: q269368.exe
269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q269368.Exe
269368
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 Gold
Patch: Q269368.exe
269368
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q269368.Exe
MS00-056 - 「Microsoft Office HTML Object Tag」 の脆弱性に対する対策
Posted: 2000/08/09
269880
Affected Products:
- Excel 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- PowerPoint 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- Word 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: Of9data.exe
MS00-057 - 「正規化エラーによる、ファイルへの誤ったアクセス権の適用」 の脆弱性に対する対策
Posted: 2000/08/10
A canonicalization error can, under certain conditions, cause IIS 4.0 or 5.0 to apply incorrect permissions to certain types of files. If an affected file residing in a folder with restrictive permissions were requested via a particular type of malformed URL, the permissions actually used would be those of a folder in the file's parentage chain, but not those of the folder the file actually resides in. If the ancestor folder's permissions were more permissive than those of the correct folder, the malicious user would gain additional privileges to the affected file.
269862
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: prmcan4i.exe
269862
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269862_W2K_SP2_x86_ja.EXE
MS00-058 - 「特殊化したヘッダ」 の脆弱性に対する対策
Posted: 2000/08/14
If an IIS server receives a file request that contains a specialized header as well as one of several particular characters at the end, the expected ISAPI extension processing may not occur. The result is that the source code of the file would be sent to the browser.
256888
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
Patch: Q256888_W2K_SP1_x86_ja.EXE
MS00-059 - 「Java VM アプレット」 の脆弱性に対する対策
Posted: 2000/08/21
This vulnerability would allow an applet to bypass this restriction. If a user visited a web site operated by a malicious user, the site could start an applet that would be able to establish a connection with another web site and forward any information from the web session to the malicious user?s site.
271752
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: msjavx86.exe
271752
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_EN.exe
MS00-060 - 「IIS クロスサイト スクリプティング」 に対する脆弱性を解決する修正プログラム
Posted: 2000/08/25
If a malicious web site operator were able to lure a user to his site, and had identified a third-party web site that was vulnerable to CSS, he could potentially use the vulnerability to "inject" script into a web page created by the other web site, which would then be delivered to the user. The net effect would be to cause the malicious user's script to run on the user's machine using the trust afforded the other site. The vulnerability can affect any software that runs on a web server, accepts user input, and blindly uses it to generate web pages.
260347
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: crsscri.exe
275657
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q275657_W2K_SP2_x86_en.EXE
MS00-061 - 「Microsoft Money のパスワード」 に関する弱点を解決する修正プログラム
Posted: 2000/08/25
272232
Affected Products:
- Money 2000
- Money 2000 Gold
- Money 2001
- Money 2001 Gold
Patch: 272232_MON_8.0
- on the tools menu, click update internet information.
MS00-062 - 「ローカル セキュリティ ポリシーの破壊」 の脆弱性を解決する修正プログラム
Posted: 2000/08/28
This vulnerability could allow a malicious user to corrupt parts of a Windows 2000 system's local security policy, with the effect of disrupting domain membership and trust relationship information. If a workstation or member server were attacked via this vulnerability, it would effectively remove the machine from the domain; if a domain controller were attacked, it could no longer process domain logon requests.
269609
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
Patch: Q269609_W2K_SP1_x86_ja.EXE
MS00-063 - 「無効な URL」 の脆弱性に対する対策
Posted: 2000/09/05
271652
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: JPNQ271652i.exe
271652
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q271652I.EXE
MS00-064 - 「ユニキャスト サービスの競合状態」 の脆弱性に対する対策
Posted: 2000/09/06
273014
Affected Products:
- Windows Media Services 4.0
- Windows NT4 Service Pack 6a
- Windows Media Services 4.1
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows NT4 Service Pack 6a
Patch: WMSU27678.EXE
MS00-065 - 「静止画像サービスを利用した権限の昇格」 の脆弱性に対する対策
Posted: 2000/09/06
An unchecked buffer exists in the 'Still Image Service' on Windows 2000 hosts. A locally logged-on user can execute malicious code that will use the still image service to escalate their permissions equal to that of the Still Image Service, namely, LocalSystem.
272736
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: q272736_w2k_sp2_x86_ja.exe
MS00-066 - 「無効な RPC パケット」 の脆弱性に対する対策
Posted: 2000/09/11
A denial of service can occur when a malicious client sends a particular malformed RPC (Remote Procedure Call) packet to the server, causing the RPC service to fail. A server behind a firewall that blocks ports 135-139 and 445 will not be affected by this vulnerability from the Internet.
272303
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: q272303_w2k_sp2_x86_ja.exe
MS00-067 - 「Windows 2000 Telnet クライアントの NTLM 認証」 の脆弱性に対する対策
Posted: 2000/09/14
A vulnerability exists because the client will, by default, perform NTLM authentication when connecting to the remote telnet server. This could allow a malicious user to obtain another user's NTLM authentication credentials without the user's knowledge. A malicious user could exploit this behavior by creating a carefully-crafted HTML document that, when opened, could attempt to initiate a Telnet session to a rogue telnet server - automatically passing NTLM authentication credentials to the malicious server's owner. The malicious user could then use an offline brute force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources.
272743
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: q272743_w2k_sp2_x86_jp.exe
MS00-068 - 「OCX コントロールの電子メールへの添付」 の脆弱性に対する対策
Posted: 2000/09/26
274303
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: WMSU28412.EXE
MS00-069 - 「簡体字中国語用 IME の状態認識」 の脆弱性に対する対策
Posted: 2000/09/29
Input Method Editors (IMEs) enable character-based languages such as Chinese to be entered via a standard 101-key keyboard. When an IME is installed as part of the system setup, it is available by default as part of the logon screen. In such a case, the IME should recognize that it is running in the context of the LocalSystem and not in the context of a user, and restrict certain functions. This vulnerability only affects the Simplified Chinese version of Windows 2000 by default - customers using any other version of Windows 2000 are not affected. Even if the Simplified Chinese IMEs were installed after setup as part of a language pack, it would not be present as part of the logon screen and therefore would not pose a security threat. The vulnerability allows only the local machine to be compromised, but does not grant any domain privileges (unless, of course, the local machine happens to be a domain controller). Because the vulnerability is exposed as part of the logon screen, it could only be exploited by a user who had physical access to a keyboard, or who could start a terminal server session on an affected machine.
270676
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: q270676_w2k_sp2_x86_ja.exe
MS00-070 - 「LPC 呼び出しおよび LPC ポート」 の複数にわたる脆弱性に対する対策
Posted: 2000/10/03
The "Invalid LPC Request" vulnerability, which affects only Windows NT 4.0. By levying an invalid LPC request, it would be possible to make the affected system fail. The "LPC Memory Exhaustion" vulnerability, which affects both Windows NT 4.0 and Windows 2000. By levying spurious LPC requests, it could be possible to increase the number of queued LPC messages to the point where kernel memory was depleted. The "Predictable LPC Message Identifier" vulnerability, which affects both Windows NT 4.0 and Windows 2000. Any process that knows the identifier of an LPC message can access it; however, the identifiers can be predicted. In the simplest case, a malicious user could access other process' LPC ports and feed them random data as a denial of service attack. In the worst case, it could be possible under certain conditions to send bogus requests to a privileged process in order to gain additional local privileges. A new variant of the previously-reported "Spoofed LPC Port Request" vulnerability. This vulnerability affects Windows NT 4.0 and Windows 2000, and could, under a very restricted set of conditions, allow a malicious user to create a process that would run under the security context of an already-running process, potentially including System processes. Because LPC can only be used on the local machine, none of these vulnerabilities could be exploited remotely. Instead, a malicious user could only exploit them on machines that he could log onto interactively. Typically, workstations and terminal servers would be chiefly at risk, because, if normal security practices have been followed, normal users will not be allowed to log onto critical servers interactively. This also means that, even in the worst case, the vulnerability would only confer additional local - not domain - privileges on the malicious user
266433
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: q266433_w2k_sp2_x86_ja.exe
266433
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ266433i.exe
MS00-071 - 「Word の差し込み印刷機能」 の脆弱性に対する対策
Posted: 2000/10/05
272749
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: wdac97.exe
274226
Affected Products:
- Word 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: wrdacc.exe
MS00-072 - 「共有レベルのアクセス制限パスワード」 の脆弱性に対する対策
Posted: 2000/10/10
273991
Affected Products:
- Windows 95
- Windows 95 Gold
Patch: 273991USA5.EXE
273991
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SE
- Windows 98 Gold
Patch: 273991USA8.EXE
273991
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 273991usam.exe
MS00-073 - 「不正な IPX NMPI パケット」 の脆弱性に対する対策
Posted: 2000/10/11
273727
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
Patch: 273727USA5.EXE
273727
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 273727USA8.EXE
273727
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 273727USAM.EXE
MS00-074 - 「WebTV for Windows のサービス拒否」 の脆弱性に対する対策
Posted: 2000/10/11
274113
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 274113USA8.EXE
274113
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 274113usam.exe
MS00-075 - 「Microsoft VM による ActiveX コンポーネントの制御」 の脆弱性に対する対策
Posted: 2000/10/12
If a user visited a malicious web site that exploited this vulnerability, a Java applet on one of the web pages could run any desired ActiveX control, even ones that are marked as unsafe for scripting. This would enable the malicious web site operator to take any desired action on the user?s machine.
275609
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: msjavx86.exe
287030
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_EN.exe
MS00-076 - 「キャッシュされた Web アカウント情報」 の脆弱性に対する対策
Posted: 2000/10/12
When a user authenticates to a secured web page via Basic Authentication, IE caches the userid and password that were used, in order to minimize the number of times the user must authenticate to the same site. By design, IE should only send the cached credentials to secured pages on the site. However, it will actually send them to non-secure pages on the site as well. If a malicious user had complete control of another user?s network communications, he could wait until another user logged onto a secured site, then spoof a request for a non-secured page in order to collect the credentials.
273868
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q273868.exe
MS00-077 - 「NetMeeting リモート デスクトップ共有」 の脆弱性に対する対策
Posted: 2000/10/13
The denial of service can occur when a malicious client sends a particular malformed string to a port which the NetMeeting service is listening on and with Remote Desktop Sharing enabled.
273854
Affected Products:
- NetMeeting
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: NM30.EXE
299796
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q299796_W2k_SP3_x86_ja.exe
MS00-078 - 「Web サーバー フォルダへの侵入」 の脆弱性に対する対策
Posted: 2000/10/17
Due to a canonicalization error in IIS 4.0 and 5.0, a particular type of malformed URL could be used to access files and folders that lie anywhere on the logical drive that contains the web folders. This would potentially enable a malicious user who visited the web site to gain additional privileges on the machine ? specifically, it could be used to gain privileges commensurate with those of a locally logged-on user. Gaining these permissions would enable the malicious user to add, change or delete data, run code already on the server, or upload new code to the server and run it.
269862
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: prmcan4i.exe
269862
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q269862_W2K_SP2_x86_ja.EXE
MS00-079 - 「ハイパーターミナルのバッファ オーバーフロー」 の脆弱性に対する対策
Posted: 2000/10/18
304158
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: JPNQ304158i.exe
274548
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 274548USA8.EXE
274548
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 274548usam.exe
276471
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q276471_W2K_SP3_x86_ja.EXE
MS00-080 - 「セッション ID クッキーのマーキング」 の脆弱性に対する対策
Posted: 2000/10/23
If a user initiated a session with a secure web page, a Session ID cookie would be generated and sent to the user, protected by SSL. But if the user subsequently visited a non-secure page on the same site, the same Session ID cookie would be exchanged, this time in plaintext. If a malicious user had complete control over the communications channel, he could read the plaintext Session ID cookie and use it to connect to the user?s session with the secure page. At that point, he could take any action on the secure page that the user could take.
274149
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q274149_W2K_SP2_x86_ja.EXE
274149
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: secsesi.exe
MS00-081 - 「VM のファイルの読み取り」 の脆弱性に対する対策
Posted: 2000/10/25
The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.x and Internet Explorer 5.x contains a security vulnerability that could allow a Java applet to operate outside the bounds set by the sandbox. A malicious user could write a Java applet that could read ? but not change, delete or add ? files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet.
277014
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: msjavx86.Exe
287030
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
Patch: Q287030_W2K_SP2_x86_EN.exe
MS00-082 - 「無効な MIME ヘッダー」 の脆弱性に対する対策
Posted: 2000/10/31
248838
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP3
Patch: Q248838jpnI.EXE
MS00-083 - 「Netmon のプロトコル解析」 の脆弱性に対する対策
Posted: 2000/11/01
273476
Affected Products:
- Systems Management Server 2.0
- Systems Management Server 2.0 Gold
- Systems Management Server 2.0 SP1
- Systems Management Server 2.0 SP2
Patch: Q273476c.exe
273476
Affected Products:
- Systems Management Server 1.2
- Systems Management Server 1.2 SP4
Patch: Q273476c.EXE
274835
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q274835_W2K_SP2_x86_ja.EXE
274835
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: jpnQ274835i.EXE
274835
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q274835ts.exe
MS00-084 - 「インデックス サービスのクロスサイト スクリプティング」 の脆弱性に対する対策
Posted: 2000/11/02
The Cross-Site Scripting (CSS) vulnerability results when web applications don?t properly validate inputs before using them in dynamic web pages. If a malicious web site operator were able to lure a user to his site, and had identified a third-party web site that was vulnerable to CSS, he could potentially use the vulnerability to ?inject? script into a web page created by the other web site, which would then be delivered to the user. The net effect would be to cause the malicious user?s script to run on the user?s machine using the trust afforded the other site. The vulnerability can affect any software that runs on a web server, accepts user input, and uses it to generate web pages without sufficient validation. Microsoft has identified an Indexing Service component (CiWebHitsFile) that, when called from a specially crafted URL, is vulnerable to this scenario.
278499
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ278499i.EXE
278499
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: MS00-084-1
- n/a
278499
Affected Products:
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q278499_W2K_SP2_x86_ja.EXE
MS00-085 - 「ActiveX におけるパラメータ照合」 の脆弱性に対する対策
Posted: 2000/11/02
An ActiveX control that ships as part of Windows 2000 contains an unchecked buffer. If the control was called from a web page or HTML mail using a specially-malformed parameter, it would be possible to cause code to execute on the machine via a buffer overrun. This could potentially enable a malicious user to take any desired action on the user's machine, limited only by the permissions of the user.
278511
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q278511_W2K_SP2_x86_ja.EXE
MS00-086 - 「Web サーバーによるファイル要求の解析」 の脆弱性に対する対策
Posted: 2000/11/06
The ability to execute operating system commands on the web server would enable a malicious user to take virtually any action that an interactively-logged on user could take. He could, for instance, add, delete or change files on the server, run code that was already on the server, or upload code of his choice and run it.
277873
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: arbexei.exe
277873
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q277873_W2K_SP2_x86_en.EXE
MS00-087 - 「ターミナル サーバーへのログオンで発生するバッファ オーバーフロー」 の脆弱性に対する対策
Posted: 2000/11/08
277910
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ277910i.exe
MS00-088 - 「Exchange ユーザー アカウント」 の脆弱性に対する対策
Posted: 2000/11/16
278523
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
- Exchange 2000 Server
- Exchange 2000 Gold
Patch: Q278523ENGI.EXE
278523
Affected Products:
- Exchange Server 5.0
- Exchange Server 5.0 SP1
- Exchange Server 5.0 SP2
Patch: ES50-278523
- n/a
MS00-089 - 「ドメイン アカウント ロックアウト」 の脆弱性に対する対策
Posted: 2000/11/21
274372
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
Patch: q274372_w2k_sp2_x86_ja.exe
MS00-090 - 「.ASX バッファ オーバーラン」 と 「.WMS スクリプト 実行」 の脆弱性に対する対策
Posted: 2000/11/22
280419
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
Patch: Wmsu33995.exe
280419
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wmsu34419.EXE
MS00-091 - 「不完全な TCP/IP パケット」 の脆弱性に対する対策
Posted: 2000/11/30
There is a denial of service vulnerability that affects Windows NT 4.0 Windows 95, 98, 98 Second Edition and Windows Me. By sending a flood of specially malformed TCP/IP packets to a victim?s machine a malicious user could cause either of two effects. In the most likely case, the flood would temporarily prevent any networking resources on an affected computer from responding to client requests; as soon as the packets stopped arriving, the machine would resume normal operation. In a less likely case, the system could hang, and remain unresponsive until it was rebooted. This vulnerability could only be exploited if TCP port 139 was open on the target machine. If the server service or File/Print sharing were disabled on a computer it would not be susceptible to this vulnerability
275567
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNq275567i.exe
275567
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
Patch: JPNq275567i.exE
275567
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q275567ts.exe
MS00-092 - 「拡張ストアド プロシージャ パラメータ解析」 の脆弱性に対する対策
Posted: 2000/12/01
280380
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP2
Patch: s70918i_jpn.exe
280380
Affected Products:
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Gold
- SQL Server 2000
- SQL Server 2000 Gold
Patch: s80233i_jpn.exe
MS00-093 - 「印刷テンプレート」と「フォームによるファイル アップロード」 の脆弱性に対する対策
Posted: 2000/12/01
279328
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q279328.exe
279328
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q279328.Exe
279328
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 Gold
Patch: Q279328.exe
MS00-094 - 「電話帳サービス バッファ オーバーフロー」 の脆弱性に対する対策
Posted: 2000/12/04
276575
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q276575_W2K_SP2_x86_ja.EXE
276575
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: JPNq276575i.exe
276575
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q276575ts.exe
MS00-095 - 「レジストリのアクセス権」 の脆弱性を解決するツール
Posted: 2000/12/06
265714
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ265714i.exe
265714
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: JPNQ265714i.EXE
MS00-096 - 「SNMP パラメータ」 の脆弱性を解決するツール
Posted: 2000/12/06
This vulnerability is virtually identical to the SNMP Parameters vulnerability affecting Windows NT 4.0 systems and discussed in Microsoft Security Bulletin MS00-095. The SNMP Parameters key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters, provides the SNMP community name and SNMP management station identifiers, if they exist. SNMP community strings may allow either read or read-write access to the SNMP service. If no read-write access strings exist, the user could only use this vulnerability to read information through SNMP that is normally available to local users. If read-write access strings do exist, a malicious user could use this vulnerability to make changes to any system using the same community string for read-write access. It is important to remember that SNMP v1.0 has no security by design, and any user who could monitor network traffic could also obtain the SNMP community strings. SNMP is not installed on Windows NT 4.0 machines by default. It should be noted that the information revealed by this vulnerability is normally transmitted in plaintext across SNMP-managed networks. As a result, even in the absence of incorrect registry permissions, a malicious user could carry out the same attack if she could monitor network communicatio
266794
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q266794_W2K_SP2_x86_ja.EXE
MS00-097 - 「Windows Media サーバーに対する接続の切断」 の脆弱性を解決する修正プログラム
Posted: 2000/12/15
281256
Affected Products:
- Windows Media Services 4.0
- Windows NT4 Service Pack 6a
- Windows Media Services 4.1
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows NT4 Service Pack 6a
Patch: WMSU35924.EXE
MS00-098 - 「インデックス サービス ファイル列挙」の脆弱性に対する対策
Posted: 2000/12/19
An ActiveX control that ships as part of Indexing Service is incorrectly marked as safe for scripting, thereby enabling it to be executed by web site applications. The control at issue here could be used to enumerate files and folders, and to view their properties. It would not be necessary for Indexing Service to be running in order for the vulnerability to be exploited; however, if it were running, the control also could be used to search for files containing specific words. The vulnerability could not be used to read files, except via a fairly unlikely scenario discussed in detail in the FAQ. It could not be used under any conditions to change, add or delete information on the user?s computer.
280838
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q280838_W2K_SP2_x86_ja.EXE
MS00-099 - 「ディレクトリ サービス復元モードのパスワード」の脆弱性に対する対策
Posted: 2000/12/20
271641
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q271641_W2K_SP2_x86_ja.EXE
MS00-100 - 「無効なWeb フォームの提出」の脆弱性に対する対策
Posted: 2000/12/22
The FrontPage Server Extensions (FPSE) ship with and are installed by default as part of IIS 4.0 and 5.0. The most familiar FPSE functions allow web site and content management; however, FPSE also provides browse-time support functions. Among the functions included in the latter category are ones that help process web forms that have been submitted by a user. A vulnerability exists in one of these functions. If a malicious user levied a specially-malformed form submission to an affected server, it would cause the IIS service to fail. The vulnerability does not provide the opportunity to misuse any of the FPSE administrative or content management functions.
280322
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q280322
280322
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q280322_W2K_SP2_x86_ja.EXE
280322
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q280322i.EXE
MS01-001 - Web クライアントが セキュリティの設定に関わらず NTLM 認証をしてしまう
Posted: 2001/01/11
The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and publish files via web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user?s web site ? either by browsing to the site or by opening an HTML mail that initiated a session with it an application on the site could capture the user?s NTLM credentials. The malicious user could then use an offline brute force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources. The vulnerability would only provide the malicious user with the cryptographically protected NTLM authentication credentials of another user.
282132
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 282132usam.exe
282132
Affected Products:
- Office 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: fpwec
282132
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q282132_W2K_SP2_x86_jp
MS01-002 - PowerPoint ファイル パーサーが問題のあるバッファを含む
Posted: 2001/01/22
If an attacker inserted specially chosen data into a PowerPoint file and could entice another user into opening the file on his machine, the data would overrun the buffer, causing either of two effects.
285978
Affected Products:
- PowerPoint 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: ppt2ksec.exe
285978
Affected Products:
- PowerPoint 97
- Office 97 Gold
Patch: ppt97sec.exe
MS01-003 - Winsock Mutex の弱いアクセス権によりサービスにエラーが発生する
Posted: 2001/01/24
This could enable an attacker who had the ability to run code on a local machine to monopolize the mutex, thereby preventing any other processes from using the resource that it controlled. This would have the effect of preventing the machine from participating in the network.
279336
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ279336i.exe
279336
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ279336i.EXE
MS01-004 - 不正な .HTR リクエストがファイル フラグメントを読み取ってしまう
Posted: 2001/01/29
This one could enable an attacker to request a file in a way that would cause it to be processed by the .HTR ISAPI extension. The result of doing this is that fragments of server-side files like .ASP files could potentially be sent to the attacker.
285985
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: frgvuli.exe
285985
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q285985_W2K_SP3_x86_ja.EXE
MS01-005 - 英語版のみ : 修正パッケージの問題により修正プログラムが削除される
Posted: 2001/01/30
Microsoft packages all Windows 2000 hotfixes (including security patches) with a catalog file that lists all of the valid hotfixes that have been issued to date. The catalog is digitally signed to ensure its integrity, and Windows File Protection uses the signed catalog to determine which hotfixes are valid. An error in the production of the catalog files for English language Windows 2000 Post Service Pack 1 hotfixes made available through December 18, 2000 could, under very unlikely circumstances, cause Windows File Protection to remove a valid hotfix from a system. The removal of a hotfix could cause a customer?s system to revert to a version of a Windows 2000 module that contained a security vulnerability. Windows File Protection will only remove valid hotfixes from a Windows 2000 system under a very restrictive set of circumstances
281767
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Service Pack 1
Patch: Q281767_W2K_SP2_x86_en.EXE
285083
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Server
- Windows 2000 Gold
Patch: Q285083_W2K_SP2_x86_en.EXE
MS01-006 - 無効な RDP データが Terminal Server を異常終了させる
Posted: 2001/01/31
286132
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q286132_W2K_SP2_x86_ja.EXE
MS01-007 - Network DDE Agent の要求が、システム コンテキストでコードを実行してしまう
Posted: 2001/02/05
A vulnerability exists because, in Windows 2000, the Network DDE Agent runs using the Local System security context and processes all requests using this context, rather than that of the user. This would give an attacker an opportunity to cause the Network DDE Agent to run code of her choice in Local System context, as a means of gaining complete control over the local machine.
285851
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q285851_W2K_SP3_x86_ja.EXE
MS01-008 - 不正な NTLMSSP リクエストによりシステム特権でコードが実行される
Posted: 2001/02/07
A flaw in the NTLM Security Support Provider (NTLMSSP) service could potentially allow a non-administrative user to gain administrative control over the system. In order to perform this attack the user would need a valid login account and the ability to execute arbitrary code on the system. This vulnerability could only be exploited by an attacker who could log onto the affected machine interactively. However, best practices strongly suggest that unprivileged users not be allowed to interactively log onto business-critical servers like domain controllers, ERP servers, print and file servers, database servers, and others. If this recommendation has been followed, machines such as these would not be at risk from this vulnerability and, as a result, the machines most likely to be affected would be workstations and terminal servers.
280119
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ280119i.exe
280119
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ280119i.EXE
MS01-009 - 無効な PPTP パケット ストリームがカーネルを枯渇させてしまう
Posted: 2001/02/13
The PPTP service in Windows NT 4.0 has a flaw in a part of the code that handles a particular type of data packet, which results in a leak of kernel memory resulting in a denial of service vulnerability.
283001
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ283001i.exe
283001
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q283001ts.exe
MS01-010 - Windows Media Player スキン ファイルが Java コードを実行してしまう
Posted: 2001/02/14
If a Windows Media Player skin (.WMZ) file were downloaded from a malicious web site, it could potentially cause the deployment of zipped Java code to a known location on the visiting user?s machine. Since the Java code would reside in a known location on the machine, script hosted on a hostile web site or embedded in a hostile HTML mail message could potentially invoke the script in the local computer security zone to take arbitrary action on the user?s machine.
287045
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wmsu38041
MS01-011 - ドメイン コントローラへの無効なリクエストが CPU を使い果たす
Posted: 2001/02/20
A core service running on all Windows 2000 domain controllers (but not on any other machines) contains a flaw affecting how it processes a certain type of invalid service request. Specifically, the service should handle the request at issue here by determining that it is invalid and simply dropping it; in fact, the service performs some resource-intensive processing and then sends a response. If an attacker sent a continuous stream of such requests to an affected machine, it could consume most or all of the machine?s CPU availability. This could cause the domain controller to process requests for service slowly or not at all, and could limit the number of new logons the machine could process and the number of Kerberos tickets that could be issued.
299687
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q299687_W2K_SP3_x86_jp.EXE
MS01-012 - Outlook と Outlook Express の vCard ハンドラが問題のあるバッファを含む
Posted: 2001/02/22
Outlook Express provides several components that are used both by it and, if installed on the machine, Outlook. One such component, used to process vCards, contains an unchecked buffer. By creating a vCard and editing it to contain specially chosen data, then sending it to another user, an attacker could cause either of two effects to occur if the recipient opened it. In the less serious case, the attacker could cause the mail client to fail. If this happened, the recipient could resume normal operation by restarting the mail client and deleting the offending mail. In the more serious case, the attacker could cause the mail client to run code of her choice on the user?s machine. Such code could take any desired action, limited only by the permissions of the recipient on the machine.
283908
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
- Outlook Express 5.5
- Internet Explorer 5.5 SP1
Patch: q283908.exe
283908
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
- Outlook Express 5.01
- Internet Explorer 5.01 SP1
Patch: Q283908.exe
MS01-013 - Windows 2000 イベント ビューアが問題のあるバッファを含む
Posted: 2001/02/26
This is a buffer overrun vulnerability. By entering a specially malformed record into a machine?s event log, an attacker could cause either of two effects to occur when the record was subsequently opened. In the least serious case, he could cause the event viewer to fail. In the more serious case, he could cause the event viewer?s functionality to be modified while running, in order to perform a task of his choosing on the other user?s machine.
285156
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q285156_W2K_SP3_x86_ja.EXE
MS01-014 - 不正な URL により IIS 5.0 及び Exchange 2000 のサービスにエラーが発生する
Posted: 2001/03/01
This is a denial of service vulnerability. It could enable an attacker to temporarily disrupt service on an affected web, or to temporarily disrupt web-based access to an affected mail server. Although the server in either case would automatically resume normal operation, any sessions in progress at the time of the attack would be lost. The vulnerability does not provide any opportunity for the attacker to usurp administrative control over the server, or to add, change or delete data on it.
286818
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q286818_W2K_SP3_x86_ja.EXE
287678
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
- Exchange 2000 Server
- Exchange 2000 Gold
Patch: Q287678engi386.EXE
MS01-015 - Internet Explorer がキャッシュされたコンテンツの場所を漏えいしてしまう
Posted: 2001/03/06
The IE security architecture provides a caching mechanism that is used to store content that needs to be downloaded and processed on the user's local machine. The purpose of the cache is to obfuscate the physical location of the cached content, in order to ensure that the web page or HTML e-mail will work through the IE security architecture to access the information. This ensures that the uses of the information can be properly restricted. A vulnerability exists because it is possible for a web page or HTML e-mail to learn the physical location of cached content. Armed with this information, an attacker could cause the cached content to be opened in the Local Computer Zone. This would enable him to launch compiled HTML help (.CHM) files that contain shortcuts to executables, thereby enabling him to run the executables.
279328
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q279328.exe
286045
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q286045.exe
279328
Affected Products:
- Windows Script 5.5
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98 Gold
- Windows 98 SP1
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Terminal Server Service Pack 6
Patch: Scr55jp.exe
279328
Affected Products:
- Windows Script 5.1
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: scriptjp.exe
279328
Affected Products:
- Windows Script 5.5
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Scriptjp.exe
279328
Affected Products:
- Windows Script 5.1
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98 Gold
- Windows 98 SP1
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT4 Terminal Server Service Pack 6
Patch: ste51jp.exe
MS01-016 - 不正な WebDAV リクエストにより IIS が CPU リソースを使い果たす
Posted: 2001/03/08
WebDAV is an extension to the HTTP protocol that allows remote authoring and management of web content. In the Windows 2000 implementation of the protocol, IIS 5.0 performs initial processing of all WebDAV requests, then forwards the appropriate commands to the WebDAV process. However, a flaw exists in the way WebDAV handles a particular type of malformed request. If a stream of such requests were directed at an affected server, it would consume all CPU availability on the server.
291845
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q291845_W2K_SP2_x86_ja.EXE
MS01-017 - VeriSign 発行の誤ったデジタル証明書による、なりすましの危険性
Posted: 2001/03/22
VeriSign, Inc., recently advised Microsoft that on January 29 and 30, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is ?Microsoft Corporation?. The ability to sign executable content using keys that purport to belong to Microsoft would clearly be advantageous to an attacker who wished to convince users to allow the content to run. The certificates could be used to sign programs, ActiveX controls, Office macros, and other executable content. Of these, signed ActiveX controls and Office macros would pose the greatest risk, because the attack scenarios involving them would be the most straightforward. Both ActiveX controls and Word documents can be delivered via either web pages or HTML mails. ActiveX controls can be automatically invoked via script, and Word documents can be automatically opened via script unless the user has applied the Office Document Open Confirmation Tool. However, even though the certificates say they are owned by Microsoft, they are not bona fide Microsoft certificates, and content signed by them would not be trusted by default. Trust is defined on a certificate-by-certificate basis, rather than on the basis of the common name. As a result, a warning dialogue would be displayed before any of the signed content could be executed, even if the user had previously agreed to trust other certificates with the common name ?Microsoft Corporation?. The danger, of course, is that even a security-conscious user might agree to let the content execute, and might agree to always trust the bogus certificates. VeriSign has revoked the certificates, and they are listed in VeriSign?s current Certificate Revocation List (CRL). However, because VeriSign?s code-signing certificates do not specify a CRL Distribution Point (CDP), it is not possible for any browser?s CRL-checking mechanism to download the VeriSign CRL and use it. Microsoft is developing an update that rectifies this problem. The update package includes a CRL containing the two certificates, and an installable revocation handler that consults the CRL on the local machine, rather than attempting to use the CDP mechanism.
293818
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: crlupdts.exe
293818
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 3
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: crlupd.exe
293818
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: crlupD.exe
293818
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
Patch: Crlupd.exe
MS01-018 - Visual Studio 6.0 VB T-SQL オブジェクトが問題のあるバッファを含む
Posted: 2001/03/27
The VB-TSQL debugger object that ships with Visual Studio 6.0 Enterprise Edition has an unchecked buffer in the code that processes parameters for one of the object?s methods. The object can, by design, be programmatically accessed remotely. If the object were to be referenced by a program that contained specially malformed data within the parameter, either of two outcomes would result. In the less serious case, the attacker could cause the object to fail on the hosting machine. In the more serious case, the attacker could exploit the buffer overrun to run code of the attacker's choice on the hosting machine. The debugger object (vbsdicli.exe) is installed by default with Visual Studio 6.0 Enterprise Edition and runs in the context of the interactively logged-on user. The attacker could only execute a successful attack if he knew that a user had the component installed and that the user was logged in at the time of the attack.
281297
Affected Products:
- Visual Basic 6.0
- Visual Basic 6.0 Gold
- Visual Studio 6.0
- Visual Studio 6.0 SP 5
Patch: Q281297.EXE
MS01-019 - 圧縮フォルダのパスワードが復元されてしまう
Posted: 2001/03/28
Plus! 98, an optional package that extends Windows 98 and Windows 98 Second Edition, introduced a data compression feature called Compressed Folders that was also included in Windows Me. For interoperability with leading third-party compression tools, it provides a password protection option for folders that have been compressed. However, due to a flaw in the package?s implementation, the passwords used to protect the folders are recorded in a file on the user?s system. If an attacker gained access to an affected machine on which password-protected folders were stored, she could learn the passwords and access the files. It is important to understand that, although this flaw does constitute a security vulnerability, the password protection feature is not intended to provide strong security. It was included in the products to enable interoperability with password-protection features in other third-party data compression products, and is only intended to provide protection against casual inspection. Customers who need strong protection for files should use Windows® 2000. The patch will prevent passwords from being written to the user?s system in the future. However, as discussed in the FAQ, after applying the patch, it is important to also delete c:\windows\dynazip.log, in order to ensure that all previously-recorded passwords are deleted.
252694
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 252694usa8.exe
252694
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 252694usam.exe
MS01-020 - 不適切な MIME ヘッダーが原因で Internet Explorer が電子メールの添付ファイルを実行する
Posted: 2001/03/29
Because HTML e-mails are simply web pages, IE can render them and open binary attachments in a way that is appropriate to their MIME types. However, a flaw exists in the type of processing that is specified for certain unusual MIME types. If an attacker created an HTML e-mail containing an executable attachment, then modified the MIME header information to specify that the attachment was one of the unusual MIME types that IE handles incorrectly, IE would launch the attachment automatically when it rendered the e-mail. An attacker could use this vulnerability in either of two scenarios. She could host an affected HTML e-mail on a web site and try to persuade another user to visit it, at which point script on a web page could open the mail and initiate the executable. Alternatively, she could send the HTML mail directly to the user. In either case, the executable attachment, if it ran, would be limited only by user?s permissions on the system.
290108
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP1
Patch: q290108.exe
290108
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: Q290108.exe
MS01-021 - Web 公開時に異常なリクエストによって Web Proxy サービスが停止する
Posted: 2001/04/16
The ISA Server Web Proxy service does not correctly handle web requests that contain a particular type of malformed argument. Processing such a request would result in an access violation, which would cause the Web Proxy service to fail. This would disrupt all ingoing and outgoing web proxy requests until the service was restarted.
295279
Affected Products:
- ISA Server 2000
- ISA Server 2000 Gold
Patch: isahf63.exe
MS01-022 - WebDAV Service Provider によりスクリプトがユーザーとしてリクエストを行う
Posted: 2001/04/18
The Microsoft Data Access Component Internet Publishing Provider provides access to WebDAV resources over the Internet. By design, it should differentiate between requests made by a user and those made by a script running in the user?s browser. However, because of an implementation flaw, it handles all requests in the security context of the user. As a result, if a user browsed to a web page or opened an HTML e-mail that contained script, that script could access web-based resources as the user. The specific actions an attacker could take via this vulnerability would depend on the Web-based resources available to the user, and the user?s privileges on them. However, it is likely that at a minimum, the attacker could browse the user?s intranet, and potentially access web-based e-mail as well.
296441
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
Patch: rbupdate.exe
296441
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Rbupdate.exe
MS01-023 - ISAPI エクステンションの未チェックのバッファにより IIS 5.0 サーバーのセキュリティが侵害される
Posted: 2001/05/01
Windows 2000 introduced native support for the Internet Printing Protocol (IPP), an industry-standard protocol for submitting and controlling print jobs over HTTP. The protocol is implemented in Windows 2000 via an ISAPI extension that is installed by default as part of Windows 2000 but which can only be accessed via IIS 5.0. A security vulnerability results because the ISAPI extension contains an unchecked buffer in a section of code that handles input parameters. This could enable a remote attacker to conduct a buffer overrun attack and cause code of her choice to run on the server. Such code would run in the Local System security context. This would give the attacker complete control of the server, and would enable her to take virtually any action she chose. The attacker could exploit the vulnerability against any server with which she could conduct a web session. No other services would need to be available, and only port 80 (HTTP) or 443 (HTTPS) would need to be open. Clearly, this is a very serious vulnerability, and Microsoft strongly recommends that all IIS 5.0 administrators install the patch immediately. Customers who cannot install the patch can protect their systems by removing the mapping for the Internet Printing ISAPI extension. However, it is important to understand that if Web Printing is enabled via Group Policy, this would override the settings made in the Internet Services Manager. As the FAQ discusses in more detail, customers who have enabled Web Printing via Group Policy should disable it first, then unmap the Internet Printing ISAPI extension.
296576
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
Patch: Q296576_W2K_SP2_x86_ja.EXE
MS01-024 - ドメイン コントローラへの不正なリクエストがメモリを使い果たす
Posted: 2001/05/08
A core service running on all Windows 2000 domain controllers (but not on any other machines) contains a memory leak, which can be triggered when it attempts to process a certain type of invalid service request. By repeatedly sending such a request, an attacker could deplete the available memory on the server. If memory were sufficiently depleted, the domain controller could become unresponsive, which would prevent it from processing logon requests or issuing new Kerberos tickets. An affected machine could be put back into service by rebooting.
299687
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q299687_W2K_SP3_x86_en.EXE
MS01-025 - Index Server の検索機能が未チェックのバッファを含む
Posted: 2001/05/10
The patches discussed below address two security vulnerabilities that are unrelated to each other except in the sense that both affect Index Server 2.0. The first vulnerability is a buffer overrun vulnerability. Index Server 2.0 has an unchecked buffer in a function that processes search requests. If an overly long value were provided for a particular search parameter, it would overrun the buffer. If the buffer were overrun with random data, it would cause Index Server to fail. If it were overrun with carefully selected data, code of the attacker?s choice could be made to run on the server, in the Local System security context. The second vulnerability affects both Index Server 2.0 and Indexing Service in Windows 2000, and is a new variant of the ?Malformed Hit-Highlighting? vulnerability discussed in Microsoft Security Bulletin MS00-006. The new variant has almost the same scope as the original vulnerability, but potentially exposes a new file type If an attacker provided an invalid search request, she could read ?include? files residing on the web server. The new patch eliminates all known variants of the vulnerability.
296185
Affected Products:
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: MS01-025-1
- n/a
294472
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: JPNQ294472i.exe
296185
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q296185_W2K_SP3_x86_ja.EXE
296185
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: JPNq296185i.exe
MS01-026 - 2001 年 5 月 14 日 IIS 用の累積的な修正プログラム
Posted: 2001/05/14
This update eliminates three new vulnerabilities: A vulnerability that could enable a malicious user to run operating system commands on an affected server. A vulnerability that could allow a malicious user to enter a File Transfer Protocol (FTP) command, which can cause IIS 5.0 to fail. FTP is the protocol used for copying files to and from remote computer systems on a network. A vulnerability that can enable a malicious user to access a guest account using the FTP service.
293826
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q293826_W2K_SP3_x86_ja.EXE
295534
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q295534i.exe
MS01-027 - Web サーバー証明書検証の問題により Web サイトの偽装が可能になる
Posted: 2001/05/16
A patch is available to eliminate two newly discovered vulnerabilities affecting Internet Explorer, both of which could enable an attacker to spoof trusted web sites.
295106
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q295106.exe
299618
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q299618.exe
MS01-028 - テンプレートにリンクしている RTF 文書が警告なしでマクロを実行する
Posted: 2001/05/21
The Word 2000 Security Update: Macro Vulnerability addresses a vulnerability that could allow malicious code to run in a Rich Text Format (RTF) document without warning. Under normal circumstances, you will see a warning in Word 2000 when you open a document attached to a template containing macros. However, it is possible for an RTF document to be linked to a template containing macros in such a way that a macro can run with no warning issued. This could cause damage to data or allow unauthorized retrieval of data from your system when you visit a Web site or open an e-mail message.
288266
Affected Products:
- Word 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: wd2kmsec.exe
288266
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: wd97mcrs.exe
MS01-029 - Windows Media Player .ASX プロセッサが未チェックのバッファを含む
Posted: 2001/05/23
This update addresses two security vulnerabilities that are related to each other only by the fact that they both affect Windows Media Player. The two vulnerabilities are a buffer overrun in the functionality used to process Active Stream Redirector (.ASX) files, and a vulnerability affecting how Windows Media Player handles Internet shortcuts. In addition, this update addresses a potential privacy vulnerability that was recently identified.
296138
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: mp71.exe
296138
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
Patch: WMSU47357.exe
MS01-030 - Exchange 2000 Outlook Web Access Service で添付ファイルの不正処理によりスクリプトが実行される
Posted: 2001/06/06
OWA is a service of Exchange 5.5 and 2000 Server that allows users to use a web browser to access their Exchange mailbox. However, a flaw exists in the interaction between OWA and IE for message attachments. If an attachment contains HTML code including script, the script will be executed when the attachment is opened, regardless of the attachment type. Because OWA requires that scripting be enabled in the zone where the OWA server is located, this script could take action against the users Exchange mailbox. An attacker could use this flaw to construct an attachment containing malicious script code. The attacker could then send the attachment in a message to the user. If the user opened the attachment in OWA, the script would execute and could take action against the user?s mailbox as if it were the user, including, under certain circumstances, manipulation of messages or folders.
299535
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
- Exchange 2000 Server
- Exchange 2000 Gold
Patch: Q299535jpni386.EXE
301361
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q301361i386.EXE
MS01-031 - 推測可能な名前付きパイプが Telnet 経由でアクセス権の昇格を可能にする
Posted: 2001/06/07
299553
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q299553_W2K_SP3_x86_ja.EXE
MS01-032 - SQL クエリ方法により、キャッシュされた管理者接続が再使用される
Posted: 2001/06/12
299717
Affected Products:
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Gold
Patch: MS01-032-1
- n/a
299717
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
Patch: s70996i.exe
299717
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
Patch: s80296i.exe
MS01-033 - Index Server ISAPI エクステンションの未チェックのバッファにより Web サーバーが攻撃される
Posted: 2001/06/18
300972
Affected Products:
- Index Server 2.0
- Windows NT4 Service Pack 6a
Patch: MS01-033-1
- n/a
300972
Affected Products:
- Indexing Services for Windows 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: MS01-033-2
- n/a
300972
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q300972_W2K_SP3_x86_ja.EXE
300972
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ300972i.exe
300972
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q300972ts.exe
MS01-034 - 不正な Word 文書が自動的にマクロを実行する
Posted: 2001/06/21
288266
Affected Products:
- Word 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: wd2kmsec.exe
288266
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: wd97mcrs.exe
302294
Affected Products:
- Word 2002
- Office XP Gold
Patch: WRD1001.exe
MS01-035 - FrontPage Server Extension のサブコンポーネントが未チェックのバッファを含む
Posted: 2001/06/21
300477
Affected Products:
- FrontPage 2000 Server Extensions
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q300477.exe
300477
Affected Products:
- FrontPage 2000 Server Extensions
- Windows 2000 Service Pack 2
Patch: Q300477_W2K_SP3_x86_en.EXE
MS01-036 - LDAP SSL で公開される機能がパスワードの変更を可能にする
Posted: 2001/06/25
299687
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q299687_W2K_SP3_x86_ja.EXE
MS01-037 - SMTP サービスの認証エラーがメールの中継を可能にする
Posted: 2001/07/05
302755
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q302755_W2k_SP3_x86_ja.exe
MS01-038 - Outlook ビュー コントロールにより、安全でない機能が利用できる
Posted: 2001/07/12
303825
Affected Products:
- Outlook 2002
- Office XP Gold
Patch: olk1003.exe
303833
Affected Products:
- Outlook 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: outlctlx.exe
MS01-039 - Services for Unix 2.0 の Telnet および NFS サービスでメモリ リークが発生する
Posted: 2001/07/24
294380
Affected Products:
- Services for Unix 2.0 (NT)
- Services for Unix 2.0 (NT) Gold
Patch: q294380_sfu_2_x86.exe
294380
Affected Products:
- Services for Unix 2.0 (Win2K)
- Services for Unix 2.0 (Win2K) Gold
Patch: q294380_sfu_2_x86.Exe
- http://download.microsoft.com/download/win2000platform/patch/q294380/nt5/en-us/q294380_sfu_2_x86.exe
301514
Affected Products:
- Services for Unix 2.0 (NT)
- Services for Unix 2.0 (NT) Gold
Patch: Q301514_JP_SFU_2_X86.exe
301514
Affected Products:
- Services for Unix 2.0 (Win2K)
- Services for Unix 2.0 (Win2K) Gold
Patch: q301514_JP_SFU_2_x86.Exe
MS01-040 - 無効な RDP データの受信により、ターミナル サービスでメモリ リークが発生する場合がある
Posted: 2001/07/25
292435
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q292435_w2k_sp3_x86_ja.exe
292435
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ292435i.exe
MS01-041 - 不正な RPC リクエストがサービスを異常終了させる
Posted: 2001/07/26
299444
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ299444i.exe
298012
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
Patch: q298012_sql2000_x86_en.exe
298012
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP2
Patch: q298012_sql70sp2_x86_en.exe
298012
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q298012_w2k_sp3_x86_ja.exe
299444
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ299444I.exe
299444
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q299444ts.exe
304062
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: q304062jpni386.exe
304063
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 Gold
- Exchange 2000 Server
- Exchange 2000 Gold
Patch: q304063jpni386.exe
304062
Affected Products:
- Exchange Server 5.0
- Exchange Server 5.0 SP1
- Exchange Server 5.0 SP2
Patch: 304062engi386.exe
- n/a
MS01-042 - Windows Media Player .NSC ファイル処理に未チェックのバッファが含まれる
Posted: 2001/07/26
304404
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wmSu55362.exe
304404
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: wMsu55362.exe
304404
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
Patch: Wmsu55362.exe
MS01-043 - NNTP サービスでメモリ リークが発生する
Posted: 2001/08/14
303984
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q303984_w2k_sp3_x86_ja.exe
303984
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: q304876jpni386.exe
MS01-044 - 2001 年 8 月 15 日 IIS 用の累積的な修正プログラム
Posted: 2001/08/15
301625
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: q301625_w2k_sp3_x86_ja.exe
301625
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: q301625i.exe
MS01-045 - H.323 ゲートキーパーのメモリーリーク及び Web Proxy のクロスサイトスクリプティングの脆弱性
Posted: 2001/08/16
289503
Affected Products:
- ISA Server 2000
- ISA Server 2000 Gold
Patch: isahf68.exe
MS01-046 - Windows 2000 赤外線デバイスドライバでのアクセス違反により、システムが再起動する
Posted: 2001/08/21
252795
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q252795_W2K_SP3_x86_ja.EXE
MS01-047 - OWA 機能により、認証されていないユーザーがグローバル アドレス一覧を列挙することができる
Posted: 2001/09/06
307195
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q307195engi386.EXE
MS01-048 - RPC Endpoint Mapper への不正なリクエストにより、RPC サービスが異常終了する
Posted: 2001/09/10
305399
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ305399i.exe
305399
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNq305399i.exe
305399
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: JPNQ305399i.EXE
MS01-049 - 深くネスト化した OWA リクエストによりサーバーの CPU が消費される
Posted: 2001/09/26
303451
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 SP1
- Exchange 2000 Server
- Exchange 2000 SP1
Patch: Q303451jpni386.EXE
MS01-050 - 不正な Excel または PowerPoint の文書がマクロのセキュリティを無視する
Posted: 2001/10/04
306603
Affected Products:
- PowerPoint 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: Ppt2000
306606
Affected Products:
- PowerPoint 2002
- Office XP Gold
Patch: Ppt2002
306604
Affected Products:
- Excel 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: xl2000
306606
Affected Products:
- Excel 2002
- Office XP Gold
Patch: xl2002
MS01-051 - 不正なドットなし IP アドレスにより Web ページがイントラネット ゾーンで処理されてしまう
Posted: 2001/10/10
306121
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q306121.exe
306121
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q306121.Exe
306121
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q306121.exe
MS01-052 - 無効な RDP データが Terminal Service を異常終了させる
Posted: 2001/10/18
307454
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q307454_W2K_SP3_x86_ja.exe
307454
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB307454-x86-JPN
MS01-053 - ダウンロードされたアプリケーションが OS X の Internet Explorer 5.1 for Mac で実行される
Posted: 2001/10/23
311052
Affected Products:
- Internet Explorer 5.1 for Macintosh OS X
- Internet Explorer 5.1 for Macintosh OS X Gold
Patch: MacIE501
MS01-054 - 無効なユニバーサル プラグ アンド プレイのリクエストがシステムのオペレーションを妨害する
Posted: 2001/11/01
309521
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 309073USA8.EXE
309521
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q309521_x86.exe
309521
Affected Products:
- Windows Me
- Windows Me Gold
Patch: WinMEUPnP
MS01-055 - 2001 年 11 月 13 日 Internet Explorer 用の累積的な修正プログラム
Posted: 2001/11/08
312461
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q312461.exe
312461
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q312461.exe
MS01-056 - Windows Media Player の .ASF ファイル処理に、未チェックのバッファが含まれる
Posted: 2001/11/20
309521
Affected Products:
- Windows Media Player for Windows XP
- Windows XP Gold
Patch: WinXPUPnP
308567
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: wm308567.exe
308567
Affected Products:
- Windows Media Player 7.0
- Windows Media Player 7.0 Gold
Patch: wM308567.exe
308567
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
Patch: Wm308567.exe
MS01-057 - 特別な形式の HTML メールのスクリプトが Exchange 5.5 OWA で実行される
Posted: 2001/12/06
313576
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q313576i386.exe
MS01-058 - 2001 年 12 月 13 日 Internet Explorer 用の累積的な修正プログラム
Posted: 2001/12/13
313675
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q313675.exe
313675
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q313675.exe
MS01-059 - ユニバーサル プラグ アンド プレイ (UPnP) に含まれる未チェックのバッファによりシステムが侵害される
Posted: 2001/12/19
315000
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 314757USAM.EXE
315000
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 314941USA8.EXE
315000
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q315000_WXP_SP1_x86_JPN.exe
MS01-060 - SQL Server テキスト フォーマット機能が未チェックのバッファを含む
Posted: 2001/12/20
304850
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP1
Patch: s80428i.exe
304851
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 SP3
Patch: sql7
MS02-001 - 信頼するドメインが認証データ内の SID (セキュリティ ID) のドメイン メンバシップを確認しない
Posted: 2002/01/22
317636
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ317636i.EXE
311401
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
Patch: w2kSP2SRP1.exe
311401
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
Patch: w2kSP2SRP1.Exe
MS02-002 - 不正なネットワーク リクエストにより Office v. X for Mac が異常終了する
Posted: 2002/02/06
317879
Affected Products:
- Office v. X for Macintosh
- Office v. X for Macintosh Gold
Patch: MacPatch
MS02-003 - Exchange 2000 System Attendant がレジストリ リモート アクセス権を不適切に設定する
Posted: 2002/02/07
316056
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 SP2
- Exchange 2000 Server
- Exchange 2000 SP2
Patch: Q316056jpni386.EXE
MS02-004 - Telnet Server に含まれる未チェックのバッファにより、任意のコードが実行される
Posted: 2002/02/07
307298
Affected Products:
- Interix 2.2
- Interix 2.2 Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q307298_W2K_SP3_x86_ja.exe
MS02-005 - 2002 年 2 月 11 日 Internet Explorer の累積的な修正プログラム
Posted: 2002/02/11
316059
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q316059.exe
316059
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q316059.Exe
316059
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q316059.exe
316059
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: Q316059.Exe
MS02-006 - SNMP サービスに含まれる未チェックのバッファにより、任意のコードが実行される
Posted: 2002/02/12
314147
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 4
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: JPNQ314147i.exe
314147
Affected Products:
- Windows 95
- Windows 95 Gold
- Windows 95 SR 2.1
- Windows 95 SR 2.5
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 4
- Windows NT4 Terminal Server Service Pack 5
- Windows NT4 Terminal Server Service Pack 6
Patch: nopatch
314147
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q314147_W2K_SP3_X86_JA.exe
314147
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q314147_WXP_SP1_x86_JPN.exe
MS02-007 - SQL Server のリモート データ ソース関数に未チェックのバッファが含まれる
Posted: 2002/02/20
317979
Affected Products:
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
- SQL Server 2000
- SQL Server 2000 SP2
Patch: 8.00.0578.exe
317979
Affected Products:
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP3
- SQL Server 7.0
- SQL Server 7.0 SP3
Patch: s71021a.exe
MS02-008 - XMLHTTP コントロールにより、ローカル ファイルにアクセスすることができる
Posted: 2002/02/21
317244
Affected Products:
- MSXML 4.0
- MSXML 4.0 Gold
Patch: msxml4qfe.exe
318202
Affected Products:
- MSXML 2.6
- MSXML 2.6 Gold
Patch: Q318202_MSXML20_x86_en.exe
318203
Affected Products:
- MSXML 3.0
- MSXML 3.0 Gold
- MSXML 3.0 SP1
- MSXML 3.0 SP2
- Office XP SP1
- Office XP SP2
Patch: Q318203_MSXML30_x86.exe
MS02-009 - Internet Explorer の不正な VBScript 処理により Web ページがローカル ファイルを読み取る
Posted: 2002/02/21
318089
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: vbs51njp.exe
318089
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: vbs55njp.exe
318089
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Vbs55njp.exe
318089
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: vbs56njp.exe
MS02-010 - ISAPI フィルタの未チェックのバッファにより、Commerce Server が攻撃を受ける
Posted: 2002/02/21
317615
Affected Products:
- Commerce Server 2000
- Commerce Server 2000 Gold
- Commerce Server 2000 SP1
- Commerce Server 2000 SP2
Patch: Q317615_COMMERCE_2000_JP
MS02-011 - 認証問題により、承認されていないユーザーが SMTP サービスに認証することができる
Posted: 2002/02/27
289258
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q289258jpni386.EXE
313450
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
Patch: Q313450_W2K_SP3_X86_JA.exe
MS02-012 - 不正なデータ送信リクエストにより Windows SMTP サービスが異常終了する
Posted: 2002/02/27
313450
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
Patch: Q313450_W2K_SP3_X86_JA.exe
313450
Affected Products:
- Internet Information Services 5.1
- Windows XP Gold
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q313450_WXP_SP1_x86_JPN.exe
MS02-013 - 2002 年 3 月 4 日 VM 用の累積的な修正プログラム
Posted: 2002/03/04
300845
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: msjavx86.eXe
300845
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
Patch: Q300845_W2K_SP3_X86_EN.exe
MS02-014 - Windows Shell の未チェックのバッファにより、コードが実行される
Posted: 2002/03/07
313829
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ313829i.exe
313829
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
Patch: Q313829_W2K_SP3_X86_JA.exe
313829
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNq313829i.exe
313829
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: win9802-014
MS02-015 - 2002 年 3 月 28 日 Internet Explorer 用の累積的な修正プログラム
Posted: 2002/03/28
319182
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q319182.exe
319182
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: q319182.Exe
319182
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
- Internet Explorer 5.01 SP3
- Windows 2000 Service Pack 3
Patch: Q319182.exe
319182
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q319182.EXE
MS02-016 - 読み取り専用アクセスのグループ ポリシー ファイルを開くと、ポリシーの適用が妨害される (318593)
Posted: 2002/04/04
318593
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
Patch: Q318593_W2K_SP3_X86_JA.exe
MS02-017 - Multiple UNC Provider の未チェックのバッファによりコードが実行される (311967)
Posted: 2002/04/04
311967
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ312895i.exe
311967
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q311967_W2K_SP3_X86_JA.exe
311967
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q311967_WXP_SP1_x86_JPN.exe
311967
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNq312895i.exe
MS02-018 - Internet Information Services 用の累積的な修正プログラム (319733)
Posted: 2002/04/10
319733
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q319733_W2K_SP3_X86_JA.exe
319733
Affected Products:
- Internet Information Services 5.1
- Windows XP Gold
Patch: Q319733_WXP_SP1_x86_JPN.exe
319733
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 5
- Windows NT4 Service Pack 6a
Patch: Q319733i.exe
319733
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Q319733ts.exe
MS02-019 - Internet Explorer for Mac および Office for Mac の未チェックのバッファによってコードが実行される (321309)
Posted: 2002/04/16
321309
Affected Products:
- Entourage 2001 for Macintosh
- Office 2001 for Macintosh Gold
- Entourage v. X for Macintosh
- Office v. X for Macintosh Gold
- Excel 2001 for Macintosh
- Office 2001 for Macintosh Gold
- Excel v. X for Macintosh
- Office v. X for Macintosh Gold
- Internet Explorer 5.1 for Machintosh OS 8 and 9
- Internet Explorer 5.1 for Machintosh OS 8 and 9 Gold
- Internet Explorer 5.1 for Macintosh OS X
- Internet Explorer 5.1 for Macintosh OS X Gold
- Outlook Express 5 for Macintosh
- Outlook Express 5 for Macintosh Gold
- PowerPoint 2001 for Macintosh
- Office 2001 for Macintosh Gold
- PowerPoint 98 for Macintosh
- Office 98 for Macintosh Gold
- PowerPoint v. X for Macintosh
- Office v. X for Macintosh Gold
Patch: macpatches
MS02-020 - SQL 拡張プロシージャ機能に未チェックのバッファが含まれる (319507)
Posted: 2002/04/17
319507
Affected Products:
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP3
- SQL Server 7.0
- SQL Server 7.0 SP3
Patch: 7.00.1030_SQL7_sp3_x86_jpn.exe
319507
Affected Products:
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
- SQL Server 2000
- SQL Server 2000 SP2
Patch: 8.00.0608_SQL2K_sp2_x86_enu.exe
MS02-021 - 電子メール エディタの問題により、返信または転送でスクリプトが実行される (321804)
Posted: 2002/04/25
320536
Affected Products:
- Word 2000
- Office 2000 Gold
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: wrd0901.exe
320441
Affected Products:
- Word 2002
- Office XP Gold
Patch: wrd1003.exe
MS02-022 - MSN チャット コントロールの未チェックのバッファによりコードが実行される (321661)
Posted: 2002/05/08
321661
Affected Products:
- MSN Messenger
- MSN Messenger Gold
Patch: messenger
MS02-023 - 2002 年 5 月 15 日 Internet Explorer 用の累積的な修正プログラム (321232)
Posted: 2002/05/15
321232
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q321232.exe
321232
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q321232.Exe
321232
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Windows 2000 Service Pack 3
Patch: q321232.ExE
321232
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q321232.exe
321232
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: Q321232.Exe
MS02-024 - Windows Debugger の認証問題により、権限が昇格する (320206)
Posted: 2002/05/22
320206
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ320206i.exe
320206
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q320206_W2K_SP4_X86_JA.exe
320206
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNq320206i.exe
MS02-025 - 不正なメール属性により Exchange 2000 が CPU リソースを使い果たす (320436)
Posted: 2002/05/28
320436
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 SP2
- Exchange 2000 Server
- Exchange 2000 SP2
Patch: Q320436jpni386.EXE
MS02-026 - ASP.NET ワーカー プロセスに未チェックのバッファが含まれる (322289)
Posted: 2002/06/06
322289
Affected Products:
- .NET Framework
- .NET Framework Gold
Patch: NDP10_QFEM_Q322289_En.exe
MS02-027 - Gopher プロトコル ハンドラの未チェックのバッファにより、攻撃者の任意のコードが実行される (323889)
Posted: 2002/06/11
323889
Affected Products:
- Proxy Server 2.0
- Proxy Server 2.0 Gold
Patch: 29106_ENU_i386_zip.exe
323889
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: 323889_IE5.01_SP2
323889
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Windows 2000 Service Pack 3
Patch: 323889_IE5.01_SP3
323889
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: 323889_IE5.5_SP1
323889
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: 323889_IE5.5_SP2
323889
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: 323889_IE6.0
323889
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: isahf177.exe
MS02-028 - HTR のチャンクされたエンコードのヒープ オーバーランにより Web サーバーのセキュリティが侵害される (321599)
Posted: 2002/06/11
321599
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q321599_W2K_SP4_X86_JA.exe
321599
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q321599i.exe
MS02-029 - リモート アクセス サービスの電話帳の未チェックのバッファによりコードが実行される (318138)
Posted: 2002/06/11
318138
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ318138i.exe
318138
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
Patch: Q318138_W2K_SP3_X86_JA.exe
318138
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q318138_WXP_SP1_x86_JPN.exe
318138
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNq318138i.exe
318138
Affected Products:
- Microsoft Routing and Remote Access Server for Windows NT 4.0
- Windows NT4 Service Pack 6a
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ318138i.Exe
MS02-030 - SQLXML の未チェックのバッファによりコードが実行される (321911)
Posted: 2002/06/12
321911
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
Patch: 321911_SQL_2000.80_SP2
MS02-031 - Excel for Windows および Word for Windows 用の累積的な修正プログラム (324458)
Posted: 2002/06/19
324126
Affected Products:
- Excel 2000
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: exc0901.exe
323548
Affected Products:
- Excel 2002
- Office XP SP1
Patch: exc1002.exe
323547
Affected Products:
- Word 2002
- Office XP SP1
Patch: wrd1004.exe
MS02-032 - 2002 年 6 月 26 日 Windows Media Player 用の累積的な修正プログラム (320920)
Posted: 2002/06/26
320920
Affected Products:
- Windows Media Player 6.4 for Windows 2000
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows Media Player 6.4 for Windows XP
- Windows XP Gold
Patch: wm320920_64.exe
- http://download.microsoft.com/download/winmediaplayer/update/320920/w98nt42kme/en-us/wm320920_64.exe
320920
Affected Products:
- Windows Media Player 6.4
- Windows Media Player 6.4 Gold
Patch: Wm320920_64.exe
- http://download.microsoft.com/download/winmediaplayer/update/320920/w98nt42kme/en-us/wm320920_64.exe
320920
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: wm320920_71.exe
320920
Affected Products:
- Windows Media Player for Windows XP
- Windows XP Gold
Patch: wm320920_8.exe
MS02-033 - プロファイル サービスの未チェックのバッファにより Commerce Server でコードが実行される (322273)
Posted: 2002/06/26
322273
Affected Products:
- Commerce Server 2002
- Commerce Server 2002 Gold
Patch: Q322273_CS2002_JA.exe
322273
Affected Products:
- Commerce Server 2000
- Commerce Server 2000 Gold
- Commerce Server 2000 SP1
- Commerce Server 2000 SP2
Patch: Q322273_JA.EXE
MS02-034 - SQL Server 用の累積的な修正プログラム (316333)
Posted: 2002/07/10
322853
Affected Products:
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
- SQL Server 2000
- SQL Server 2000 SP2
Patch: 8.00.0650_jpn.exe
MS02-035 - SQL Server のインストール プロセスで、パスワードがシステムに残る (263968)
Posted: 2002/07/10
263968
Affected Products:
- SQL Server 7.0
- SQL Server 7.0 Gold
- SQL Server 7.0 SP1
- SQL Server 7.0 SP2
- SQL Server 7.0 SP3
- SQL Server 7.0 SP4
Patch: killpwd.exe
263968
Affected Products:
- SQL Server 2000
- SQL Server 2000 Gold
- SQL Server 2000 SP1
- SQL Server 2000 SP2
Patch: SQL2kKillPwd.exe
MS02-036 - Microsoft Metadirectory Services の認証問題により、権限が昇格する (317138)
Posted: 2002/07/24
317138
Affected Products:
- Microsoft Metadirectory Services 2.2
- Microsoft Metadirectory Services 2.2 SP1
Patch: Q317138.EXE
MS02-037 - SMTP クライアント EHLO コマンドへのサーバー応答で、バッファ オーバーランが発生する (326322)
Posted: 2002/07/24
326322
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Q326322jpni386.EXE
MS02-038 - SQL Server 2000 ユーティリティの未チェックのバッファにより、コードが実行される (316333)
Posted: 2002/07/24
316333
Affected Products:
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
- SQL Server 2000
- SQL Server 2000 SP2
Patch: 8.00.0686_enu.exe
MS02-039 - SQL Server 2000 解決サービスのバッファのオーバーランにより、コードが実行される (323875)
Posted: 2002/07/24
323875
Affected Products:
- SQL Server 2000
- SQL Server 2000 SP2
Patch: Q319243_MDAC27_x86.exe
MS02-040 - MDAC 機能の未チェックのバッファにより、システムが侵害される (326573)
Posted: 2002/07/30
326573
Affected Products:
- MDAC 2.7
- MDAC 2.7 Gold
Patch: Q323263_MDAC27_x86_en.exe
326573
Affected Products:
- MDAC 2.5
- MDAC 2.5 SP2
Patch: Q323264_MDAC25_x86_en.exe
326573
Affected Products:
- MDAC 2.6
- MDAC 2.6 SP2
Patch: Q323266_MDAC26_x86_en.exe
MS02-041 - Content Management Server の未チェックのバッファにより、サーバーが侵害される (326075)
Posted: 2002/08/06
326075
Affected Products:
- Content Management Server 2001
- Content Management Server 2001 Gold
- Content Management Server 2001 SP1
- Content Management Server 2001 SRP1
Patch: mcms2001srp1.exe
MS02-042 - 接続マネージャの問題により、権限が昇格する (326886)
Posted: 2002/08/15
326886
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q326886_W2K_SP4_X86_JA.exe
MS02-043 - SQL Server 用の累積的な修正プログラム (316333)
Posted: 2002/08/15
327068
Affected Products:
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP4
- SQL Server 7.0
- SQL Server 7.0 SP4
Patch: 7.00.1076_jpn.exe
316333
Affected Products:
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
- SQL Server 2000
- SQL Server 2000 SP2
Patch: 8.00.0686_enu.exe
MS02-044 - Office Web Components に安全でない機能が含まれる (328130)
Posted: 2002/08/21
328130
Affected Products:
- BackOffice Server 2000
- BackOffice Server 2000 Gold
- BizTalk Server 2000
- BizTalk Server 2000 Gold
- BizTalk Server 2000 SP1
- BizTalk Server 2000 SP2
- BizTalk Server 2002
- BizTalk Server 2002 Gold
- BizTalk Server 2002 SP1
- Commerce Server 2000
- Commerce Server 2000 Gold
- Commerce Server 2000 SP1
- Commerce Server 2000 SP2
- Commerce Server 2002
- Commerce Server 2002 Gold
- ISA Server 2000
- ISA Server 2000 Gold
- ISA Server 2000 SP1
- Office 2000
- Office 2000 Gold
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
- Office Web Components 2000
- Office Web Components 2000 Gold
- Office Web Components 2002
- Office Web Components 2002 Gold
- Office XP
- Office XP Gold
- Office XP SP1
- Small Business Server 2000
- Small Business Server 2000 Gold
Patch: owcupd.exe
328130
Affected Products:
- Project 2002
- Project 2002 Gold
Patch: prj1001.exe
328130
Affected Products:
- Project Server 2002
- Project Server 2002 Gold
Patch: ps1001jp.exe
- http://download.microsoft.com/download/microsoftproject2002/ps1001en/10/win98mexp/en-us/ps1001en.exe
MS02-045 - ネットワーク共有プロバイダの未チェックのバッファにより、サービス拒否が起こる (326830)
Posted: 2002/08/21
326830
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ326830i.exe
326830
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q326830_W2K_SP4_X86_JA.exe
326830
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q326830_WXP_SP1_x86_JPN.exe
326830
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ326830i.Exe
MS02-046 - TSAC ActiveX コントロールのバッファ オーバーランにより、コードが実行される (327521)
Posted: 2002/08/21
327521
Affected Products:
- Microsoft Terminal Services Advanced Client (TSAC) ActiveX control
- Microsoft Terminal Services Advanced Client (TSAC) ActiveX control Gold
Patch: tswebsetup.exe
MS02-047 - Internet Explorer 用の累積的な修正プログラム (323759)
Posted: 2002/08/21
323759
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q323759.exe
323759
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q323759.Exe
323759
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Windows 2000 Service Pack 3
Patch: q323759.EXe
323759
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP1
Patch: Q323759.exe
323759
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q323759.Exe
MS02-048 - Certificate Enrollment Control の問題により、デジタル証明書が削除される (323172)
Posted: 2002/08/28
323172
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ323172i.exe
323172
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 323172USA8.EXE
323172
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 323172USAM.EXE
323172
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: q323172_W2K_SP4_X86_JA.exe
323172
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q323172_WXP_SP1_x86_JPN.exe
323172
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ323172i.Exe
MS02-049 - 警告なしで Web ページが Visual FoxPro 6.0 アプリケーションを起動する (326568)
Posted: 2002/09/04
326568
Affected Products:
- Visual FoxPro 6.0
- Visual FoxPro 6.0 Gold
Patch: vfp_q326568_en.exe
MS02-050 - 証明書確認の問題により、ID が偽装される (329115)
Posted: 2002/09/04
329115
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ329115i.Exe
329115
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: JPNQ329115i.ExE
329115
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q329115_W2K_SP4_X86_JA.exe
329115
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q329115_WXP_SP2_x86_JPN.exe
329115
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNq329115i.EXE
329115
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SE
- Windows 98 Gold
Patch: Q329115-Win98
329115
Affected Products:
- Windows Me
- Windows Me Gold
Patch: Q329115-WinME
329115
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 4
Patch: Q329115_W2K_SP4_X86_JAP.exe
MS02-051 - RDP プロトコルの暗号の問題により、情報が漏えいされる (324380)
Posted: 2002/09/18
324380
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q324380_W2K_SP4_X86_JA.exe
324380
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q324380_WXP_SP1_x86_JPN.exe
MS02-052 - Microsoft VM JDBC クラスの問題により、コードが実行される (329077)
Posted: 2002/09/18
329077
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
Patch: vm-sfix3.exe
MS02-053 - Smart HTML インタープリタでバッファオーバーランによりコードが実行される (324096)
Posted: 2002/09/24
324096
Affected Products:
- FrontPage 2000 Server Extensions
- FrontPage 2000 Server Extensions Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: FPSE0901.exe
324096
Affected Products:
- FrontPage Server Extensions 2002
- FrontPage Server Extensions 2002 Gold
Patch: MS02-053FPSE2002
324096
Affected Products:
- FrontPage 2000 Server Extensions
- FrontPage 2000 Server Extensions Gold
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q324096_W2K_SP4_X86_JA.exe
324096
Affected Products:
- FrontPage 2000 Server Extensions
- FrontPage 2000 Server Extensions Gold
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q324096_WXP_SP1_x86_JPN.exe
MS02-054 - ファイル展開機能に含まれる未チェックのバッファにより、コードが実行される (329048)
Posted: 2002/10/02
329048
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 329048USA8.EXE
329048
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 329048USAM.EXE
329048
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: q329048_WXP_SP2_x86_JPN.exe
329048
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q329048_WXP_SP2_x86_JPN.exe
MS02-055 - Windows ヘルプ機能の未チェックのバッファにより、コードが実行される (323255)
Posted: 2002/10/02
323255
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Hhupd.exe
323255
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
Patch: 323255USA8.EXE
323255
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 323255USAM.EXE
323255
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q323255_W2K_SP4_X86_JA.exe
323255
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q323255_WXP_SP2_x86_JPN.exe
- hhttp://download.microsoft.com/download/whistler/Patch/Q323255/WXP/JA/Q323255_WXP_SP2_x86_JPN.exe
MS02-056 - SQL Server 用の累積的な修正プログラム (316333)
Posted: 2002/10/02
316333
Affected Products:
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP4
- SQL Server 7.0
- SQL Server 7.0 SP4
Patch: 7.00.1078_jpn.exe
316333
Affected Products:
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
- SQL Server 2000
- SQL Server 2000 SP2
Patch: 8.00.0686_enu.exe
MS02-057 - Services for Unix 3.0 に含まれる Interix SDK の問題によりコードが実行される (329209)
Posted: 2002/10/02
329209
Affected Products:
- Services For Unix 3.0 Interix SDK
- Services For Unix 3.0 Interix SDK Gold
Patch: q329209_sfu_3_x86_en.exe
MS02-058 - Outlook Express の S/MIME 解析の未チェックのバッファによりシステムが侵害される(328676)
Posted: 2002/10/09
328676
Affected Products:
- Outlook Express 5.5
- Internet Explorer 5.5 SP2
Patch: OE55-Q328676
328676
Affected Products:
- Outlook Express 6.0
- Internet Explorer 6 Gold
Patch: OE60-Q328676
MS02-059 - Word フィールドおよび Excel の外部データ更新の問題により、情報が漏えいされる (330008)
Posted: 2002/10/16
330008
Affected Products:
- Excel 2002
- Office XP SP2
Patch: Excel2002MS02-059
330008
Affected Products:
- Word 2000
- Office 2000 Service Pack 1
- Office 2000 Service Pack 2
- Office 2000 SR-1
- Office 2000 SR-1a
Patch: Word2000MS02-059
330008
Affected Products:
- Word 2001 for Macintosh
- Office 2001 for Macintosh SR1
Patch: Word2001MacMS02-059
330008
Affected Products:
- Word 2002
- Office XP SP2
Patch: Word2002MS02-059
330008
Affected Products:
- Word 97
- Office 97 Gold
- Word 98
- Word 98 Gold
Patch: Word98JMS02-059
330008
Affected Products:
- Word 98 for Macintosh
- Office 98 for Macintosh Gold
Patch: Word98MacMS02-059
330008
Affected Products:
- Word v. X for Macintosh
- Office v. X for Macintosh SR 1
Patch: Wordx.VMacMS02-059
MS02-060 - Windows XP 「ヘルプとサポート センター」 の問題によりファイルが削除される (328940)
Posted: 2002/10/16
328940
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q328940_WXP_SP1_x86_JPN.exe
MS02-061 - SQL Server Web タスクで権限が昇格する (316333)
Posted: 2002/10/16
316333
Affected Products:
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP4
- SQL Server 7.0
- SQL Server 7.0 SP4
Patch: 7.00.1078_jpn.exe
316333
Affected Products:
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP2
- SQL Server 2000
- SQL Server 2000 SP2
Patch: 8.00.0686_enu.exe
MS02-062 - Internet Information Service 用の累積的な修正プログラム (327696)
Posted: 2002/10/30
327696
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q327696_W2K_SP4_X86_JA.exe
327696
Affected Products:
- Internet Information Services 5.1
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q327696_WXP_SP2_x86_JPN.exe
327696
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q327696I.EXE
MS02-063 - PPTP サービスの未チェックのバッファにより、サービス拒否の攻撃を受ける (329834)
Posted: 2002/10/30
329834
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q329834_W2K_SP4_X86_JA.exe
329834
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: q329834_WXP_SP2_x86_JPN.exe
329834
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q329834_WXP_SP2_x86_JPN.exe
MS02-064 - Windows 2000 の既定のアクセス権により、トロイの木馬プログラムが実行される (327522)
Posted: 2002/10/30
327522
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Gold
- Windows 2000 Service Pack 1
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: W2K_MS02-064
MS02-065 - Microsoft Data Access Components のバッファ オーバーランにより、コードが実行される (329414)
Posted: 2002/11/19
329414
Affected Products:
- MDAC 2.1
- MDAC 2.1 Gold
- MDAC 2.1 SP1
- MDAC 2.1 SP1A
- MDAC 2.1 SP2
Patch: q329414_mdacall_x86.exE
329414
Affected Products:
- MDAC 2.5
- MDAC 2.5 Gold
- MDAC 2.5 SP1
- MDAC 2.5 SP2
- MDAC 2.5 SP3
Patch: q329414_mdacall_x86.eXE
329414
Affected Products:
- MDAC 2.6
- MDAC 2.6 Gold
- MDAC 2.6 SP1
- MDAC 2.6 SP2
Patch: q329414_mdacall_x86.exe
MS02-066 - Internet Explorer 用の累積的な修正プログラム (328970)
Posted: 2002/11/20
328970
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Windows 2000 Service Pack 3
Patch: q328970.exe
328970
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q328970.Exe
328970
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q328970.Exe
328970
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q328970.EXe
MS02-067 - 電子メール ヘッダー処理の問題により、Outlook 2002 が異常終了する (331866)
Posted: 2002/12/04
331866
Affected Products:
- Outlook 2002
- Office XP SP2
Patch: MS02-067
MS02-068 - Internet Explorer 用の累積的な修正プログラム (324929)
Posted: 2002/12/04
324929
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q324929.Exe
324929
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q324929.Exe
324929
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q324929.EXe
MS02-069 - Microsoft VM の問題により、システムが侵害される (810030)
Posted: 2002/12/11
810030
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows 95
- Windows 95 Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q810030_JVM
810030
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q810030_W2K.exe
MS02-070 - SMB 署名の問題により、グループ ポリシーが変更される (329170)
Posted: 2002/12/11
329170
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q329170_W2K_SP4_X86_JA.exe
329170
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q329170_WXP_SP2_x86_JPN.exe
329170
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q329170_WXP_SP2_x86_JPN.Exe
MS02-071 - Windows WM_TIMER メッセージ処理の問題により、権限が昇格する (328310)
Posted: 2002/12/11
328310
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ328310i.exE
328310
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
Patch: Q328310_W2K_SP4_X86_JA.exe
328310
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 3
Patch: Q328310_W2K_SP4_X86_JA.exE
328310
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q328310_WXP_SP2_x86_JPN.exe
328310
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q328310_WXP_SP2_x86_JPN.Exe
328310
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: JPNQ328310i.exe
328310
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ328310i.EXE
MS02-072 - Windows Shell の未チェックのバッファによりシステムが侵害される (329390)
Posted: 2002/12/17
329390
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q329390_WXP_SP2_x86_JPN.exe
329390
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q329390_WXP_SP2_x86_JPN.Exe
MS03-001 - Locator Service の未チェックのバッファにより、コードが実行される (810833)
Posted: 2003/01/20
810833
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ810833i.exe
810833
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q810833_W2K_SP4_X86_JA.exe
810833
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q810833_WXP_SP2_x86_JPN.exe
810833
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q810833_WXP_SP2_x86_JPN.Exe
810833
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ810833i.Exe
MS03-002 - Microsoft Content Management Server 用の累積的な修正プログラム (810487)
Posted: 2003/01/21
810487
Affected Products:
- Content Management Server 2001
- Content Management Server 2001 Gold
- Content Management Server 2001 SP1
- Content Management Server 2001 SRP1
Patch: mcms2001srp2.exe
MS03-003 - Outlook 2002 が Version 1 の Exchange Server Security 証明書を処理する方法に存在する問題により、情報が漏えいする (812262)
Posted: 2003/01/21
812262
Affected Products:
- Outlook 2002
- Office XP SP2
Patch: Olk1006.exeOlk1006.exe
MS03-004 - Internet Explorer 用の累積的な修正プログラム (810847)
Posted: 2003/02/05
810847
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Windows 2000 Service Pack 3
Patch: q810847.exe
810847
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q810847.Exe
810847
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q810847.Exe
810847
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q810847.EXe
MS03-005 - Windows リダイレクタの未チェックのバッファにより権限が昇格する (810577)
Posted: 2003/02/05
810577
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q810577_WXP_SP2_x86_JPN.exe
810577
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q810577_WXP_SP2_x86_JPN.Exe
MS03-006 - Windows Me の 「ヘルプとサポート」 の問題によりコードが実行される (812709)
Posted: 2003/02/26
812709
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 812709USAM.exe
MS03-007 - Windows コンポーネントの未チェックのバッファにより サーバーが侵害される (815021)
Posted: 2003/03/17
815021
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ815021i.EXE
815021
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q815021_W2K_SP4_X86_JA.exe
815021
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q815021_WXP_SP2_x86_JPN.exe
815021
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q815021_WXP_SP2_x86_JPN.Exe
815021
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ815021i.exe
MS03-008 - Windows スクリプト エンジンの問題により、コードが実行される (814078)
Posted: 2003/03/19
814078
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: js56mjp.exe
814078
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: js56njp.exe
MS03-009 - ISA Server DNS アタック検出フィルタの問題により、サービス拒否が起こる (331065)
Posted: 2003/03/19
331065
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: isahf256.exe
MS03-010 - RPC エンドポイント マッパーの問題により、サービス拒否の攻撃が実行される (331953)
Posted: 2003/03/26
331953
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: NT4Workstation Note Message
331953
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
Patch: NT4 Server Note Message
331953
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: NT4 TS Note Message
331953
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q331953_W2K_SP4_X86_JA.exe
331953
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q331953_WXP_SP2_x86_JPN.exe
331953
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q331953_WXP_SP2_x86_JPN.Exe
MS03-011 - Microsoft VM の問題により、システムが侵害される (816093)
Posted: 2003/04/09
816093
Affected Products:
- Microsoft Virtual Machine (VM)
- Microsoft Virtual Machine (VM) Gold
- Windows 95
- Windows 95 Gold
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: msjavwu.exe
816093
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q816093_W2K_SP4_X86_JA.exe
MS03-012 - Winsock プロキシ サービスおよび ISA Firewall サービスの問題により、サービス拒否が起こる (331066)
Posted: 2003/04/09
331066
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: MS03-012MSISAServer
331066
Affected Products:
- Proxy Server 2.0
- Proxy Server 2.0 SP1
Patch: MS03-012MSProxyServer
MS03-013 - Windows カーネル メッセージ処理のバッファ オーバーランにより、権限が昇格する (811493)
Posted: 2003/04/16
811493
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ811493i.EXE
811493
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Q811493i.EXe
811493
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q811493_W2K_SP4_X86_JA.exe
811493
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q811493_WXP_SP2_x86_JPN.exe
811493
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q811493_WXP_SP2_x86_JPN.Exe
811493
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ811493i.exe
MS03-014 - Outlook Express 用の累積的な修正プログラム (330994)
Posted: 2003/04/23
330994
Affected Products:
- Outlook Express 5.5
- Internet Explorer 5.5 SP2
Patch: q330994.exe
330994
Affected Products:
- Outlook Express 6.0
- Internet Explorer 6 Gold
Patch: Q330994.exe
330994
Affected Products:
- Outlook Express 6.0
- Internet Explorer 6 SP1
Patch: Q330994.Exe
MS03-015 - Internet Explorer 用の累積的な修正プログラム (813489)
Posted: 2003/04/23
813489
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Windows 2000 Service Pack 3
Patch: q813489.exe
813489
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q813489.exe
813489
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q813489.Exe
813489
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q813489.EXe
MS03-016 - BizTalk Server 用の累積的な修正プログラム (815206)
Posted: 2003/04/30
815206
Affected Products:
- BizTalk Server 2000
- BizTalk Server 2000 Gold
- BizTalk Server 2000 SP1
- BizTalk Server 2000 SP2
Patch: BTS2000-815207-ja.EXE
815206
Affected Products:
- BizTalk Server 2002
- BizTalk Server 2002 Gold
Patch: BTS2002-815208-ja.exe
MS03-017 - Windows Media Player スキン ダウンロードの問題により、コードが実行される (817787)
Posted: 2003/05/07
817787
Affected Products:
- Windows Media Player 7.1
- Windows Media Player 7.1 Gold
Patch: WindowsMedia71-KB817787-x86-JPN.exe
817787
Affected Products:
- Windows Media Player for Windows XP
- Windows XP Gold
- Windows XP Service Pack 1
Patch: WindowsMedia8-KB817787-x86-JPN.exe
MS03-018 - Internet Information Service 用の累積的な修正プログラム (811114)
Posted: 2003/05/28
811114
Affected Products:
- Internet Information Services 5.0
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: Q811114_W2K_SP4_X86_JA.exe
811114
Affected Products:
- Internet Information Services 5.1
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q811114_WXP_SP2_x86_JPN.exe
811114
Affected Products:
- Internet Information Server 4.0
- Windows NT4 Service Pack 6a
Patch: Q811114I.EXE
MS03-019 - Windows Media サービスの ISAPI エクステンションの問題により、コードが実行される (817772)
Posted: 2003/05/28
817772
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsMedia41-KB817772-x86-JPN.exe
817772
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: WindowsMedia41-KB817772-x86-JPN.Exe
MS03-020 - Internet Explorer 用の累積的な修正プログラム (818529)
Posted: 2003/06/04
818529
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Windows 2000 Service Pack 3
Patch: q818529.exe
818529
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q818529.exe
818529
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q818529.Exe
818529
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q818529.EXe
818529
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB818529-x86-JPN.exe
MS03-021 - Windows Media Player の問題により、メディア ライブラリがアクセスされる (819639)
Posted: 2003/06/25
819639
Affected Products:
- Windows Media Player 9 Series
- Windows Media Player 9 Series Gold
- Windows Media Player 9 Series for Windows XP
- Windows XP Gold
- Windows XP Service Pack 1
Patch: WindowsMedia9-KB819639-x86-JPN.exe
819639
Affected Products:
- Windows Media Player 9 Series for Windows Server 2003
- Windows Server 2003 Gold
Patch: WindowsMedia9-KB819639-x86-JPN.EXE
MS03-022 - Windows Media サービスの ISAPI エクステンションの問題により、コードが実行される (822343)
Posted: 2003/06/25
822343
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: WindowsMedia41-KB822343-x86-JPN.exe
MS03-023 - HTML コンバータのバッファ オーバーランにより、コードが実行される (823559)
Posted: 2003/07/09
823559
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: windows-kb823559-jpn.exe
823559
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SE
- Windows 98 Gold
Patch: 823559USA8.EXE
823559
Affected Products:
- Windows Me
- Windows Me Gold
Patch: 823559USAM.EXE
823559
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB823559-x86-JPN.exe
823559
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Windows-KB823559-JPN.exe
823559
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB823559-x86-JPN.exe
823559
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: WindowsXP-KB823559-x86-JPN.exe
MS03-024 - Windows のバッファ オーバーランによりデータが破損する (817606)
Posted: 2003/07/09
817606
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ817606i.EXE
817606
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: Q817606_WXP_SP2_x86_JPN.exe
817606
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: Q817606_WXP_SP2_x86_JPN.Exe
817606
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ817606i.exe
817606
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 3
Patch: Windows2000-KB817606-x86-JPN.exe
MS03-025 - ユーティリティ マネージャによる Windows メッセージ処理の問題により、権限が昇格する (822679)
Posted: 2003/07/09
822679
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Server
- Windows 2000 Service Pack 3
Patch: Windows2000-KB822679-x86-JPN.exe
MS03-026 - RPC インターフェイスのバッファ オーバーランによりコードが実行される (823980)
Posted: 2003/07/16
823980
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ823980i.exe
823980
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: JPNQ823980i.EXE
823980
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB823980-x86-JPN.exe
823980
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB823980-x86-JPN.exe
823980
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB823980-x86-JPN.exe
823980
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB823980-x86-JPN.EXE
MS03-027 - Windows シェルの未チェックのバッファによりコンピュータが侵害される (821557)
Posted: 2003/07/16
821557
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB821557-x86-JPN.exe
821557
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB821557-x86-JPN.EXE
MS03-028 - ISA Server のエラー ページの問題により、クロスサイト スクリプティング攻撃が実行される (816456)
Posted: 2003/07/16
816456
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
Patch: ISA2000-KB816456-x86.exe
MS03-029 - Windows の機能の問題により、サービス拒否が起こる (823803)
Posted: 2003/07/23
823803
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ823803i.EXE
823803
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB823803-x86-JPN.EXE
MS03-030 - DirectX の未チェックのバッファにより、コンピュータが侵害される (819696)
Posted: 2003/07/23
819696
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: JPNQ819696i.EXE
819696
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
Patch: DirectX9-KB819696-x86-JPN.exe
819696
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: Q819696_WXP_SP2_x86_JPN.exe
819696
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: JPNQ819696i.exe
819696
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB819696-x86-JPN.exe
819696
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB819696-x86-JPN.exe
MS03-031 - Microsoft SQL Server 用の累積的な修正プログラム (815495)
Posted: 2003/07/23
815495
Affected Products:
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP3
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP3a
- SQL Server 2000
- SQL Server 2000 SP3
Patch: SQL2000-KB815495-8.00.0818-JPN.exe
815495
Affected Products:
- Microsoft Data Engine (MSDE)
- SQL Server 7.0 SP4
- SQL Server 7.0
- SQL Server 7.0 SP4
Patch: SQL70-KB815495-v7.00.1094-JPN.exe
MS03-032 - Internet Explorer 用の累積的な修正プログラム (822925)
Posted: 2003/08/20
822925
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Windows 2000 Service Pack 3
Patch: q822925.exe
822925
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP4
Patch: q822925.ExE
822925
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q822925.EXE
822925
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q822925.exe
822925
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q822925.EXE
822925
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB822925-x86-JPN.exe
MS03-033 - MDAC 機能の未チェックのバッファにより、システムが侵害される (823718)
Posted: 2003/08/20
823718
Affected Products:
- MDAC 2.7
- MDAC 2.7 Gold
Patch: q823718_MDAC_SecurityPatch.exe
823718
Affected Products:
- MDAC 2.7
- MDAC 2.7 SP1
Patch: q823718_MDAC_SecurityPatch.EXE
823718
Affected Products:
- MDAC 2.6
- MDAC 2.6 SP2
Patch: Q823718_mdac_SecurityPatch.EXE
823718
Affected Products:
- MDAC 2.5
- MDAC 2.5 SP2
Patch: Q823718_MDAC_SecurityPatch.exe
823718
Affected Products:
- MDAC 2.5
- MDAC 2.5 SP3
Patch: Q823718_MDAC_SecurityPatch.EXEQ823718_MDAC_SecurityPatch.EXE
MS03-034 - NetBIOS の問題により、情報が漏えいする (824105)
Posted: 2003/09/03
824105
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB824105-x86-JPN.exe
824105
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB824105-x86-JPN.EXE
824105
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB824105-x86-JPN.EXE
824105
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB824105-x86-JPN.exe
824105
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB824105-x86-JPN.exe
824105
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB824105-x86-JPN.EXE
MS03-035 - Microsoft Word の問題により、マクロが自動的に実行される (827653)
Posted: 2003/09/03
827653
Affected Products:
- Office 2000
- Office 2000 Service Pack 2
- Office 2000 Service Pack 3
- Office 2000 SR-1
- Office 2000 SR-1a
- Word 2000
- Office 2000 Service Pack 2
- Office 2000 Service Pack 3
- Office 2000 SR-1
- Office 2000 SR-1a
- Works 2001
- Works 2001 Gold
Patch: office2000-kb824936-fullfile-jpn.exe
827653
Affected Products:
- Office XP
- Office XP SP2
- Word 2002
- Office XP SP2
- Works 2003
- Works 2003 Gold
Patch: officexp-kb824934-fullfile-jpn.exe
MS03-036 - WordPerfect コンバータのバッファオーバーランにより、コードが実行される (827103)
Posted: 2003/09/03
827103
Affected Products:
- FrontPage 2000
- Office 2000 Service Pack 3
- Office 2000 SR-1
- Office 2000 SR-1a
- Office 2000
- Office 2000 Service Pack 2
- Office 2000 Service Pack 3
- Office 2000 SR-1
- Office 2000 SR-1a
- Publisher 2000
- Office 2000 Service Pack 3
- Office 2000 SR-1
- Office 2000 SR-1a
- Works 2001
- Works 2001 Gold
Patch: office2000-kb824993-client-jpn.exe
827103
Affected Products:
- FrontPage 2002
- Office XP SP1
- Office XP SP2
- Office XP
- Office XP SP1
- Office XP SP2
- Publisher 2002
- Office XP SP1
- Office XP SP2
- Works 2002
- Works 2002 Gold
- Works 2003
- Works 2003 Gold
Patch: officexp-kb824938-client-jpn.exe
MS03-037 - Visual Basic for Applications の問題により、任意のコードが実行される (822715)
Posted: 2003/09/03
822715
Affected Products:
- Access 97
- Office 97 Gold
Patch: MS03-037-1
- n/a
822715
Affected Products:
- VBA 6.2
- VBA 6.2 Gold
Patch: MS03-037-10
- n/a
822715
Affected Products:
- VBA 6.3
- VBA 6.3 Gold
Patch: MS03-037-11
- n/a
822715
Affected Products:
- Visio 2002
- Visio 2002 Gold
Patch: MS03-037-12
- n/a
822715
Affected Products:
- Word 97
- Office 97 Gold
Patch: MS03-037-13
- n/a
822715
Affected Products:
- Word 98
- Word 98 Gold
Patch: MS03-037-14
- n/a
822715
Affected Products:
- Excel 97
- Office 97 Gold
Patch: MS03-037-2
- n/a
822715
Affected Products:
- Office 2000
- Office 2000 Service Pack 3
Patch: MS03-037-3
- n/a
822715
Affected Products:
- Office XP
- Office XP SP2
Patch: MS03-037-4
- n/a
822715
Affected Products:
- PowerPoint 97
- Office 97 Gold
Patch: MS03-037-5
- n/a
822715
Affected Products:
- Project 2000
- Project 2000 SR1
Patch: MS03-037-6
- n/a
822715
Affected Products:
- Project 2002
- Project 2002 Gold
Patch: MS03-037-7
- n/a
822715
Affected Products:
- VBA 5.0
- VBA 5.0 Gold
Patch: MS03-037-8
- n/a
822715
Affected Products:
- VBA 6.0
- VBA 6.0 Gold
Patch: MS03-037-9
- n/a
MS03-038 - Microsoft Access Snapshot Viewer の未チェックのバッファにより、コードが実行される (827104)
Posted: 2003/09/03
827104
Affected Products:
- Access 2000
- Office 2000 Service Pack 3
Patch: office2000-kb826292-fullfile-jpn.exe
827104
Affected Products:
- Office XP
- Office XP SP1
- Office XP SP2
Patch: officexp-kb826293-client-jpn.exe
MS03-039 - RPCSS サービスのバッファ オーバーランによりコードが実行される (824146)
Posted: 2003/09/10
824146
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB824146-x86-JPN.EXE
824146
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB824146-x86-JPN.exe
824146
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB824146-x86-JPN.EXE
824146
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB824146-x86-JPN.EXE
824146
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB824146-x86-JPN.exe
824146
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB824146-x86-JPN.exe
824146
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB824146-x86-JPN.EXE
MS03-040 - Internet Explorer 用の累積的な修正プログラム (828750)
Posted: 2003/10/03
828750
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q828750.exe
828750
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP4
Patch: q828750.EXE
828750
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q828750.exe
828750
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q828750.Exe
828750
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Windows 2000 Service Pack 3
Patch: Q828750.EXe
828750
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB828750-x86-JPN.exe
MS03-041 - Authenticode の検証の問題により、コードが実行される (823182)
Posted: 2003/10/15
823182
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB823182-x86-JPN.EXE
823182
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB823182-x86-JPN.exe
823182
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
Patch: Windows2000-KB823182-x86-JPN-CustomServicePackSupport.EXE
823182
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB823182-x86-JPN.exe
823182
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB823182-x86-JPN.exe
823182
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB823182-x86-JPN.exe
823182
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB823182-x86-JPN.exe
823182
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB823182-x86-JPN.Exe
MS03-042 - Windows トラブルシュータ ActiveX コントロールのバッファ オーバーフローにより、コードが実行される (826232)
Posted: 2003/10/15
826232
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB826232-x86-JPN.exe
826232
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
Patch: Windows2000-KB826232-x86-JPN-CustomServicePackSupport.EXE
MS03-043 - メッセンジャ サービスのバッファ オーバーランにより、コードが実行される (828035)
Posted: 2003/10/15
828035
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB828035-x86-JPN.exe
828035
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
Patch: Windows2000-KB828035-x86-JPN
828035
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB828035-x86-JPN.exe
828035
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB828035-x86-JPN.exe
828035
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB828035-x86-JPN.exe
828035
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB828035-x86-JPN.exe
828035
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB828035-x86-JPN.exe
828035
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB828035-x86-JPN.Exe
MS03-044 - Windows の「ヘルプとサポート」のバッファ オーバーランにより、システムが侵害される (825119)
Posted: 2003/10/15
825119
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB825119-x86-JPN.EXE
825119
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB825119-x86-JPN.exe
825119
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
Patch: Windows2000-KB825119-x86-JPN-CustomServicePackSupport.EXE
825119
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB825119-x86-JPN.exe
825119
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB825119-x86-JPN.exe
- hhttp://download.microsoft.com/download/d/c/3/dc38f361-8437-4de8-8854-924773538bb5/WindowsNT4TerminalServer-KB825119-x86-JPN.EXE
825119
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB825119-x86-JPN.exe
825119
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: WindowsXP-KB825119-x86-JPN.exe
MS03-045 - リストボックスおよびコンボボックスのコントロールのバッファオーバーランにより、コードが実行される (824141)
Posted: 2003/10/15
824141
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB824141-x86-JPN.EXE
824141
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB824141-x86-JPN.exe
824141
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Server
- Windows 2000 Service Pack 2
Patch: Windows2000-KB824141-x86-JPN-CustomServicePackSupport.EXE
824141
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB824141-x86-JPN.exe
824141
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB824141-x86-JPN.exe
824141
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB824141-x86-JPN.exe
824141
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB824141-x86-JPN.exe
824141
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB824141-x86-JPN.Exe
MS03-046 - Exchange Server の脆弱性により、任意のコードが実行される (822363)
Posted: 2003/10/15
829436
Affected Products:
- Exchange 2000 Enterprise Server
- Exchange 2000 SP3
- Exchange 2000 Server
- Exchange 2000 SP3
Patch: Exchange2000-KB829436-x86-jpn.exe
829436
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Exchange5.5-KB829436-x86-jpn.exe
829436
Affected Products:
- Exchange Server 5.0
- Exchange Server 5.0 SP1
- Exchange Server 5.0 SP2
Patch: Exchange5.0-KB829436
- n/a
MS03-047 - Exchange Server 5.5 Outlook Web Access の脆弱性により、クロスサイト スクリプティングの攻撃が実行される (828489)
Posted: 2003/10/15
828489
Affected Products:
- Exchange Server 5.5
- Exchange Server 5.5 SP4
Patch: Exchange5.5-KB828489-x86-jpn.exe
MS03-048 - Internet Explorer 用の累積的なセキュリティ更新 (824145)
Posted: 2003/11/20
824145
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Windows 2000 Service Pack 3
Patch: q824145.exe
824145
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP4
Patch: q824145.exE
824145
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: q824145.eXe
824145
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: q824145.eXE
824145
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q824145.Exe
824145
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: q824145.ExE
824145
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB824145-x86-JPN
MS03-049 - Workstation サービスのバッファ オーバーランにより、コードが実行される (828749)
Posted: 2003/11/20
828749
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB828749-x86-JPN.exe
828035
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB828035-x86-JPN.exe
828035
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB828035-x86-JPN.Exe
MS03-050 - Microsoft Word および Microsoft Excel の脆弱性により、任意のコードが実行される (831527)
Posted: 2003/11/20
831527
Affected Products:
- Excel 2000
- Office 2000 Service Pack 3
Patch: MS03-050-1
- n/a
831527
Affected Products:
- Excel 2002
- Office XP SP2
Patch: MS03-050-2
- n/a
831527
Affected Products:
- Excel 97
- Office 97 SR-2/SR-2b
Patch: MS03-050-3
- n/a
831527
Affected Products:
- Word 2000
- Office 2000 Service Pack 3
Patch: MS03-050-4
- n/a
831527
Affected Products:
- Word 2002
- Office XP SP2
Patch: MS03-050-5
- n/a
831527
Affected Products:
- Word 97
- Office 97 SR-2/SR-2b
Patch: MS03-050-6
- n/a
831527
Affected Products:
- Works 2001
- Works 2001 Gold
Patch: MS03-050-7
- n/a
831527
Affected Products:
- Works 2002
- Works 2002 Gold
Patch: MS03-050-8
- n/a
831527
Affected Products:
- Works 2003
- Works 2003 Gold
Patch: MS03-050-9
- n/a
MS03-051 - Microsoft FrontPage Server Extensions のバッファ オーバーランにより、コードが実行される (813360)
Posted: 2003/11/20
813360
Affected Products:
- FrontPage 2000 Server Extensions
- FrontPage 2000 Server Extensions Gold
Patch: MS03-051-1
- n/a
813360
Affected Products:
- FrontPage Server Extensions 2002
- FrontPage Server Extensions 2002 Gold
Patch: MS03-051-2
- n/a
813360
Affected Products:
- SharePoint Team Services 2002
- SharePoint Team Services 2002 Gold
Patch: MS03-051-3
- n/a
813360
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: MS03-051-4
- n/a
813360
Affected Products:
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: MS03-051-5
- n/a
813360
Affected Products:
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: MS03-051-6
- n/a
813360
Affected Products:
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
Patch: MS03-051-7
- n/a
813360
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
Patch: MS03-051-8
- n/a
813360
Affected Products:
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: MS03-051-9
- n/a
MS04-001 - Microsoft Internet Security and Acceleration Server 2000 H.323 フィルタの脆弱性により、リモートでコードが実行される (816458)
Posted: 2004/01/13
816458
Affected Products:
- ISA Server 2000
- ISA Server 2000 SP1
- Small Business Server 2000
- Small Business Server 2000 Gold
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
Patch: ISA2000-KB816458-x86.exe
MS04-002 - Exchange Server 2003 の脆弱性により、権限が昇格する (832759)
Posted: 2004/01/13
832759
Affected Products:
- Exchange Server 2003
- Exchange Server 2003 Gold
Patch: Exchange2003-KB832759-x86-jpn.exe
MS04-003 - MDAC 機能のバッファ オーバーランにより、コードが実行される (832483)
Posted: 2004/01/13
832483
Affected Products:
- MDAC 2.5
- MDAC 2.5 SP2
Patch: MDAC252.832483
832483
Affected Products:
- MDAC 2.5
- MDAC 2.5 SP3
Patch: MDAC253.832483
832483
Affected Products:
- MDAC 2.6
- MDAC 2.6 SP2
Patch: MDAC262.832483
832483
Affected Products:
- MDAC 2.7
- MDAC 2.7 Gold
Patch: MDAC270.832483
832483
Affected Products:
- MDAC 2.7
- MDAC 2.7 SP1
Patch: MDAC271.832483
832483
Affected Products:
- MDAC 2.8
- MDAC 2.8 Gold
Patch: MDAC280.832483
MS04-004 - Internet Explorer 用の累積的なセキュリティ修正プログラム (832894)
Posted: 2004/02/02
832894
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP2
Patch: q832894.exe
832894
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP3
- Windows 2000 Service Pack 3
Patch: Q832894.exe
832894
Affected Products:
- Internet Explorer 5.01
- Internet Explorer 5.01 SP4
Patch: Q832894.exE
832894
Affected Products:
- Internet Explorer 5.5
- Internet Explorer 5.5 SP2
Patch: Q832894.eXe
832894
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 Gold
Patch: Q832894.eXE
832894
Affected Products:
- Internet Explorer 6
- Internet Explorer 6 SP1
Patch: Q832894.Exe
832894
Affected Products:
- Internet Explorer 6.0 for Windows Server 2003
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB832894-x86-JPN
MS04-005 - Virtual PC for Mac の脆弱性により、権限が昇格する (835150)
Posted: 2004/02/10
835150
Affected Products:
- Microsoft Virtual PC for Mac 6.0
- Microsoft Virtual PC for Mac 6.0 Gold
Patch: MS04-005-1
- n/a
835150
Affected Products:
- Microsoft Virtual PC for Mac 6.01
- Microsoft Virtual PC for Mac 6.01 Gold
Patch: MS04-005-2
- n/a
835150
Affected Products:
- Microsoft Virtual PC for Mac 6.02
- Microsoft Virtual PC for Mac 6.02 Gold
Patch: MS04-005-3
- n/a
835150
Affected Products:
- Microsoft Virtual PC for Mac 6.1
- Microsoft Virtual PC for Mac 6.1 Gold
Patch: MS04-005-4
- n/a
MS04-006 - Windows インターネット ネーム サービス (WINS) の脆弱性により、コードが実行される (830352)
Posted: 2004/02/10
830352
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB830352-x86-JPN.EXE
830352
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB830352-x86-JPN.EXE
830352
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB830352-x86-JPN
830352
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WS03-830352
MS04-007 - ASN .1 の脆弱性により、コードが実行される (828028)
Posted: 2004/02/10
828028
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB828028-x86-JPN
828028
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB828028-x86-JPN
828028
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB828028-x86-JPN.EXE
828028
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB828028-x86-JPN
828028
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB828028-x86-JPN
828028
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB828028-x86-JPn
828028
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB828028-x86-JPN
MS04-008 - Windows Media サービスの脆弱性により、サービス拒否が起こる (832359)
Posted: 2004/03/09
832359
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: WindowsMedia41-KB832359-JPN.exe
MS04-009 - Outlook の脆弱性により、コードが実行される (828040)
Posted: 2004/03/09
828040
Affected Products:
- Outlook 2002
- Office XP SP2
- Office XP
- Office XP SP2
Patch: OXP828040
MS04-010 - MSN Messenger の脆弱性により、情報が漏えいする (838512)
Posted: 2004/03/09
838512
Affected Products:
- MSN Messenger
- MSN Messenger Gold
Patch: MSNM838512
MS04-011 - Microsoft Windows のセキュリティ修正プログラム (835732)
Posted: 2004/04/13
835732
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB835732-x86-JPN
835732
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB835732-x86-JPN
835732
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB835732-x86-JPN
835732
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB835732-x86-JPN
835732
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB835732-x86-JPN
835732
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB835732-x86-JPn
835732
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB835732-x86-JPN
MS04-012 - Microsoft RPC/DCOM 用の累積的な修正プログラム (828741)
Posted: 2004/04/13
828741
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Workstation-KB828741-x86-JPN.EXE
828741
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: WindowsNT4Server-KB828741-x86-JPN.EXE
828741
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: WindowsNT4TerminalServer-KB828741-x86-JPN.EXE
828741
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB828741-x86-JPN
828741
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB828741-x86-JPN
828741
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB828741-x86-JPn
828741
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB828741-x86-JPN
MS04-013 - Outlook Express 用の累積的な修正プログラム (837009)
Posted: 2004/04/13
837009
Affected Products:
- Outlook Express 5.5
- Internet Explorer 5.5 SP2
Patch: OE55837009
837009
Affected Products:
- Outlook Express 6.0
- Internet Explorer 6 Gold
Patch: OE60837009
837009
Affected Products:
- Outlook Express 6.0
- Internet Explorer 6 SP1
Patch: OE61837009
837009
Affected Products:
- Outlook Express 6 on Windows Server 2003
- Windows Server 2003 Gold
Patch: OE6WS03837009
MS04-014 - Microsoft Jet データベース エンジンの脆弱性によりコードが実行される (837001)
Posted: 2004/04/13
837001
Affected Products:
- Windows NT Workstation 4.0
- Windows NT4 Service Pack 6a
Patch: Jet40-KB837001-JPN
837001
Affected Products:
- Windows NT Server 4.0
- Windows NT4 Service Pack 6a
- Windows NT Server 4.0, Enterprise Edition
- Windows NT4 Service Pack 6a
Patch: Jet40-KB837001-JPn
837001
Affected Products:
- Windows NT Server 4.0, Terminal Server Edition
- Windows NT4 Terminal Server Service Pack 6
Patch: Jet40-KB837001-Jpn
837001
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB837001-x86-JPN
837001
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB837001-x86-JPN
837001
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB837001-x86-JPn
837001
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB837001-x86-JPN
MS04-015 - 「ヘルプとサポート センター」の脆弱性により、リモートでコードが実行される (840374)
Posted: 2004/05/11
840374
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB840374-x86-JPN
840374
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Professional
- Windows XP Gold
Patch: WindowsXP-KB840374-x86-JPN
840374
Affected Products:
- Windows XP Home Edition
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Service Pack 1
Patch: WindowsXP-KB840374-x86-JPn
MS04-016 - DirectPlay の脆弱性により、サービス拒否が起こる (839643)
Posted: 2004/06/08
839643
Affected Products:
- Windows 98
- Windows 98 Gold
- Windows 98 SP1
- Windows 98 SE
- Windows 98 Gold
- Windows Me
- Windows Me Gold
Patch: DirectX9-KB839643-x86-ENU.exe
839643
Affected Products:
- Windows 2000 Advanced Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Datacenter Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Professional
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
- Windows 2000 Server
- Windows 2000 Service Pack 2
- Windows 2000 Service Pack 3
- Windows 2000 Service Pack 4
Patch: Windows2000-KB839643-x86-JPN.exe
839643
Affected Products:
- Windows XP Home Edition
- Windows XP Gold
- Windows XP Service Pack 1
- Windows XP Professional
- Windows XP Gold
- Windows XP Service Pack 1
Patch: WindowsXP-KB839643-x86-JPN.exe
839643
Affected Products:
- Windows Server 2003 for Small Business Server
- Windows Server 2003 Gold
- Windows Server 2003, Datacenter Edition
- Windows Server 2003 Gold
- Windows Server 2003, Enterprise Edition
- Windows Server 2003 Gold
- Windows Server 2003, Standard Edition
- Windows Server 2003 Gold
- Windows Server 2003, Web Edition
- Windows Server 2003 Gold
Patch: WindowsServer2003-KB839643-x86-JPN.exe
MS04-017 - Crystal Reports Web Form Viewer の脆弱性により、情報の漏えいおよびサービス拒否が起こる (842689)
Posted: 2004/06/08
842689
Affected Products:
- Microsoft Business Solutions CRM
- Microsoft Business Solutions CRM Gold
Patch: CRM-KB842689-x86-JPN
