Available Service Pack

2003/06/26 Windows 2000 Service Pack 4
2002/08/01 Windows 2000 Service Pack 3
2003/12/03 Windows 2000 Service Pack 2
2003/12/03 Windows 2000 Service Pack 1

Bulletins and Patches

MBSA12 : MBSA 1.2.1 will EXPIRE on October 9, 2007 - Upgrade Required: Date Posted - 2007/05/14; Date Revised - 2007/05/14; MBSA 1.2.1 and the MSSecure.XML catalog will EXPIRE on October 9, 2007. Please see the MBSA Home Page (www.microsoft.com/mbsa) for details and to upgrade to the latest version of MBSA.
MS07-058 : Vulnerability in RPC Could Allow Denial of Service (933729): Date Posted - 2007/10/09; Date Revised - 2007/10/09; This update resolves a newly discovered privately reported vulnerability. A denial of service vulnerability exists in the remote procedure call (RPC) facility due to a failure in communicating with the NTLM security provider when performing authentication of RPC requests. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
MS07-055 : Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810): Date Posted - 2007/10/09; Date Revised - 2007/10/09; This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the way that the Kodak Image Viewer, formerly know as Wang Image Viewer, handles specifically crafted images files. This vulnerability could allow an attacker remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS07-051 : Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827): Date Posted - 2007/09/11; Date Revised - 2007/09/11; This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Agent in the way that it handles certain specially crafted URLs. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS07-046 : Vulnerability in GDI Could Allow Remote Code Execution (938829): Date Posted - 2007/08/14; Date Revised - 2007/08/14; This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the Graphics Rendering Engine because of the way that it handles specially crafted images. An attacker could exploit the vulnerability by constructing a specially crafted image that could potentially allow remote code execution if a user opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
MS07-043 : Vulnerability in OLE Automation Could Allow Remote Code Execution (921503): Date Posted - 2007/08/14; Date Revised - 2007/08/14; This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page. The vulnerability could be exploited through attacks on Object Linking and Embedding (OLE). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.This is a critical security update for all supported editions of Windows 2000, Windows XP, Windows 2003, Office 2004 for Mac, and Visual Basic 6.
MS07-042 : Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227): Date Posted - 2007/08/14; Date Revised - 2007/08/14; This critical security update resolves a privately reported vulnerability. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. The vulnerability could be exploited through attacks on Microsoft XML Core Services. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS07-035 : Vulnerability in Win 32 API Could Allow Remote Code Execution (935839): Date Posted - 2007/06/12; Date Revised - 2007/06/12; This critical security update resolves a newly discovered, privately reported vulnerability in a Win32 API. This vulnerability could allow remote code execution or elevation of privilege if used locally. Applications that use this component of the Win32 API could be used as a vector for this vulnerability. For example, Internet Explorer uses this Win32 API function when parsing specially crafted Web pages.
MS07-031 : Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840): Date Posted - 2007/06/12; Date Revised - 2007/06/12; This critical security update resolves a newly discovered, privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. However, attempts to exploit this vulnerability would most likely result in Internet Explorer exiting. The system would not be able to connect to Web sites using SSL or TLS until a restart of the system.
MS07-022 : Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784): Date Posted - 2007/04/10; Date Revised - 2007/04/10; This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS07-021 : Vulnerability in CSRSS Could Allow Remote Code Execution (930178): Date Posted - 2007/04/10; Date Revised - 2007/04/10; This update resolves several newly discovered, privately and publicly disclosed vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS07-020 : Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168): Date Posted - 2007/04/10; Date Revised - 2007/04/10; This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin.
MS07-017 : Vulnerability In GDI Could Allow Remote Code Execution (925902): Date Posted - 2007/04/03; Date Revised - 2007/04/03; This update resolves several newly discovered, publicly disclosed and privately reported vulnerabilities as well as additional issues discovered through internal investigations. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS07-013 : Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118): Date Posted - 2007/02/13; Date Revised - 2007/02/13; This update addresses a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. When using vulnerable versions of Windows and/or Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS07-012 : Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667): Date Posted - 2007/02/13; Date Revised - 2007/06/12; This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Significant user interaction is required to exploit this vulnerability.
MS07-011 : Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436): Date Posted - 2007/02/13; Date Revised - 2007/02/13; This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Significant user interaction is required to exploit this vulnerability.
MS07-008 : Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843): Date Posted - 2007/02/13; Date Revised - 2007/02/13; This update resolves a newly discovered, publicly reported vulnerability as well as additional issues discovered through internal investigations. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. On vulnerable versions of Windows, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS06-078 : Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689): Date Posted - 2006/12/12; Date Revised - 2007/07/10; This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
MS06-074 : Vulnerability in SNMP Could Allow Remote Code Execution (926247): Date Posted - 2006/12/12; Date Revised - 2006/12/12; This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights
MS06-070 : Vulnerability in Workstation Service Could Allow Remote Code Execution (924270): Date Posted - 2006/11/14; Date Revised - 2006/11/14; This update resolves a newly discovered, privately reported, vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS06-068 : Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213): Date Posted - 2006/11/14; Date Revised - 2006/11/14; This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights
MS06-066 : Vulnerability in Netware Client Service Could Allow Remote Code Execution (923980): Date Posted - 2006/11/14; Date Revised - 2006/11/14; This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. The Client Service for Netware is also called the Gateway Service for NetWare on Windows 2000 Server.
MS06-063 : Vulnerability in Server Service Could Allow Denial of Service (923414): Date Posted - 2006/10/10; Date Revised - 2006/10/10; A denial of service vulnerability exists in the Server service because of the way it handles certain network messages. An attacker could exploit the vulnerability sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could cause the computer to stop responding.
MS06-061 : Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191): Date Posted - 2006/10/10; Date Revised - 2006/10/19; This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS06-057 : Vulnerability in Windows Explorer Could Allow Remote Execution (923191): Date Posted - 2006/10/10; Date Revised - 2006/10/10; This update resolves a newly discovered, publicly reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS06-053 : Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685): Date Posted - 2006/09/12; Date Revised - 2006/09/12; This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. The vulnerability could allow an attacker to gain unauthorized access to information. Note that this vulnerability would not allow an attacker to execute code to elevate their user rights directly, but it could be used to produce useful information that could be used to further compromise the affected system.
MS06-051 : Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422): Date Posted - 2006/08/08; Date Revised - 2006/08/08; This update resolves newly discovered, privately reported vulnerabilities and additional issues discovered through internal investigations. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS06-050 : Vulnerability in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670): Date Posted - 2006/08/08; Date Revised - 2006/08/08; This update resolves a newly discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS06-049 : Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958): Date Posted - 2006/08/08; Date Revised - 2006/09/26; This update resolves newly discovered, publicly and privately reported vulnerabilities and additional issues discovered through internal investigations. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS06-046 : Vulnerability in HTML Help Could Allow Remote Code Execution (922616): Date Posted - 2006/08/08; Date Revised - 2006/08/08; This update resolves a newly discovered, publicly reported vulnerability as well as additional issues discovered through internal investigations. The privately reported vulnerability is documented in the "Vulnerability Details" section of this bulletin. On vulnerable versions of Windows, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS06-045 : Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398): Date Posted - 2006/08/08; Date Revised - 2006/08/08; This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS06-044 : Vulnerability in Management Console Could Allow Remote Code Execution (917008): Date Posted - 2006/08/08; Date Revised - 2006/08/08; This update resolves a newly discovered, privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights
MS06-041 : Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683): Date Posted - 2006/08/08; Date Revised - 2006/08/08; This update resolves several newly discovered, privately reported, vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS06-040 : Vulnerability in Server Service Could Allow Remote Code Execution (921883): Date Posted - 2006/08/08; Date Revised - 2006/09/12; This update resolves a publicly disclosed vulnerability as well as additional issues discovered through internal investigations. An attacker who successfully exploited the vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS06-036 : Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388): Date Posted - 2006/07/11; Date Revised - 2006/07/11; This update resolves a newly discovered, privately reported vulnerability.There is a remote code execution vulnerability in the DHCP Client Service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
MS06-035 : Vulnerability in Server Service Could Allow Remote Code Execution (917159): Date Posted - 2006/07/11; Date Revised - 2006/07/11; This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. We recommend that customers apply the update immediately.
MS06-032 : Vulnerability in TCP/IP Could Allow Remote Code Execution (917953): Date Posted - 2006/06/13; Date Revised - 2006/05/13; This update resolves a privately reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights
MS06-031 : Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736): Date Posted - 2006/06/13; Date Revised - 2006/06/13; This update resolves a newly discovered, privately reported vulnerability. vulnerability could enable an attacker to spoof trusted network resource. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
MS06-030 : Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389): Date Posted - 2006/06/13; Date Revised - 2006/06/13; This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
MS06-025 : Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280): Date Posted - 2006/06/13; Date Revised - 2006/06/27; This update resolves several newly discovered, privately reported vulnerability. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
MS06-018 : Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580): Date Posted - 2006/05/09; Date Revised - 2006/05/09; This update resolves several newly-discovered, privately reported vulnerabilities. A denial of service vulnerability exists that could allow an attacker to send a specially crafted network message to an affected system. An attacker could cause the Microsoft Distributed Transaction Coordinator (MSDTC) to stop responding. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests..
MS06-015 : Vulnerability in Windows Explorer Could Lead to Remote Code Execution (908531): Date Posted - 2006/04/11; Date Revised - 2006/04/25; This update resolves several newly-discovered, [privately reported] [public] vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS06-014 : Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562): Date Posted - 2006/04/11; Date Revised - 2006/04/11; This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS06-006 : Vulnerability in Windows Media Player Plugin Could Allow Remote Code Execution (911564): Date Posted - 2006/02/14; Date Revised - 2006/02/14; This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS06-002 : Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519): Date Posted - 2006/01/10; Date Revised - 2006/01/10; This update resolves a newly-discovered, privately-reported vulnerability. An attacker who successfully exploited this vulnerability could take control of an affected system. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS06-001 : Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919): Date Posted - 2006/01/05; Date Revised - 2006/01/05; This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. Note This vulnerability is currently being exploited and was previously discussed by Microsoft in Microsoft Security Advisory 912840. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS05-055 : Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (908523): Date Posted - 2005/12/13; Date Revised - 2005/12/13; This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-053 : Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424): Date Posted - 2005/11/08; Date Revised - 2005/11/08; This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-051 : Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400): Date Posted - 2005/10/11; Date Revised - 2005/10/11; This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-050 : Vulnerability in DirectShow Could Allow Remote Code Execution (904706): Date Posted - 2005/10/11; Date Revised - 2005/12/13; This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS05-049 : Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725): Date Posted - 2005/10/11; Date Revised - 2005/10/11; This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. However, user interaction is required to exploit this vulnerability
MS05-048 : Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution (907245): Date Posted - 2005/10/11; Date Revised - 2005/10/11; This update resolves a newly-discovered, privately-reported vulnerability that could allow an attacker to run arbitrary code on the system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-047 : Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege (905749): Date Posted - 2005/10/11; Date Revised - 2005/10/11; This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an authenticated attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.
MS05-046 : Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution (899589): Date Posted - 2005/10/11; Date Revised - 2005/10/11; This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Client Service for NetWare (CSNW). By default, CSNW is not installed on any affected operating system version. Only customers who manually installed CSNW could be vulnerable to this issue. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. This service is also called Gateway Service for NetWare on Windows 2000 Server. An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-045 : Vulnerability in Network Connection Manager Could Allow Denial of Service (905414): Date Posted - 2005/10/11; Date Revised - 2005/10/11; This update resolves a newly-discovered, public vulnerability. A vulnerability in Network Connection Manager could allow a denial of service on the affected platforms against the Network Connection Manager. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited this vulnerability could cause the component responsible for managing network and remote access connections to stop responding. If the affected component is stopped due to an attack, it will automatically restart when new requests are received.
MS05-044 : Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495): Date Posted - 2005/10/11; Date Revised - 2005/10/11; This update resolves a newly-discovered, public vulnerability. A vulnerability exists in the Windows FTP client because of the way it handles filename validation. This vulnerability could allow tampering with the file transfer location on the client during an FTP file transfer session. The vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin.
MS05-043 : Vulnerability in the Print Spooler Service Could Allow Remote Code Execution (896423): Date Posted - 2005/08/09; Date Revised - 2005/08/09; This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exists in the Print Spooler service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-042 : Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587): Date Posted - 2005/08/09; Date Revised - 2005/08/09; This update resolves two newly-discovered vulnerabilities, a privately reported vulnerability and a publicly reported vulnerability. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could cause the service responsible for authenticating users in an Active Directory domain to stop responding.
MS05-040 : Vulnerability in Windows Telephony Service Could Allow Remote Code Execution (893756): Date Posted - 2005/08/09; Date Revised - 2005/08/09; This update resolves a newly-discovered, privately-reported vulnerability. A vulnerability exits in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-039 : Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588): Date Posted - 2005/08/09; Date Revised - 2005/08/09; This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
MS05-036 : Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214): Date Posted - 2005/07/12; Date Revised - 2005/07/12; This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. A remote code execution vulnerability exists in the Microsoft Color Management Module because of the way that it handles ICC profile format tag validation. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS05-032 : Vulnerability in Microsoft Agent Could Allow Spoofing (890046): Date Posted - 2005/06/14; Date Revised - 2005/08/09; This update resolves a newly-discovered, privately-reported vulnerability. This vulnerability could enable an attacker to spoof trusted Internet content. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
MS05-027 : Vulnerability in Server Message Block Could Allow Remote Code Execution (896422): Date Posted - 2005/06/14; Date Revised - 2005/06/14; This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Server Message Block (SMB) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-027 : Vulnerability in Server Message Block Could Allow Remote Code Execution (896422): Date Posted - 2005/06/14; Date Revised - 2005/06/14; This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Server Message Block (SMB) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-026 : Vulnerability in HTML Help Could Allow Remote Code Execution (896358): Date Posted - 2005/06/14; Date Revised - 2005/06/14; This update resolves a newly-discovered, privately-reported vulnerability. . A vulnerability exists in HTML Help that could allow remote code execution on an affected system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. However, user interaction is required to exploit this vulnerability.
MS05-026 : Vulnerability in HTML Help Could Allow Remote Code Execution (896358): Date Posted - 2005/06/14; Date Revised - 2005/06/14; This update resolves a newly-discovered, privately-reported vulnerability. . A vulnerability exists in HTML Help that could allow remote code execution on an affected system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. However, user interaction is required to exploit this vulnerability.
MS05-024 : Vulnerability in Web View Could Allow Remote Code Execution (894320): Date Posted - 2005/05/10; Date Revised - 2005/05/10; This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the way that Web View within Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS05-024 : Vulnerability in Web View Could Allow Remote Code Execution (894320): Date Posted - 2005/05/10; Date Revised - 2005/05/10; This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the way that Web View within Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS05-019 : Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066): Date Posted - 2005/04/12; Date Revised - 2005/06/14; This update resolves several newly-discovered, privately-reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could install then programs; view, change, or delete data; or create new accounts with full user rights. However, an attacker who successfully exploited the most severe of these vulnerabilities would most likely cause the affected system to stop responding.
MS05-019 : Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066): Date Posted - 2005/04/12; Date Revised - 2005/06/14; This update resolves several newly-discovered, privately-reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could install then programs; view, change, or delete data; or create new accounts with full user rights. However, an attacker who successfully exploited the most severe of these vulnerabilities would most likely cause the affected system to stop responding.
MS05-018 : Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859): Date Posted - 2005/04/12; Date Revised - 2005/04/12; This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-017 : Vulnerability in Message Queuing Could Allow Code Execution (892944): Date Posted - 2005/04/12; Date Revised - 2005/04/12; This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in the Message Queuing component. By default, the Message Queuing component is not installed on any affected operating system version. Only customers who manually installed the Message Queuing component could be vulnerable to this issue. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-016 : Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086): Date Posted - 2005/04/12; Date Revised - 2005/04/12; This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS05-016 : Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086): Date Posted - 2005/04/12; Date Revised - 2005/04/12; This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS05-015 : Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113): Date Posted - 2005/02/08; Date Revised - 2005/02/08; This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS05-013 : Vulnerability in the DHTML Editing ActiveX Control could allow code execution (891781): Date Posted - 2005/02/08; Date Revised - 2005/02/08; This update resolves a newly-discovered, public vulnerability. A vulnerability exists in the DHTML Editing ActiveX control that could allow Information Disclosure or, at worst remote code execution on an affected system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS05-012 : Vulnerability in OLE and COM Could Allow Remote Code Execution (873333): Date Posted - 2005/02/08; Date Revised - 2005/02/08; This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could install then programs; view, change, or delete data; or create new accounts with full user rights.
MS05-012 : Vulnerability in OLE and COM Could Allow Remote Code Execution (873333): Date Posted - 2005/02/08; Date Revised - 2005/02/08; This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could install then programs; view, change, or delete data; or create new accounts with full user rights.
MS05-011 : Vulnerability in Server Message Block Could Allow Remote Code Execution (885250): Date Posted - 2005/02/08; Date Revised - 2005/02/08; This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-011 : Vulnerability in Server Message Block Could Allow Remote Code Execution (885250): Date Posted - 2005/02/08; Date Revised - 2005/02/08; This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS05-009 : Vulnerability in PNG Processing Could Lead to Buffer Overrun (890261): Date Posted - 2005/02/08; Date Revised - 2005/04/12; This update resolves a newly-discovered, public vulnerability. A buffer overrun vulnerability exists in the processing of PNG image formats that could allow remote code execution on an affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
MS05-008 : Vulnerabilty in Windows Shell Could Allow Remote Code Execution (890047): Date Posted - 2005/02/08; Date Revised - 2005/02/08; This update resolves a newly-discovered vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS05-008 : Vulnerabilty in Windows Shell Could Allow Remote Code Execution (890047): Date Posted - 2005/02/08; Date Revised - 2005/02/08; This update resolves a newly-discovered vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS05-003 : Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250): Date Posted - 2005/01/11; Date Revised - 2005/01/11; This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could install programs; view, change, or delete data; or create new accounts with full privileges. While remote code execution is possible, an attack would most likely result in a denial of service condition.
MS05-002 : Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711): Date Posted - 2005/01/11; Date Revised - 2005/04/12; This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
MS05-001 : Vulnerability in HTML Help Could Allow Code Execution (890175): Date Posted - 2005/01/11; Date Revised - 2005/01/11; This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system. This vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.
MS04-044 : Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835): Date Posted - 2004/12/14; Date Revised - 2004/12/14; This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
MS04-043 : Vulnerability in HyperTerminal Could Allow Code Execution (873339): Date Posted - 2004/12/14; Date Revised - 2004/12/14; This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit this vulnerability.
MS04-041 : Vulnerability in WordPad Could Allow Code Execution (885836): Date Posted - 2004/12/14; Date Revised - 2004/12/14; This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit this vulnerability.
MS04-037 : Vulnerability in Windows Shell Could Allow Remote Code Execution (841356): Date Posted - 2004/10/12; Date Revised - 2004/10/12; This update resolves several newly-discovered, public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit these vulnerabilities.
MS04-032 : Security Update for Microsoft Windows (840987): Date Posted - 2004/10/12; Date Revised - 2004/10/12; This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
MS04-031 : Vulnerability in NetDDE Could Allow Remote Code Execution (841533): Date Posted - 2004/10/12; Date Revised - 2004/10/12; This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Network Dynamic Data Exchange (NetDDE) services because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. However, the NetDDE services are not started by default and would have to be manually started, or started by an application that requires NetDDE, for an attacker to attempt to remotely exploit this vulnerability.
MS04-024 : Vulnerability in Windows Shell Could Allow Remote Code Execution (839645): Date Posted - 2004/07/13; Date Revised - 2004/07/13; This update resolves a newly-discovered, publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows Shell launches applications. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, significant user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
MS04-024 : Vulnerability in Windows Shell Could Allow Remote Code Execution (839645): Date Posted - 2004/07/13; Date Revised - 2004/07/13; This update resolves a newly-discovered, publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows Shell launches applications. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, significant user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
MS04-024 : Vulnerability in Windows Shell Could Allow Remote Code Execution (839645): Date Posted - 2004/07/13; Date Revised - 2004/07/13; This update resolves a newly-discovered, publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows Shell launches applications. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, significant user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
MS04-023 : Vulnerability in HTML Help Could Allow Code Execution (840315): Date Posted - 2004/07/13; Date Revised - 2004/07/13; This update resolves two newly-discovered vulnerabilities. The HTML Help vulnerability was privately reported and the showHelp vulnerability is public. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
MS04-023 : Vulnerability in HTML Help Could Allow Code Execution (840315): Date Posted - 2004/07/13; Date Revised - 2004/07/13; This update resolves two newly-discovered vulnerabilities. The HTML Help vulnerability was privately reported and the showHelp vulnerability is public. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
MS04-023 : Vulnerability in HTML Help Could Allow Code Execution (840315): Date Posted - 2004/07/13; Date Revised - 2004/07/13; This update resolves two newly-discovered vulnerabilities. The HTML Help vulnerability was privately reported and the showHelp vulnerability is public. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
MS04-022 : Vulnerability in Task Scheduler Could Allow Code Execution (841873): Date Posted - 2004/07/13; Date Revised - 2004/07/13; This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Task Scheduler because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
MS04-020 : Vulnerability in POSIX Could Allow Code Execution (841872): Date Posted - 2004/07/13; Date Revised - 2004/08/10; This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the POSIX operating system component (subsystem). The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
MS04-019 : Vulnerability in Utility Manager Could Allow Code Execution (842526): Date Posted - 2004/07/13; Date Revised - 2004/07/13; This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the way that Utility Manager launches applications. A logged-on user could force Utility Manager to start an application with system privileges and could take complete control of the system. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
MS04-016 : Vulnerability in DirectPlay Could Allow Denial of Service (839643): Date Posted - 2004/06/08; Date Revised - 2004/06/08; This update resolves a newly-discovered, privately reported vulnerability. A denial of service vulnerability exists in the implementation of the IDirectPlay4 application programming interface (API) of Microsoft DirectPlay because of a lack of robust packet validation. The vulnerability is documented in the Vulnerability Details section of this bulletin.
MS04-014 : Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001): Date Posted - 2004/04/13; Date Revised - 2004/05/11; A buffer overrun vulnerability exists in the Microsoft Jet Database Engine (Jet) that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.
MS04-012 : Cumulative Update for Microsoft RPC/DCOM (828741): Date Posted - 2004/04/13; Date Revised - 2004/04/13; This update resolves several newly-discovered vulnerabilities in RPC/DCOM. Each is documented in this bulletin in its own section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of the affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
MS04-012 : Cumulative Update for Microsoft RPC/DCOM (828741): Date Posted - 2004/04/13; Date Revised - 2004/04/13; This update resolves several newly-discovered vulnerabilities in RPC/DCOM. Each is documented in this bulletin in its own section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of the affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
MS04-012 : Cumulative Update for Microsoft RPC/DCOM (828741): Date Posted - 2004/04/13; Date Revised - 2004/04/13; This update resolves several newly-discovered vulnerabilities in RPC/DCOM. Each is documented in this bulletin in its own section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of the affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
MS04-011 : Security Update for Microsoft Windows (835732): Date Posted - 2004/04/13; Date Revised - 2004/06/15; This update resolves several newly-discovered vulnerabilities. Each vulnerability is documented in this bulletin in its own section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
MS04-007 : ASN .1 Vulnerability Could Allow Code Execution (828028): Date Posted - 2004/02/10; Date Revised - 2004/02/10; A security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow. An attacker who successfully exploited this buffer overflow vulnerability could execute code with System privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. Abstract Syntax Notation 1 (ASN.1) is a data standard used by many applications and devices in the technology industry for allowing the normalization and understanding of data across various platforms. More information about ASN.1 can be found in Microsoft Knowledge Base Article 252648.
MS03-051 : Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360): Date Posted - 2003/11/20; Date Revised - 2003/11/20; This bulletin addresses two new security vulnerabilities in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to run arbitrary code on a user's system. The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with IWAM_machinename account privileges on an affected system, or could cause FrontPage Server Extensions to fail. The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.
MS03-049 : Buffer Overrun in the Workstation Service Could Allow Code Execution (828749): Date Posted - 2003/11/20; Date Revised - 2003/11/20; A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.
MS03-045 : Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141): Date Posted - 2003/10/15; Date Revised - 2003/10/15; A vulnerability results because the ListBox control and the ComboBox control both call a function, which is located in the User32.dll file, that contains a buffer overrun. The function does not correctly validate the parameters that are sent from a specially-crafted Windows message. Windows messages provide a way for interactive processes to react to user events (for example, keystrokes or mouse movements) and to communicate with other interactive processes. A security vulnerability exists because the function that provides the list of accessibility options to the user does not correctly validate Windows messages that are sent to it. One process in the interactive desktop could use a specific Windows message to cause the ListBox control or the ComboBox control to execute arbitrary code. Any program that implements the ListBox control or the ComboBox control could allow code to be executed at an elevated level of administrative credentials, as long as the program is running at an elevated level of privileges for example, Utility Manager in Windows 2000). This could include third-party applications. An attacker who had the ability to log on to a system interactively could run a program that could send a specially-crafted Windows message to any applications that have implemented the ListBox control or the ComboBox control, causing the application to take any action an attacker specified. This could give an attacker complete control over the system by using Utility Manager in Windows 2000.
MS03-045 : Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141): Date Posted - 2003/10/15; Date Revised - 2003/10/15; A vulnerability results because the ListBox control and the ComboBox control both call a function, which is located in the User32.dll file, that contains a buffer overrun. The function does not correctly validate the parameters that are sent from a specially-crafted Windows message. Windows messages provide a way for interactive processes to react to user events (for example, keystrokes or mouse movements) and to communicate with other interactive processes. A security vulnerability exists because the function that provides the list of accessibility options to the user does not correctly validate Windows messages that are sent to it. One process in the interactive desktop could use a specific Windows message to cause the ListBox control or the ComboBox control to execute arbitrary code. Any program that implements the ListBox control or the ComboBox control could allow code to be executed at an elevated level of administrative credentials, as long as the program is running at an elevated level of privileges for example, Utility Manager in Windows 2000). This could include third-party applications. An attacker who had the ability to log on to a system interactively could run a program that could send a specially-crafted Windows message to any applications that have implemented the ListBox control or the ComboBox control, causing the application to take any action an attacker specified. This could give an attacker complete control over the system by using Utility Manager in Windows 2000.
MS03-044 : Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119): Date Posted - 2003/10/15; Date Revised - 2003/10/15; A security vulnerability exists in the Help and Support Center function which ships with Windows XP and Windows Server 2003. The affected code is also included in all other supported Windows operating systems, although no known attack vector has been identified at this time because the HCP protocol is not supported on those platforms. The vulnerability results because a file associated with the HCP protocol contains an unchecked buffer. An attacker could exploit the vulnerability by constructing a URL that, when clicked on by the user, could execute code of the attacker’s choice in the Local Computer security context. The URL could be hosted on a web page, or sent directly to the user in email. In the web based scenario, where a user then clicked on the URL hosted on a website, an attacker could have the ability to read or launch files already present on the local machine.
MS03-044 : Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119): Date Posted - 2003/10/15; Date Revised - 2003/10/15; A security vulnerability exists in the Help and Support Center function which ships with Windows XP and Windows Server 2003. The affected code is also included in all other supported Windows operating systems, although no known attack vector has been identified at this time because the HCP protocol is not supported on those platforms. The vulnerability results because a file associated with the HCP protocol contains an unchecked buffer. An attacker could exploit the vulnerability by constructing a URL that, when clicked on by the user, could execute code of the attacker’s choice in the Local Computer security context. The URL could be hosted on a web page, or sent directly to the user in email. In the web based scenario, where a user then clicked on the URL hosted on a website, an attacker could have the ability to read or launch files already present on the local machine.
MS03-044 : Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119): Date Posted - 2003/10/15; Date Revised - 2003/10/15; A security vulnerability exists in the Help and Support Center function which ships with Windows XP and Windows Server 2003. The affected code is also included in all other supported Windows operating systems, although no known attack vector has been identified at this time because the HCP protocol is not supported on those platforms. The vulnerability results because a file associated with the HCP protocol contains an unchecked buffer. An attacker could exploit the vulnerability by constructing a URL that, when clicked on by the user, could execute code of the attacker’s choice in the Local Computer security context. The URL could be hosted on a web page, or sent directly to the user in email. In the web based scenario, where a user then clicked on the URL hosted on a website, an attacker could have the ability to read or launch files already present on the local machine.
MS03-043 : Buffer Overrun in Messenger Service Could Allow Code Execution (828035): Date Posted - 2003/10/15; Date Revised - 2003/10/15; A security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system. The flaw results because the Messenger Service does not properly validate the length of a message before passing it to the allocated buffer. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. Additionally, this patch also includes a fix to correct the issue described in Microsoft Knowledge Base article 330904- Messenger Service Window That Contains an Internet Advertisement Appears
MS03-043 : Buffer Overrun in Messenger Service Could Allow Code Execution (828035): Date Posted - 2003/10/15; Date Revised - 2003/10/15; A security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system. The flaw results because the Messenger Service does not properly validate the length of a message before passing it to the allocated buffer. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. Additionally, this patch also includes a fix to correct the issue described in Microsoft Knowledge Base article 330904- Messenger Service Window That Contains an Internet Advertisement Appears
MS03-042 : Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232): Date Posted - 2003/10/15; Date Revised - 2003/10/15; A security vulnerability exists because the Microsoft Local Troubleshooter ActiveX control contain a buffer overflow that could allow an attacker to run code of their choice on a user’s system. Because this control are marked “safe for scripting”, an attacker could exploit this vulnerability by convincing a user to view a specially crafted HTML page that references this ActiveX control. The Microsoft Local Troubleshooter ActiveX control is installed as a default part of the operating system on Windows 2000. To exploit this flaw, the attacker would have to create a specially formed HTML–based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability. In the worst case, this vulnerability could allow an attacker to load malicious code onto a user's system and then to execute the code. The code would run in the context of the user. Therefore, the code is limited to any action that the legitimate user could take on the system. Any limitations on the user's account would also limit the actions of any arbitrary code that the attacker could execute.
MS03-042 : Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232): Date Posted - 2003/10/15; Date Revised - 2003/10/15; A security vulnerability exists because the Microsoft Local Troubleshooter ActiveX control contain a buffer overflow that could allow an attacker to run code of their choice on a user’s system. Because this control are marked “safe for scripting”, an attacker could exploit this vulnerability by convincing a user to view a specially crafted HTML page that references this ActiveX control. The Microsoft Local Troubleshooter ActiveX control is installed as a default part of the operating system on Windows 2000. To exploit this flaw, the attacker would have to create a specially formed HTML–based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability. In the worst case, this vulnerability could allow an attacker to load malicious code onto a user's system and then to execute the code. The code would run in the context of the user. Therefore, the code is limited to any action that the legitimate user could take on the system. Any limitations on the user's account would also limit the actions of any arbitrary code that the attacker could execute.
MS03-041 : Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182): Date Posted - 2003/10/15; Date Revised - 2003/10/15; All versions of Microsoft Windows contain support for Authenticode technology. Authenticode provides code signing capabilities that identify the publisher of a Microsoft ActiveX control. Based on this information a user can make a determination whether or not to download and install the code. By default, Authenticode prompts a user prior to the installation of an ActiveX control. Authenticode prevents ActiveX controls from installing automatically on a user’s system by presenting the user with a dialogue requiring the user to confirm that they trust the publisher of a control and that they want to install the control on their system. Only when the user clicks Yes is the ActiveX control downloaded and installed on the user’s system. There is a flaw in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with the dialogue discussed above. To exploit this vulnerability, an attacker could create a specially formed HTML e-mail and send it to the user. If the user viewed the HTML e-mail an unauthorized AcitiveX control could be installed and executed on the user’s system. Alternatively, an attacker could host a malicious Web Site that contained a Web Page designed to exploit this vulnerability. If an attacker then persuaded a user to visit that site an ActiveX control could be installed and executed on the user’s system. In both scenarios the flaw in Authenticode could allow an unauthorized ActiveX control to be installed and executed on the user’s system, with the same permissions as the user, without prompting the user for approval.
MS03-041 : Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182): Date Posted - 2003/10/15; Date Revised - 2003/10/15; All versions of Microsoft Windows contain support for Authenticode technology. Authenticode provides code signing capabilities that identify the publisher of a Microsoft ActiveX control. Based on this information a user can make a determination whether or not to download and install the code. By default, Authenticode prompts a user prior to the installation of an ActiveX control. Authenticode prevents ActiveX controls from installing automatically on a user’s system by presenting the user with a dialogue requiring the user to confirm that they trust the publisher of a control and that they want to install the control on their system. Only when the user clicks Yes is the ActiveX control downloaded and installed on the user’s system. There is a flaw in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with the dialogue discussed above. To exploit this vulnerability, an attacker could create a specially formed HTML e-mail and send it to the user. If the user viewed the HTML e-mail an unauthorized AcitiveX control could be installed and executed on the user’s system. Alternatively, an attacker could host a malicious Web Site that contained a Web Page designed to exploit this vulnerability. If an attacker then persuaded a user to visit that site an ActiveX control could be installed and executed on the user’s system. In both scenarios the flaw in Authenticode could allow an unauthorized ActiveX control to be installed and executed on the user’s system, with the same permissions as the user, without prompting the user for approval.
MS03-039 : Buffer Overrun In RPCSS Service Could Allow Code Execution (824146): Date Posted - 2003/09/10; Date Revised - 2003/09/10; The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026. Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions. There are three identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation- two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another. An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. To exploit these vulnerabilities, an attacker could create a program to send a malformed RPC message to a vulnerable system targeting the RPCSS Service. Microsoft has released a tool that can be used to scan a network for the presence of systems which have not had the MS03-039 patch installed. More details on this tool are available in Microsoft Knowledge Base article 827363. This tool supersedes the one provided in Microsoft Knowledge Base article 826369. If the tool provided in Microsoft Knowledge Base Article 826369 is used against a system which has installed the security patch provided with this bulletin, the superseded tool will incorrectly report that the system is missing the patch provided in MS03-026. Microsoft encourages customers to run the latest version of the tool available in Microsoft Knowledge Base article 827363 to determine if their systems are patched.
MS03-039 : Buffer Overrun In RPCSS Service Could Allow Code Execution (824146): Date Posted - 2003/09/10; Date Revised - 2003/09/10; The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026. Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions. There are three identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation- two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another. An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. To exploit these vulnerabilities, an attacker could create a program to send a malformed RPC message to a vulnerable system targeting the RPCSS Service. Microsoft has released a tool that can be used to scan a network for the presence of systems which have not had the MS03-039 patch installed. More details on this tool are available in Microsoft Knowledge Base article 827363. This tool supersedes the one provided in Microsoft Knowledge Base article 826369. If the tool provided in Microsoft Knowledge Base Article 826369 is used against a system which has installed the security patch provided with this bulletin, the superseded tool will incorrectly report that the system is missing the patch provided in MS03-026. Microsoft encourages customers to run the latest version of the tool available in Microsoft Knowledge Base article 827363 to determine if their systems are patched.
MS03-039 : Buffer Overrun In RPCSS Service Could Allow Code Execution (824146): Date Posted - 2003/09/10; Date Revised - 2003/09/10; The fix provided by this patch supersedes the one included in Microsoft Security Bulletin MS03-026. Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly access services on another computer. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions. There are three identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation- two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another. An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. To exploit these vulnerabilities, an attacker could create a program to send a malformed RPC message to a vulnerable system targeting the RPCSS Service. Microsoft has released a tool that can be used to scan a network for the presence of systems which have not had the MS03-039 patch installed. More details on this tool are available in Microsoft Knowledge Base article 827363. This tool supersedes the one provided in Microsoft Knowledge Base article 826369. If the tool provided in Microsoft Knowledge Base Article 826369 is used against a system which has installed the security patch provided with this bulletin, the superseded tool will incorrectly report that the system is missing the patch provided in MS03-026. Microsoft encourages customers to run the latest version of the tool available in Microsoft Knowledge Base article 827363 to determine if their systems are patched.
MS03-034 : Flaw in NetBIOS Could Lead to Information Disclosure (824105): Date Posted - 2003/09/03; Date Revised - 2003/09/03; Network basic input/output system (NetBIOS) is an application programming interface (API) that can be used by programs on a local area network (LAN). NetBIOS provides programs with a uniform set of commands for requesting the lower-level services required to manage names, conduct sessions, and send datagrams between nodes on a network. This vulnerability involves one of the NetBT (NetBIOS over TCP) services, namely, the NetBIOS Name Service (NBNS). NBNS is analogous to DNS in the TCP/IP world and it provides a way to find a systemâ€™s IP address given its NetBIOS name, or vice versa. Under certain conditions, the response to a NetBT Name Service query may, in addition to the typical reply, contain random data from the target systemâ€™s memory. This data could, for example, be a piece of HTML if the user on the target system was using an Internet browser, or it could contain other types of data that exist in memory at the time that the target system responds to the NetBT Name Service query. An attacker could seek to exploit this vulnerability by sending a NetBT Name Service query to the target system and then by examining the response to see if it includes any random data from that systemâ€™s memory. If best security practices have been followed, and port 137 UDP has been blocked at the firewall, Internet based attacks would not be possible.
MS03-030 : Unchecked Buffer in DirectX Could Enable System Compromise (819696): Date Posted - 2003/07/23; Date Revised - 2003/07/23; DirectX consists of a set of low-level Application Programming Interfaces (APIs) that are used by Windows programs for multimedia support. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation, and rendering. There are two buffer overruns with identical effects in the function used by DirectShow to check parameters in a Musical Instrument Digital Interface (MIDI) file. A security vulnerability results because it would be possible for a malicious user to attempt to exploit these flaws and execute code in the security context of the logged-on user. An attacker could seek to exploit this vulnerability by creating a specially crafted MIDI file designed to exploit this vulnerability and then host it on a Web site or on a network share, or send it by using an HTML-based e-mail. In the case where the file was hosted on a Web site or network share, the user would need to open the specially crafted file. If the file was embedded in a page the vulnerability could be exploited when a user visited the Web page. In the HTML-based e-mail case, the vulnerability could be exploited when a user opened or previewed the HTML-based e-mail. A successful attack could cause DirectShow, or an application making use of DirectShow, to fail. A successful attack could also cause an attacker's code to run on the user's computer in the security context of the user.
MS03-030 : Unchecked Buffer in DirectX Could Enable System Compromise (819696): Date Posted - 2003/07/23; Date Revised - 2003/07/23; DirectX consists of a set of low-level Application Programming Interfaces (APIs) that are used by Windows programs for multimedia support. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation, and rendering. There are two buffer overruns with identical effects in the function used by DirectShow to check parameters in a Musical Instrument Digital Interface (MIDI) file. A security vulnerability results because it would be possible for a malicious user to attempt to exploit these flaws and execute code in the security context of the logged-on user. An attacker could seek to exploit this vulnerability by creating a specially crafted MIDI file designed to exploit this vulnerability and then host it on a Web site or on a network share, or send it by using an HTML-based e-mail. In the case where the file was hosted on a Web site or network share, the user would need to open the specially crafted file. If the file was embedded in a page the vulnerability could be exploited when a user visited the Web page. In the HTML-based e-mail case, the vulnerability could be exploited when a user opened or previewed the HTML-based e-mail. A successful attack could cause DirectShow, or an application making use of DirectShow, to fail. A successful attack could also cause an attacker's code to run on the user's computer in the security context of the user.
MS03-026 : Buffer Overrun In RPC Interface Could Allow Code Execution (823980): Date Posted - 2003/07/16; Date Revised - 2003/08/13; Microsoft originally released this bulletin and patch on July 16, 2003 to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still is effective in eliminating the security vulnerability. However, the “mitigating factors” and “workarounds” discussions in the original security bulletin did not clearly identify all of the ports by which the vulnerability could potentially be exploited. We have updated this bulletin to more clearly enumerate the ports over which RPC services can be invoked, and to ensure that customers who have chosen to implement a workaround before installing the patch have the information that they need to protect their systems. Customers who have already installed the patch are protected from attempts to exploit this vulnerability, and need take no further action. In addition, the bulletin has also been updated to include information about Windows 2000 Service Pack 2 support for this patch. Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions. There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC enabled ports. This interface handles DCOM object activation requests that are sent by client machines to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges. To exploit this vulnerability, an attacker would need to send a specially formed request to the remote computer on specific RPC ports.
MS03-026 : Buffer Overrun In RPC Interface Could Allow Code Execution (823980): Date Posted - 2003/07/16; Date Revised - 2003/08/13; Microsoft originally released this bulletin and patch on July 16, 2003 to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still is effective in eliminating the security vulnerability. However, the “mitigating factors” and “workarounds” discussions in the original security bulletin did not clearly identify all of the ports by which the vulnerability could potentially be exploited. We have updated this bulletin to more clearly enumerate the ports over which RPC services can be invoked, and to ensure that customers who have chosen to implement a workaround before installing the patch have the information that they need to protect their systems. Customers who have already installed the patch are protected from attempts to exploit this vulnerability, and need take no further action. In addition, the bulletin has also been updated to include information about Windows 2000 Service Pack 2 support for this patch. Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions. There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC enabled ports. This interface handles DCOM object activation requests that are sent by client machines to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges. To exploit this vulnerability, an attacker would need to send a specially formed request to the remote computer on specific RPC ports.
MS03-026 : Buffer Overrun In RPC Interface Could Allow Code Execution (823980): Date Posted - 2003/07/16; Date Revised - 2003/08/13; Microsoft originally released this bulletin and patch on July 16, 2003 to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still is effective in eliminating the security vulnerability. However, the “mitigating factors” and “workarounds” discussions in the original security bulletin did not clearly identify all of the ports by which the vulnerability could potentially be exploited. We have updated this bulletin to more clearly enumerate the ports over which RPC services can be invoked, and to ensure that customers who have chosen to implement a workaround before installing the patch have the information that they need to protect their systems. Customers who have already installed the patch are protected from attempts to exploit this vulnerability, and need take no further action. In addition, the bulletin has also been updated to include information about Windows 2000 Service Pack 2 support for this patch. Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions. There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on RPC enabled ports. This interface handles DCOM object activation requests that are sent by client machines to the server. An attacker who successfully exploited this vulnerability would be able to run code with Local System privileges on an affected system. The attacker would be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges. To exploit this vulnerability, an attacker would need to send a specially formed request to the remote computer on specific RPC ports.
MS03-025 : Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation (822679): Date Posted - 2003/07/09; Date Revised - 2003/07/09; Microsoft Windows 2000 contains support for Accessibility options within the operating system. Accessibility support is a series of assistive technologies within Windows that allow users with disabilities to still be able to access the functions of the operating system. Accessibility support is enabled or disabled through shortcuts built into the operating system, or through the Accessibility Utility Manager. Utility Manager is an accessibility utility that allows users to check the status of accessibility programs (Microsoft Magnifier, Narrator, On–Screen Keyboard) and to start or stop them. There is a flaw in the way that Utility Manager handles Windows messages. Windows messages provide a way for interactive processes to react to user events (for example, keystrokes or mouse movements) and communicate with other interactive processes. A security vulnerability results because the control that provides the list of accessibility options to the user does not properly validate Windows messages sent to it. It's possible for one process in the interactive desktop to use a specific Windows message to cause the Utility Manager process to execute a callback function at the address of its choice. Because the Utility Manager process runs at higher privileges than the first process, this would provide the first process with a way of exercising those higher privileges. By default, the Utility Manager contains controls that run in the interactive desktop with Local System privileges. As a result, an attacker who had the ability to log on to a system interactively could potentially run a program that could send a specially crafted Windows message upon the Utility Manager process, causing it to take any action the attacker specified. This would give the attacker complete control over the system. The attack cannot be exploited remotely, and the attacker would have to have the ability to interactively log on to the system.
MS03-024 : Buffer Overrun in Windows Could Lead to Data Corruption (817606): Date Posted - 2003/07/09; Date Revised - 2003/07/09; Server Message Block (SMB) is the Internet Standard protocol that Windows uses to share files, printers, serial ports, and to communicate between computers using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources, and servers make SMB responses in what's described as a client server request-response protocol. A flaw exists in the way that the server validates the parameters of an SMB packet. When a client system sends an SMB packet to the server system, it includes specific parameters that provide the server with a set of "instructions." In this case, the server is not properly validating the buffer length established by the packet. If the client specifies a buffer length that is less than what is needed, it can cause the buffer to be overrun.
MS03-023 : Buffer Overrun In HTML Converter Could Allow Code Execution (823559): Date Posted - 2003/07/09; Date Revised - 2003/07/09; All versions of Microsoft Windows contain support for file conversion within the operating system. This functionality allows users of Microsoft Windows to convert file formats from one to another. In particular, Microsoft Windows contains support for HTML conversion within the operating system. This functionality allows users to view, import, or save files as HTML. There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut and paste operation. This flaw causes a security vulnerability to exist. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged in user. Since this functionality is used by Internet Explorer, an attacker could craft a specially formed web page or HTML email that would cause the HTML converter to run arbitrary code on a user's system. A user simply visiting an attacker’s website could allow the attacker to exploit the vulnerability without any other user action. In order to exploit this vulnerability, the attacker would have to create a specially-formed HTML email and send it to the user. Alternatively, an attacker would have to host a malicious web site that contained a web page designed to exploit these vulnerabilities. The attacker would then have to persuade a user to visit that site.
MS03-013 : Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493): Date Posted - 2003/04/16; Date Revised - 2003/05/28; The Windows kernel is the core of the operating system. It provides system level services such as device and memory management, allocates processor time to processes and manages error handling. There is a flaw in the way the kernel passes error messages to a debugger. A vulnerability results because an attacker could write a program to exploit this flaw and run code of their choice. An attacker could exploit this vulnerability to take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system. For an attack to be successful, an attacker would need to be able to logon interactively to the system, either at the console or through a terminal session. Also, a successful attack would require the introduction of code in order to exploit this vulnerability. Because best practices recommends restricting the ability to logon interactively on servers, this issue most directly affects client systems and terminal servers.
MS03-013 : Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges (811493): Date Posted - 2003/04/16; Date Revised - 2003/05/28; The Windows kernel is the core of the operating system. It provides system level services such as device and memory management, allocates processor time to processes and manages error handling. There is a flaw in the way the kernel passes error messages to a debugger. A vulnerability results because an attacker could write a program to exploit this flaw and run code of their choice. An attacker could exploit this vulnerability to take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system. For an attack to be successful, an attacker would need to be able to logon interactively to the system, either at the console or through a terminal session. Also, a successful attack would require the introduction of code in order to exploit this vulnerability. Because best practices recommends restricting the ability to logon interactively on servers, this issue most directly affects client systems and terminal servers.
MS03-011 : Flaw in Microsoft VM Could Enable System Compromise (816093): Date Posted - 2003/04/09; Date Revised - 2003/04/09; The Microsoft VM is a virtual machine for the Win32&amp;#174; operating environment. The Microsoft VM is shipped in most versions of Windows (a complete list is available in the FAQ), as well as in most versions of Internet Explorer. The present Microsoft VM, which includes all previously released fixes to the VM, has been updated to include a fix for the newly reported security vulnerability. This new security vulnerability affects the ByteCode Verifier component of the Microsoft VM, and results because the ByteCode verifier does not correctly check for the presence of certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a web page that when opened, would exploit the vulnerability. An attacker could then host this malicious web page on a web site, or could send it to a user in e-mail
MS03-010 : Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953): Date Posted - 2003/03/26; Date Revised - 2003/03/26; Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the OSF (Open Software Foundation) RPC protocol, but with the addition of some Microsoft specific extensions. There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerabilty affects the RPC Endpoint Mapper process, which listens on TCP/IP port 135. The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service. To exploit this vulnerability, an attacker would need to establish a TCP/IP connection to the Endpoint Mapper process on a remote machine. Once the connection was established, the attacker would begin the RPC connection negotiation before transmitting a malformed message. At this point, the process on the remote machine would fail. The RPC Endpoint Mapper process is responsible for maintaining the connection information for all of the processes on that machine using RPC. Because the Endpoint Mapper runs within the RPC service itself, exploiting this vulnerability would cause the RPC service to fail, with the attendant loss of any RPC-based services the server offers, as well as potential loss of some COM functions. Microsoft has provided patches with this bulletin to correct this vulnerability for Windows 2000 and Windows XP. Although Windows NT 4.0 is affected by this vulnerability, Microsoft is unable to provide a patch for this vulnerabilty for Windows NT 4.0. The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability. Windows NT 4.0 users are strongly encouraged to employ the workaround discussed in the FAQ below, which is to protect the NT 4.0 system with a firewall that blocks Port 135.
MS03-010 : Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks (331953): Date Posted - 2003/03/26; Date Revised - 2003/03/26; Remote Procedure Call (RPC) is a protocol used by the Windows operating system. RPC provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. The protocol itself is derived from the OSF (Open Software Foundation) RPC protocol, but with the addition of some Microsoft specific extensions. There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerabilty affects the RPC Endpoint Mapper process, which listens on TCP/IP port 135. The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service. To exploit this vulnerability, an attacker would need to establish a TCP/IP connection to the Endpoint Mapper process on a remote machine. Once the connection was established, the attacker would begin the RPC connection negotiation before transmitting a malformed message. At this point, the process on the remote machine would fail. The RPC Endpoint Mapper process is responsible for maintaining the connection information for all of the processes on that machine using RPC. Because the Endpoint Mapper runs within the RPC service itself, exploiting this vulnerability would cause the RPC service to fail, with the attendant loss of any RPC-based services the server offers, as well as potential loss of some COM functions. Microsoft has provided patches with this bulletin to correct this vulnerability for Windows 2000 and Windows XP. Although Windows NT 4.0 is affected by this vulnerability, Microsoft is unable to provide a patch for this vulnerabilty for Windows NT 4.0. The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability. Windows NT 4.0 users are strongly encouraged to employ the workaround discussed in the FAQ below, which is to protect the NT 4.0 system with a firewall that blocks Port 135.
MS03-008 : Flaw in Windows Script Engine could allow code execution (814078): Date Posted - 2003/03/19; Date Revised - 2003/03/19; The Windows Script Engine provides Windows operating systems with the ability to execute script code. Script code can be used to add functionality to web pages, or to automate tasks within the operating system or within a program. Script code can be written in several different scripting languages, such as Visual Basic Script, or JScript. A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker’s choice with the user’s privileges. The web page could be hosted on a web site, or sent directly to the user in email. Although Microsoft has supplied a patch for this vulnerability and recommends all affected customers install the patch immediately, additional preventive measures have been provided that customers can use to help block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds are discussed in the Workarounds section in the FAQ below.
MS03-007 : Unchecked Buffer In Windows Component Could Cause Server Compromise (815021): Date Posted - 2003/03/17; Date Revised - 2003/05/28; Microsoft Windows 2000 supports the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol. WebDAV, defined in RFC 2518, is a set of extensions to the Hyper Text Transfer Protocol (HTTP) that provide a standard for editing and file management between computers on the Internet. A security vulnerability is present in a Windows component used by WebDAV, and results because the component contains an unchecked buffer. An attacker could exploit the vulnerability by sending a specially formed HTTP request to a machine running Internet Information Server (IIS). The request could cause the server to fail or to execute code of the attacker’s choice. The code would run in the security context of the IIS service (which, by default, runs in the LocalSystem context). Although Microsoft has supplied a patch for this vulnerability and recommends customers install the patch immediately, additional tools and preventive measures have been provided that customers can use to block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds and tools are discussed in the Workarounds section in the FAQ below.
MS03-007 : Unchecked Buffer In Windows Component Could Cause Server Compromise (815021): Date Posted - 2003/03/17; Date Revised - 2003/05/28; Microsoft Windows 2000 supports the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol. WebDAV, defined in RFC 2518, is a set of extensions to the Hyper Text Transfer Protocol (HTTP) that provide a standard for editing and file management between computers on the Internet. A security vulnerability is present in a Windows component used by WebDAV, and results because the component contains an unchecked buffer. An attacker could exploit the vulnerability by sending a specially formed HTTP request to a machine running Internet Information Server (IIS). The request could cause the server to fail or to execute code of the attacker’s choice. The code would run in the security context of the IIS service (which, by default, runs in the LocalSystem context). Although Microsoft has supplied a patch for this vulnerability and recommends customers install the patch immediately, additional tools and preventive measures have been provided that customers can use to block the exploitation of this vulnerability while they are assessing the impact and compatibility of the patch. These temporary workarounds and tools are discussed in the Workarounds section in the FAQ below.
MS03-001 : Unchecked Buffer in Locator Service Could Lead to Code Execution (810833): Date Posted - 2003/01/20; Date Revised - 2003/01/20; The Microsoft Locator service is a name service that maps logical names to network-specific names. It ships with Windows NT 4.0, Windows 2000, and Windows XP. By default, the Locator service is enabled only on Windows 2000 domain controllers and Windows NT 4.0 domain controllers; it is not enabled on Windows NT 4.0 workstations or member servers, Windows 2000 workstations and or member servers, or Windows XP. A security vulnerability results from an unchecked buffer in the Locator service. By sending a specially malformed request to the Locator service, an attacker could cause the Locator service to fail, or to run code of the attacker's choice on the system.
MS02-071 : Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310): Date Posted - 2002/12/11; Date Revised - 2003/04/30; Subsequent to the release of this bulletin it was determined that the patch for Microsoft Windows NT 4.0 machines introduced an error that may, under certain configurations, cause NT 4.0 to fail. Microsoft has investigated this issue and is releasing an updated patch for Windows NT 4.0. The bulletin has been updated to include the new download links for the NT 4.0 patch. Customers who have installed the patch on Microsoft Windows 2000 and Windows XP are unaffected by this error. Windows messages provide a way for interactive processes to react to user events (e.g., keystrokes or mouse movements) and communicate with other interactive processes. One such message, WM_TIMER, is sent at the expiration of a timer, and can be used to cause a process to execute a timer callback function. A security vulnerability results because it's possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to execute a callback function at the address of its choice, even if the second process did not set a timer. If that second process had higher privileges than the first, this would provide the first process with a way of exercising them. By default, several of the processes running in the interactive desktop do so with LocalSystem privileges. As a result, an attacker who had the ability to log onto a system interactively could potentially run a program that would levy a WM_TIMER request upon such a process, causing it to take any action the attacker specified. This would give the attacker complete control over the system. In addition to addressing this vulnerability, the patch also makes changes to several processes that run on the interactive desktop with high privileges. Although none of these would, in the absence of the TM_TIMER vulnerability, enable an attacker to gain privileges on the system, we have included them in the patch to make the services more robust.
MS02-071 : Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310): Date Posted - 2002/12/11; Date Revised - 2003/04/30; Subsequent to the release of this bulletin it was determined that the patch for Microsoft Windows NT 4.0 machines introduced an error that may, under certain configurations, cause NT 4.0 to fail. Microsoft has investigated this issue and is releasing an updated patch for Windows NT 4.0. The bulletin has been updated to include the new download links for the NT 4.0 patch. Customers who have installed the patch on Microsoft Windows 2000 and Windows XP are unaffected by this error. Windows messages provide a way for interactive processes to react to user events (e.g., keystrokes or mouse movements) and communicate with other interactive processes. One such message, WM_TIMER, is sent at the expiration of a timer, and can be used to cause a process to execute a timer callback function. A security vulnerability results because it's possible for one process in the interactive desktop to use a WM_TIMER message to cause another process to execute a callback function at the address of its choice, even if the second process did not set a timer. If that second process had higher privileges than the first, this would provide the first process with a way of exercising them. By default, several of the processes running in the interactive desktop do so with LocalSystem privileges. As a result, an attacker who had the ability to log onto a system interactively could potentially run a program that would levy a WM_TIMER request upon such a process, causing it to take any action the attacker specified. This would give the attacker complete control over the system. In addition to addressing this vulnerability, the patch also makes changes to several processes that run on the interactive desktop with high privileges. Although none of these would, in the absence of the TM_TIMER vulnerability, enable an attacker to gain privileges on the system, we have included them in the patch to make the services more robust.
MS02-070 : Flaw in SMB Signing Could Enable Group Policy to be Modified (329170): Date Posted - 2002/12/11; Date Revised - 2002/12/11; Server Message Block (SMB) is a protocol natively supported by all versions of Windows. Although nominally a file-sharing protocol, it is used for other purposes as well, the most important of which is disseminating group policy information from domain controllers to newly logged on systems. Beginning with Windows 2000, it is possible to improve the integrity of SMB sessions by digitally signing all packets in a session. Windows 2000 and Windows XP can be configured to always sign, never sign, or sign only if the other party requires it. A flaw in the implementation of SMB Signing in Windows 2000 and Windows XP could enable an attacker to silently downgrade the SMB Signing settings on an affected system. To do this, the attacker would need access to the session negotiation data as it was exchanged between a client and server, and would need to modify the data in a way that exploits the flaw. This would cause either or both systems to send unsigned data regardless of the signing policy the administrator had set. After having downgraded the signing setting, the attacker could continue to monitor the session and change data within it; the lack of signing would prevent the communicants from detecting the changes. Although this vulnerability could be exploited to expose any SMB session to tampering, the most serious case would involve changing group policy information as it was being disseminated from a Windows 2000 domain controller to a newly logged-on network client. By doing this, the attacker could take actions such as adding users to the local Administrators group or installing and running code of his or her choice on the system.
MS02-069 : Flaw in Microsoft VM Could Enable System Compromise (810030): Date Posted - 2002/12/11; Date Revised - 2002/12/11; The Microsoft VM is a virtual machine for the Win32 operating environment. The Microsoft VM shipped in most versions of Windows (a complete list is available in the FAQ), as well as in most versions of Internet Explorer. A new version of the Microsoft VM is available, which includes all previously released fixes for the VM, as well as fixes for eight newly reported security issues. The attack vectors for all of the new issues would likely be the same. An attacker would create a web page that, when opened, exploits the desired vulnerability, and either host it on a web page or send it to a user as an HTML mail.
MS02-064 : Windows 2000 Default Permissions Could Allow Trojan Horse Program (Q327522): Date Posted - 2002/10/30; Date Revised - 2002/10/30; On Windows 2000, the default permissions provide the Everyone group with Full access (Everyone:F) on the system root folder (typically, C:\). In most cases, the system root is not in the search path. However, under certain conditions for instance, during logon or when applications are invoked directly from the Windows desktop via Start | Run it can be. This situation gives rise to a scenario that could enable an attacker to mount a Trojan horse attack against other users of the same system, by creating a program in the system root with the same name as some commonly used program, then waiting for another user to subsequently log onto the system and invoke the program. The Trojan horse program would execute with the user’s own privileges, thereby enabling it to take any action that the user could take. The simplest attack scenario would be one in which the attacker knew that a particular system program was invoked by a logon script. In that case, the attacker could create a Trojan horse with the same name as the system program, which would then be executed by the logon script the next time someone logged onto the system. Other scenarios almost certainly would require significantly greater user interaction for instance, convincing a user to start a particular program via Start | Run and would necessitate the use of social engineering. The systems primarily at risk from this vulnerability would be workstations that are shared between multiple users, and local terminal server sessions. Other systems would be at significantly less risk: Workstations that are not shared between users would be at no risk, because the attacker would require the ability to log onto the system in order to place the Trojan horse. Servers would be at no risk, if standard best practices have been followed that advocate only allowing trusted users to log onto them. Remote Terminal server sessions would be at little risk, because each user’s environment is isolated. That is, the system root is never the current folder instead, the user’s Documents and Settings folder is, but the permissions on this folder would not enable an attacker to place a Trojan horse there.
MS02-063 : Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834): Date Posted - 2002/10/30; Date Revised - 2002/10/30; Windows 2000 and Windows XP natively support Point-to-Point Tunneling Protocol (PPTP), a Virtual Private Networking technology that is implemented as part of Remote Access Services (RAS). PPTP support is an optional component in Windows NT 4.0, Windows 98, Windows 98SE, and Windows ME. A security vulnerability results in the Windows 2000 and Windows XP implementations because of an unchecked buffer in a section of code that processes the control data used to establish, maintain and tear down PPTP connections. By delivering specially malformed PPTP control data to an affected server, an attacker could corrupt kernel memory and cause the system to fail, disrupting any work in progress on the system. The vulnerability could be exploited against any server that offers PPTP. If a workstation had been configured to operate as a RAS server offering PPTP services, it could likewise be attacked. Workstations acting as PPTP clients could only be attacked during active PPTP sessions. Normal operation on any attacked system could be restored by restarting the system.
MS02-055 : Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255): Date Posted - 2002/10/02; Date Revised - 2002/10/02; The HTML Help facility in Windows includes an ActiveX control that provides much of its functionality. One of the functions exposed via the control contains an unchecked buffer, which could be exploited by a web page hosted on an attacker’s site or sent to a user as an HTML mail. An attacker who successfully exploited the vulnerability would be able to run code in the security context of the user, thereby gaining the same privileges as the user on the system. A second vulnerability exists because of flaws associated with the handling of compiled HTML Help (.chm) files that contain shortcuts. Because shortcuts allow HTML Help files to take any desired action on the system, only trusted HTML Help files should be allowed to use them. Two flaws allow this restriction to be bypassed. First, the HTML Help facility incorrectly determines the Security Zone in the case where a web page or HTML mail delivers a .chm file to the Temporary Internet Files folder and subsequently opens it. Instead of handling the .chm file in the correct zone – the one associated with the web page or HTML mail that delivered it – the HTML Help facility incorrectly handles it in the Local Computer Zone, thereby considering it trusted and allowing it to use shortcuts. This error is compounded by the fact that the HTML Help facility doesn’t consider what folder the content resides in. Were it to do so, it could recover from the first flaw, as content within the Temporary Internet Folder is clearly not trusted, regardless of the Security Zone it renders in. The attack scenario for this vulnerability would be complex, and involves using an HTML mail to deliver a .chm file that contains a shortcut, then making use of the flaws to open it and allow the shortcut to execute. The shortcut would be able to perform any action the user had privileges to perform on the system.
MS02-055 : Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255): Date Posted - 2002/10/02; Date Revised - 2002/10/02; The HTML Help facility in Windows includes an ActiveX control that provides much of its functionality. One of the functions exposed via the control contains an unchecked buffer, which could be exploited by a web page hosted on an attacker’s site or sent to a user as an HTML mail. An attacker who successfully exploited the vulnerability would be able to run code in the security context of the user, thereby gaining the same privileges as the user on the system. A second vulnerability exists because of flaws associated with the handling of compiled HTML Help (.chm) files that contain shortcuts. Because shortcuts allow HTML Help files to take any desired action on the system, only trusted HTML Help files should be allowed to use them. Two flaws allow this restriction to be bypassed. First, the HTML Help facility incorrectly determines the Security Zone in the case where a web page or HTML mail delivers a .chm file to the Temporary Internet Files folder and subsequently opens it. Instead of handling the .chm file in the correct zone – the one associated with the web page or HTML mail that delivered it – the HTML Help facility incorrectly handles it in the Local Computer Zone, thereby considering it trusted and allowing it to use shortcuts. This error is compounded by the fact that the HTML Help facility doesn’t consider what folder the content resides in. Were it to do so, it could recover from the first flaw, as content within the Temporary Internet Folder is clearly not trusted, regardless of the Security Zone it renders in. The attack scenario for this vulnerability would be complex, and involves using an HTML mail to deliver a .chm file that contains a shortcut, then making use of the flaws to open it and allow the shortcut to execute. The shortcut would be able to perform any action the user had privileges to perform on the system.
MS02-053 : Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096): Date Posted - 2002/09/24; Date Revised - 2002/09/24; The SmartHTML Interpreter (shtml.dll) is part of the FrontPage Server Extensions (FPSE), and provides support for web forms and other FrontPage-based dynamic content. The interpreter contains a flaw that occurs when processing a request for a particular type of web file, if the request included certain other characteristics. This affects the two versions of FrontPage Server Extensions differently. To FrontPage Server Extensions 2000, such a request would cause the interpreter to consume most or all CPU availability until the web service was restarted. An attacker could use this vulnerability to conduct a denial of service attack against an affected web server. To FrontPage Server Extensions 2002, the same type of request could cause a buffer overrun potentially allowing an attacker to run code of his choice.
MS02-051 : Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380): Date Posted - 2002/09/18; Date Revised - 2002/09/18; The Remote Data Protocol (RDP) provides the means by which Windows systems can provide remote terminal sessions to clients. The protocol transmits information regarding a terminal sessions' keyboard, mouse and video to the remote client, and is used by Terminal Services in Windows NT 4.0 and Windows 2000, and by Remote Desktop in Windows XP. Two security vulnerabilities, both of which are eliminated by this patch, have been discovered in various RDP implementations. The first involves how session encryption is implemented in certain versions of RDP. All RDP implementations allow the data in an RDP session to be encrypted. However, in the versions in Windows 2000 and Windows XP, the checksums of the plaintext session data are sent without being encrypted themselves. An attacker who was able to eavesdrop on and record an RDP session could conduct a straightforward cryptanalytic attack against the checksums and recover the session traffic. The second involves how the RDP implementation in Windows XP handles data packets that are malformed in a particular way. Upon receiving such packets, the Remote Desktop service would fail, and with it would fail the operating system. It would not be necessary for an attacker to authenticate to an affected system in order to deliver packets of this type to an affected system.
MS02-050 : Certificate Validation Flaw Could Enable Identity Spoofing (Q329115): Date Posted - 2002/09/04; Date Revised - 2004/04/13; The original version of this bulletin was released on 05 September 2002. On 09 September 2002, we updated the bulletin to advise customers that a Microsoft-issued digital certificate, used to sign device drivers, did not meet the stricter validation standards established by the patch. As a result, customers who installed the patch could see unexpected error messages when installing new hardware, or in some cases might be unable to install new hardware altogether. On 20 November 2002, we released an updated version of the patch that not only eliminates this problem, but also eliminates a newly discovered variant of the original vulnerability. The IETF Profile of the X.509 certificate standard defines several optional fields that can be included in a digital certificate. One of these is the Basic Constraints field, which indicates the maximum allowable length of the certificate’s chain and whether the certificate is a Certificate Authority or an end-entity certificate. However, the APIs within CryptoAPI that construct and validate certificate chains (CertGetCertificateChain(), CertVerifyCertificateChainPolicy(), and WinVerifyTrust()) do not check the Basic Constraints field. The same flaw, unrelated to CryptoAPI, is also present in several Microsoft products for Macintosh. The vulnerability identified in the original version of the bulletin could enable an attacker who had a valid end-entity certificate to issue a subordinate certificate that, although bogus, would nevertheless pass validation. Because CryptoAPI is used by a wide range of applications, this could enable a variety of identity spoofing attacks.
MS02-050 : Certificate Validation Flaw Could Enable Identity Spoofing (Q329115): Date Posted - 2002/09/04; Date Revised - 2004/04/13; The original version of this bulletin was released on 05 September 2002. On 09 September 2002, we updated the bulletin to advise customers that a Microsoft-issued digital certificate, used to sign device drivers, did not meet the stricter validation standards established by the patch. As a result, customers who installed the patch could see unexpected error messages when installing new hardware, or in some cases might be unable to install new hardware altogether. On 20 November 2002, we released an updated version of the patch that not only eliminates this problem, but also eliminates a newly discovered variant of the original vulnerability. The IETF Profile of the X.509 certificate standard defines several optional fields that can be included in a digital certificate. One of these is the Basic Constraints field, which indicates the maximum allowable length of the certificate’s chain and whether the certificate is a Certificate Authority or an end-entity certificate. However, the APIs within CryptoAPI that construct and validate certificate chains (CertGetCertificateChain(), CertVerifyCertificateChainPolicy(), and WinVerifyTrust()) do not check the Basic Constraints field. The same flaw, unrelated to CryptoAPI, is also present in several Microsoft products for Macintosh. The vulnerability identified in the original version of the bulletin could enable an attacker who had a valid end-entity certificate to issue a subordinate certificate that, although bogus, would nevertheless pass validation. Because CryptoAPI is used by a wide range of applications, this could enable a variety of identity spoofing attacks.
MS02-048 : Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172): Date Posted - 2002/08/28; Date Revised - 2002/08/28; All versions of Windows ship with an ActiveX control known as the Certificate Enrollment Control, the purpose of which is to allow web-based certificate enrollments. The control is used to submit PKCS #10 compliant certificate requests, and upon receiving the requested certificate, stores it in the user’s local certificate store. The control contains a flaw that could enable a web page, through an extremely complex process, to invoke the control in a way that would delete certificates on a user’s system. An attacker who successfully exploited the vulnerability could corrupt trusted root certificates, EFS encryption certificates, email signing certificates, and any other certificates on the system, thereby preventing the user from using these features. An attack could be carried out through either of two scenarios. The attacker could create a web page the that exploits the vulnerability, and host it on a web site in order to attack users who visited the site. The attacker also could send the page as an HTML mail in order to attack the recipient. A new version of the control is available that corrects the vulnerability, and can be installed via the patch or Windows XP Service Pack 1 A patch is available for all other Windows systems, as discussed in the Patch Availability section below. Internet Explorer 5 or later is a prerequisite to installing the patch. As discussed in the Caveats section, customers who operate web sites that use the Certificate Enrollment Control will need to make minor revisions to their web applications in order to use the new control. Microsoft Knowledge Base article Q323172 details how to do this. In addition, the patch addresses a similar, but less serious vulnerability discovered in the SmartCard Enrollment control. This control ships with Windows 2000 and Windows XP. A new version of this control is also provided.
MS02-045 : Unchecked Buffer in Network Share Provider can lead to Denial of Service (Q326830): Date Posted - 2002/08/21; Date Revised - 2002/08/21; SMB (Server Message Block) is the protocol Microsoft uses to share files, printers, serial ports, and also to communicate between computers using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources and servers make SMB responses in what described as a client server, request-response protocol. By sending a specially crafted packet request, an attacker can mount a denial of service attack on the target server machine and crash the system. The attacker could use both a user account and anonymous access to accomplish this. Though not confirmed, it may be possible to execute arbitrary code.
MS02-042 : Flaw in Network Connection Manager Could Enable Privilege Elevation (Q326886): Date Posted - 2002/08/15; Date Revised - 2002/08/15; The Network Connection Manager (NCM) provides a controlling mechanism for all network connections managed by a host system. Among the functions of the NCM is to call a handler routine whenever a network connection has been established. By design, this handler routine should run in the security context of the user. However, a flaw could make it possible for an unprivileged user to cause the handler routine to run in the security context of LocalSystem, though a very complex process. An attacker who exploited this flaw could specify code of his or her choice as the handler, then establish a network connection in order to cause that code to be invoked by the NCM. The code would then run with full system privilege
MS02-029 : Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138): Date Posted - 2002/06/11; Date Revised - 2002/07/02; A flaw exists in the RAS phonebook implementation: a phonebook value is not properly checked, and is susceptible to a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with LocalSystem privileges. If an attacker were able to log onto an affected server and modify a phonebook entry using specially malformed data, then made a connection using the modified phonebook entry, the specially malformed data could be run as code by the system.
MS02-024 : Authentication Flaw in Windows Debugger Can Lead to Elevated Privileges (Q320206): Date Posted - 2002/05/22; Date Revised - 2002/05/22; There is a flaw in the authentication mechanism for the debugging facility such that an unauthorized program can gain access to the debugger. A vulnerability results because an attacker can use this to cause a running program to run a program of her choice. Because many programs run as the operating system, this means that an attacker can exploit this vulnerability to run code as the operating system itself. She could take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system. A successful attack requires the ability to logon interactively to the system, either at the console or through a terminal session.
MS02-017 : Unchecked Buffer in the Multiple UNC Provider Could Enable Code Execution (Q311967): Date Posted - 2002/04/04; Date Revised - 2002/04/04; When MUP requests a file using the uniform naming convention (UNC), it will allocate a buffer to store this request. There is proper input checking in this first buffer. However, MUP stores another copy of the file request in a buffer when it sends this request to a redirector. This second copy of the buffer does not check inputs correctly, thereby creating the possibility that a resource request to it from an unprivileged process could cause a buffer overrun. The overrun could be exploited for either of two purposes: causing a system failure, or running code on the system with Local System privileges.
MS02-014 : Unchecked Buffer in Windows Shell Could Lead to Code Execution: Date Posted - 2002/03/07; Date Revised - 2002/03/07; An unchecked buffer exists in one of the functions that helps to locate incompletely removed applications on the system. A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw.
MS02-013 : 04 March 2002 Cumulative VM Update: Date Posted - 2002/03/04; Date Revised - 2002/03/04; The Microsoft VM is a virtual machine for the Win32 operating environment. The Microsoft VM is available for Windows 95, Windows 98, ME, Windows NT 4.0, Windows 2000, and Windows XP. It is also available as part of Internet Explorer 6 and earlier. A new build of the VM (build 3805) is available, which eliminates two security vulnerabilities. The first vulnerability is the result of a flaw affecting how Java requests for proxy resources are handled. A malicious Java applet could exploit this flaw to re-direct web traffic once it has left the proxy server to a destination of the attacker’s choice. resources are handled. A malicious Java applet could exploit this flaw to re-direct web traffic once it has left the proxy server to a destination of the attacker’s choice.
MS02-006 : Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run: Date Posted - 2002/02/12; Date Revised - 2002/02/12; Simple Network Management Protocol (SNMP) is an Internet standard protocol for managing disparate network devices such as firewalls, computers, and routers. All versions of Windows except Windows ME provide an SNMP implementation, which is neither installed nor running by default in any version. A buffer overrun is present in all implementations. By sending a specially malformed management request to a system running an affected version of the SNMP service, an attacker could cause code to run on the system in LocalSystem context. This could give the attacker the ability to take any desired action on the system.
MS02-004 : Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution: Date Posted - 2002/02/07; Date Revised - 2002/02/07; The Telnet protocol provides remote shell capabilities. Microsoft has implemented the Telnet protocol by providing a Telnet Server in several products. The implementations in two of these products – Windows 2000 and Interix 2.2 – contain unchecked buffers in the code that handles the processing of telnet protocol options. An attacker could use this vulnerability to perform a buffer overflow attack. A successful attack could cause the Telnet Server to fail, or in some cases, could possibly allow an attacker to execute code of her choice on the system. Such code would execute using the security context of the Telnet service, but this context varies from product to product. In Windows 2000, the Telnet service always runs as System; in the Interix implementation, the administrator selects the security context in which to run as part of the installation process.
MS02-001 : Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data: Date Posted - 2002/01/22; Date Revised - 2002/01/22; Trust relationships are created between Windows NT or Windows 2000 domains to allow users in one domain to access resources in other domains without requiring them to authenticate separately to each domain. When a user in a trusted domain requests access to a resource in a trusting domain, the trusted domain supplies authorization data in the form of a list of Security Identifiers (SIDs) that indicate the user's identity and group memberships. The trusting domain uses this data to determine whether to grant the user's request. A vulnerability exists because the trusting domain does not verify that the trusted domain is actually authoritative for all the SIDs in the authorization data. If one of the SIDs in the list identified a user or security group that is not in the trusted domain, the trusting domain would accept the information and use it for subsequent access control decisions. If an attacker inserted SIDs of his choice into the authorization data at the trusted domain, he could elevate his privileges to those associated with any desired user or group, including the Domain Administrators group for the trusting domain. This would enable the attacker to gain full Domain Administrator access on computers in the trusting domain.
MS01-046 : Access Violation in Windows 2000 IRDA Driver Can Cause System to Restart: Date Posted - 2001/08/21; Date Revised - 2001/08/21; Microsoft Windows 2000 provides support for infrared-based connectivity. This support is provided through protocols developed by the Infrared Data Association (IRDA). Because of this, they are often called IRDA devices. These devices can be used to share files and printers with other IRDA-device capable systems. The software which handles IRDA devices in Windows 2000 contains an unchecked buffer in the code which handles certain IRDA packets. A security vulnerability results because it is possible for a malicious user to send a specially crafted IRDA packet to the victim's system. This could enable the attacker to conduct a buffer overflow attack and cause an access violation on the system, forcing a reboot. To be best of our knowledge, it cannot be used to run malicious code on the user's system
MS01-043 : NNTP Service in Windows NT 4.0 and Windows 2000 Contains Memory Leak: Date Posted - 2001/08/14; Date Revised - 2001/08/14; The NNTP (Network News Transport Protocol) service in Windows NT 4.0 and Windows 2000 contains a memory leak in a routine that processes news postings. Each time such a posting is processed that contains a particular construction, the memory leak causes a small amount of memory to no longer be available for use. If an attacker sent a large number of posts, the server memory could be depleted to the point at which normal service would be disrupted. An affected server could be restored to normal service by rebooting.
MS01-041 : Malformed RPC Request Can Cause Service Failure: Date Posted - 2001/07/26; Date Revised - 2001/07/26; Several of the RPC servers associated with system services in Microsoft Exchange, SQL Server, Windows NT 4.0 and Windows 2000 do not adequately validate inputs, and in some cases will accept invalid inputs that prevent normal processing. The specific input values at issue here vary from RPC server to RPC server. An attacker who sent such inputs to an affected RPC server could disrupt its service. The precise type of disruption would depend on the specific service, but could range in effect from minor (e.g., the service temporarily hanging) to major (e.g., the service failing in a way that would require the entire system to be restarted).
MS01-037 : Authentication Error in SMTP Service Could Allow Mail Relaying: Date Posted - 2001/07/05; Date Revised - 2001/07/05; This update addresses the "Windows 2000 SMTP Mail Relaying" security vulnerability in the Windows 2000 Simple Mail Transfer Protocol (SMTP) service and is discussed in Microsoft Security Bulletin MS01-037. Download now to prevent malicious users from relaying e-mail messages from your computer.
MS01-031 : Predictable Named Pipes Could Enable Privilege Elevation via Telnet: Date Posted - 2001/06/07; Date Revised - 2001/06/07; This update addresses the "Predicatable Named Pipes Could Enable Privilege Elevation via Telnet" security vulnerability in the Windows 2000 Telnet service that is discussed in Microsoft Security Bulletin MS01-031. Download now to prevent a malicious user from launching programs on your computer, gaining access to your network, or initiating a denial of service attack against your computer.
MS01-025 : Index Server Search Function Contains Unchecked Buffer: Date Posted - 2001/05/10; Date Revised - 2001/05/22; This update addresses the "Malformed Hit-Highlighting" security vulnerability in Windows 2000 computers running Indexing Service, and is discussed in Microsoft Security Bulletin MS01-025. Download now to prevent a malicious user from reading files on your Web server.
MS01-022 : WebDAV Service Provider Can Allow Scripts to Levy Requests as User: Date Posted - 2001/04/18; Date Revised - 2001/04/18; The Microsoft Data Access Component Internet Publishing Provider provides access to WebDAV resources over the Internet. By design, it should differentiate between requests made by a user and those made by script running in the user?s browser. However, because of an implementation flaw, it handles all requests in the security context of the user. As a result, if a user browsed to a web page or opened an HTML e-mail that contained script, that script could access web-based resources as the user.
MS01-017 : Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard: Date Posted - 2001/03/22; Date Revised - 2001/03/28; This update resolves the "Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard" security vulnerability, and is discussed in Microsoft Security Bulletin MS01-017. Download now to prevent an unauthorized user from running code on your computer by digitally signing programs as Microsoft Corporation.
MS01-013 : Windows 2000 Event Viewer Contains Unchecked Buffer: Date Posted - 2001/02/26; Date Revised - 2001/02/26; This update resolves the "Malformed Event Record" security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS01-013. Download now to prevent a malicious user from running unauthorized code on your computer.
MS01-007 : Network DDE Agent Requests Can Enable Code to Run in System Context: Date Posted - 2001/02/05; Date Revised - 2001/02/09; Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows 2000. The vulnerability could, under certain conditions, allow an attacker to gain complete control over an affected machine.
MS01-005 : Packaging Anomaly Could Cause Hotfixes to be Removed: Date Posted - 2001/01/30; Date Revised - 2001/01/30; Microsoft has released a tool and patch that allow customers to diagnose and eliminate the effects of anomalies in the packaging of hotfixes for English language versions of Microsoft Windows 2000. Under certain circumstances, these anomalies could cause the removal of some hotfixes, which could include some security patches, from a Windows 2000 system.
MS01-005 : Packaging Anomaly Could Cause Hotfixes to be Removed: Date Posted - 2001/01/30; Date Revised - 2001/01/30; Microsoft has released a tool and patch that allow customers to diagnose and eliminate the effects of anomalies in the packaging of hotfixes for English language versions of Microsoft Windows 2000. Under certain circumstances, these anomalies could cause the removal of some hotfixes, which could include some security patches, from a Windows 2000 system.
MS01-001 : Web Client Will Perform NTLM Authentication Regardless of Security Settings: Date Posted - 2001/01/11; Date Revised - 2001/01/15; This update resolves the "Web Client NTLM Authentication" security vulnerability in Windows 2000 and Office 2000 and is discussed in Microsoft Security Bulletin MS01-001. Download now to ensure that your Web Extender Client (WEC) components are set to the recommended Internet Explorer security levels, to prevent a malicious Web site operator from capturing your logon credentials.
MS00-098 : Indexing Service File Enumeration Vulnerability: Date Posted - 2000/12/19; Date Revised - 2000/12/19; This update resolves the "Indexing Service File Enumeration" vulnerability in Indexing Service 3.0 and is discussed in Microsoft Security Bulletin MS00-098. Download now to prevent a malicious Web site operator from gathering information about your files and folders.
MS00-096 : SNMP Parameters Vulnerability: Date Posted - 2000/12/06; Date Revised - 2000/12/06; This update eliminates the "SNMP Parameters" vulnerability in Windows 2000. Download now to correct the permission values for SNMP registry keys.
MS00-089 : Domain Account Lockout Vulnerability: Date Posted - 2000/11/21; Date Revised - 2000/12/21; A flaw in the way that NTLM authentication operates in Windows 2000 could allow a domain account lockout policy to be bypassed on a local Windows 2000 machine, even if the domain administrator had set such a policy. The ability of a malicious user to avoid the domain account lockout policy could increase the threat from a brute force password-guessing attack. This vulnerability only affects Windows 2000 machines that are members of non-Windows 2000 domains. In addition, the vulnerability only affects domain user accounts that have previously logged into the target machine and already have cached credentials established on that machine. If a domain account lockout policy is in place and an attacker attempts a brute force password-guessing attack, the domain user account will be locked out as expected at the domain controller. However, if the attacker is able find the correct password, the local Windows 2000 machine will log the attacker on using cached credentials in violation of the account lockout polic
MS00-085 : ActiveX Parameter Validation Vulnerability: Date Posted - 2000/11/02; Date Revised - 2000/11/02; Microsoft has released a patch that eliminates a security vulnerability affecting customers using Microsoft Windows 2000. The vulnerability could allow enable a malicious user to potentially run code on another user?s machine.
MS00-084 : Indexing Services Cross Site Scripting Vulnerability: Date Posted - 2000/11/02; Date Revised - 2003/04/08; This update resolves the "Indexing Services Cross Site Scripting" vulnerability in Indexing Services for Windows 2000 and is discussed in Microsoft Security Bulletin MS00-084. Download now to prevent a malicious user from introducing code on your Web server and returning it as a Web page to a visiting browser.
MS00-081 : New Variant of VM File Reading Vulnerability: Date Posted - 2000/10/25; Date Revised - 2001/01/26; This update resolves the "VM File Reading" security vulnerability in the Microsoft virtual machine (Microsoft VM) and is discussed in Microsoft Security Bulletin MS00-081. Download now to prevent a malicious Web site operator from reading - but not changing, adding, or deleting - the files on your computer or viewing the Web content on your intranet.
MS00-079 : HyperTerminal Buffer Overflow Vulnerability: Date Posted - 2000/10/18; Date Revised - 2001/08/30; The HyperTerminal application is a communications utility that installs by default on all versions of Windows 98, 98SE, Windows ME, Windows NT 4.0, and Windows 2000. The product contains two unchecked buffers through which an attacker could potentially cause code of her choice to run on another user’s machine.
MS00-077 : NetMeeting Desktop Sharing Vulnerability: Date Posted - 2000/10/13; Date Revised - 2001/06/20; This update resolves the "NetMeeting Desktop Sharing" security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-077. Download now to prevent a malicious user from denying or interrupting NetMeeting services.
MS00-075 : Microsoft VM ActiveX Component Vulnerability: Date Posted - 2000/10/12; Date Revised - 2001/01/26; Microsoft has released a patch that eliminates a security vulnerability in Microsoft virtual machine (Microsoft VM). If a malicious web site operator were able to coax a user into visiting his site, the vulnerability could allow him to take any desired action on a visiting user?s machine.
MS00-070 : Multiple LPC and LPC Ports Vulnerabilities: Date Posted - 2000/10/03; Date Revised - 2000/10/03; This update resolves the "Multiple LPC and LPC Ports" security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletins MS00-070 and MS00-003. Download now to prevent a malicious user from causing your computer to fail, impersonating your privileges, or causing the client or server to fail by posing as the client or server and sending random data.
MS00-069 : Simplified Chinese IME State Recognition Vulnerability: Date Posted - 2000/09/29; Date Revised - 2000/09/29; This update resolves the "Simplified Chinese IME State Recognition" security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-069. Download now to prevent a malicious user from exploiting the logon screen for Simplified Chinese IME to run code, add users to the computer, install or remove system components, add or remove software and compromise data.
MS00-067 : Windows 2000 Telnet Client NTLM Authentication Vulnerability: Date Posted - 2000/09/14; Date Revised - 2000/09/21; This update resolves the "Windows 2000 Telnet Client NTLM Authentication" security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-067. Download now to prevent a malicious user from acquiring your authentication credentials.
MS00-066 : Malformed RPC Packet Vulnerability: Date Posted - 2000/09/11; Date Revised - 2000/09/11; This update resolves the "Malformed RPC Packet" security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-066. Download now to prevent a malicious user from launching a Denial of Service attack via the Remote Procedure Call (RPC) client.
MS00-065 : Still Image Service Privilege Escalation Vulnerability: Date Posted - 2000/09/06; Date Revised - 2000/09/06; This update resolves the "Still Image Service Privilege Escalation" security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-065. Download now to prevent a malicious user from logging on to a Windows 2000 computer interactively and running a program that could enable the malicious user to obtain administrative privileges on the host computer.
MS00-059 : Java VM Applet Vulnerability: Date Posted - 2000/08/21; Date Revised - 2001/01/26; Microsoft has released a patch that eliminates a security vulnerability in the Microsoft virtual machine (Microsoft VM). If a malicious web site operator were able to coax a user into visiting his site, the vulnerability could allow him to masquerade as the user, visit other sites using his identity, and relay the information back to his site.
MS00-053 : Service Control Manager Named Pipe Impersonation Vulnerability: Date Posted - 2000/08/02; Date Revised - 2000/08/02; Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows 2000. The vulnerability could allow a user logged onto a Windows 2000 machine from the keyboard to become an administrator on the machine.
MS00-052 : Relative Shell Path Vulnerability: Date Posted - 2000/07/28; Date Revised - 2000/07/28; This update resolves the "Relative Shell Path" security vulnerability in Windows NT 4.0 and Windows 2000 and is discussed in Microsoft Security Bulletin MS00-052. Download now to prevent a malicious user from altering the functionality of your desktop.
MS00-050 : Telnet Server Flooding Vulnerability: Date Posted - 2000/07/24; Date Revised - 2000/07/24; This update resolves the "Telnet Server Flooding" security vulnerability in Microsoft Windows 2000. Download now to prevent a malicious user from sending invalid input information to your Telnet Server.
MS00-047 : NetBIOS Name Server Protocol Spoofing Vulnerability: Date Posted - 2000/07/27; Date Revised - 2000/07/27; This update resolves the "NetBIOS Name Server Protocol Spoofing" security vulnerability in some Windows-based networks and is discussed in Microsoft Security Bulletin MS00-047. Download now to prevent a malicious user from misusing the Name Conflict and Name Release mechanisms that are part of Windows Internet Name Service (WINS).
MS00-036 : ResetBrowser Frame and Host Announcement Frame Vulnerabilities: Date Posted - 2000/05/25; Date Revised - 2000/05/25; This update resolves the "ResetBrowser Frame" and "HostAnnouncement Flooding" security vulnerabilities in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-036. Download now to prevent a malicious user from denying network users the ability to locate services or other computers on the network.
MS00-032 : Protected Store Key Length Vulnerability: Date Posted - 2000/06/01; Date Revised - 2000/07/16; Microsoft has released a patch and a tool that eliminate a security vulnerability in Microsoft Windows 2000. The vulnerability could make it easier for a malicious user who had complete control over a Windows 2000 machine to compromise users' sensitive information.
MS00-029 : IP Fragment Reassembly Vulnerability: Date Posted - 2000/05/19; Date Revised - 2000/05/19; This update resolves the "IP Fragment Reassembly" security vulnerability in Windows 2000. Installing this update will minimize the negative effects that fragmented Internet Protocol (IP) datagrams could have on your computer's central processing unit (CPU).
MS00-027 : Malformed Environment Variable Vulnerability: Date Posted - 2000/04/20; Date Revised - 2000/04/20; The vulnerability could allow a malicious user to make some or all of the memory on an affected server unavailable, potentially slowing or stopping an affected server's response time.
MS00-021 : Malformed TCP/IP Print Request Vulnerability: Date Posted - 2000/03/30; Date Revised - 2000/03/30; Microsoft has released a patch that eliminates a security vulnerability in the TCP/IP Printing Services for Microsoft Windows NT 4.0 and Windows 2000. If this service is installed, the vulnerability could allow a malicious user to disrupt printing services.
MS00-020 : Desktop Separation Vulnerability: Date Posted - 2000/06/15; Date Revised - 2000/06/15; This update eliminates the "Desktop Separation" vulnerability found in Windows 2000. Installing this update will prevent malicious users from gaining additional privileges on your computer when they log on at your keyboard.
MS00-011 : VM File Reading Vulnerability: Date Posted - 2000/02/18; Date Revised - 2000/02/18; Microsoft has released a patch that eliminates a security vulnerability in the Microsoft virtual machine (Microsoft VM). The vulnerability could enable a malicious web site operator to read files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet.
MS00-006 : Malformed Hit-Highlighting Argument Vulnerability: Date Posted - 2000/01/26; Date Revised - 2000/03/31; Microsoft has released a patch that eliminates two security vulnerabilities in Microsoft Index Server. The first vulnerability could allow a malicious user to view -- but not to change, add or delete -- files on a web server. The second vulnerability could reveal where web directories are physically located on the server.