|
|
|
|
|
DirectX
|
|
ActiveMac
|
|
Downloads
|
|
Forums
|
|
Interviews
|
|
News
|
|
MS Games & Hardware
|
|
Reviews
|
|
Support Center
|
|
Windows 2000
|
|
Windows Me
|
|
Windows Server 2003
|
|
Windows Vista
|
|
Windows XP
|
|
|
|
|
|
|
|
News Centers
|
|
Windows/Microsoft
|
|
DVD
|
|
Apple/Mac
|
|
Xbox
|
|
News Search
|
|
|
|
|
|
|
|
ActiveXBox
|
|
Xbox News
|
|
Box Shots
|
|
Inside The Xbox
|
|
Released Titles
|
|
Announced Titles
|
|
Screenshots/Videos
|
|
History Of The Xbox
|
|
Links
|
|
Forum
|
|
FAQ
|
|
|
|
|
|
|
|
Windows
XP
|
|
Introduction
|
|
System Requirements
|
|
Home Features
|
|
Pro Features
|
|
Upgrade Checklists
|
|
History
|
|
FAQ
|
|
Links
|
|
TopTechTips
|
|
|
|
|
|
|
|
FAQ's
|
|
Windows Vista
|
|
Windows 98/98 SE
|
|
Windows 2000
|
|
Windows Me
|
|
Windows Server 2002
|
|
Windows "Whistler" XP
|
|
Windows CE
|
|
Internet Explorer 6
|
|
Internet Explorer 5
|
|
Xbox
|
|
Xbox 360
|
|
DirectX
|
|
DVD's
|
|
|
|
|
|
|
|
TopTechTips
|
|
Registry Tips
|
|
Windows 95/98
|
|
Windows 2000
|
|
Internet Explorer 5
|
|
Program Tips
|
|
Easter Eggs
|
|
Hardware
|
|
DVD
|
|
|
|
|
|
|
|
ActiveDVD
|
|
DVD News
|
|
DVD Forum
|
|
Glossary
|
|
Tips
|
|
Articles
|
|
Reviews
|
|
News Archive
|
|
Links
|
|
Drivers
|
|
|
|
|
|
|
|
Latest Reviews
|
|
Xbox/Games
|
|
Fallout 3
|
|
|
|
Applications
|
|
Windows Server 2008 R2
|
|
Windows 7
|
|
|
|
Hardware
|
|
iPod Touch 32GB
|
|
|
|
|
|
|
|
Latest Interviews
|
|
Steve Ballmer
|
|
Jim Allchin
|
|
|
|
|
|
|
|
Site News/Info
|
|
About This Site
|
|
Affiliates
|
|
Contact Us
|
|
Default Home Page
|
|
Link To Us
|
|
Links
|
|
News Archive
|
|
Site Search
|
|
Awards
|
|
|
|
|
|
|
|
Credits
©1997-2012, Active Network, Inc. All Rights Reserved.
Please click
here
for full terms of use and restrictions or read our Light Tower
Privacy
Statement.
|
|
Microsoft
Security Bulletins
Microsoft
Security Bulletin (MS99-060) - Patch Available for "HTML Mail
Attachment" Vulnerability
Date: December 22, 1999
Summary
Microsoft has released a patch that addresses two issues:
- It eliminates a security vulnerability in the Microsoft(r) Outlook
Express mail client for Macintosh systems. The vulnerability could allow
attachments to HTML mails to be automatically downloaded onto the user's
computer.
- It provides replacements for several digital certificates that are
included in Internet Explorer for Macintosh, and will expire on December
31, 1999.
Frequently asked questions regarding this vulnerability can be found
at http://www.microsoft.com/security/bulletins/MS99-060faq.asp.
Issue
There are two issues here. The first is a security vulnerability found
in Outlook Express 5 for Macintosh. By design, when an HTML mail is
received, the mail content is downloaded onto the user's machine and
processed. However, attachments to the mail should not be downloaded
unless the user requests it. A flaw in Outlook Express 5 for Macintosh
causes it to download all content, including attachments. The
vulnerability does not provide a way for a malicious user to launch the
downloaded attachments.
The second issue involves several digital certificates that are included
in Internet Explorer 4.5 for Macintosh. These certificates are due to
expire on December 31, 1999. The patch provides updated certificates,
and also adds support for X509 V3 certificates. There is no security
vulnerability associated with this issue; Microsoft is simply providing
the replacement certificates and X.509 V3 support as a community
service.
It is important to note that both the security vulnerability and the
certificate expiration issue affect only Outlook Express and Internet
Explorer on the Macintosh; the Windows versions of these products are
not affected.
Affected Software Versions
- Microsoft Internet Explorer 4.5 for Macintosh
- Microsoft Outlook Express 5.0 for Macintosh (available as a
stand-alone product or bundled with Internet Explorer 5.0 for Macintosh)
Patch Availability
- http://www.microsoft.com/mac/download
NOTE: Additional security patches are available at the Microsoft
Download Center (www.microsoft.com/downloads)
More Information
Please see the following references for more information related to this
issue.
Microsoft Security Bulletin MS99-060: Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS99-060faq.asp.
- Internet Explorer 4.5 Security Issue, http://www.microsoft.com/mac/IESecIssue/default.asp.
- Microsoft Knowledge Base (KB) article Q249082, Outlook Express 5 for
Macintosh Automatically downloads HTML Mail Attachments, http://support.microsoft.com/support/kb/articles/q249/0/82.asp.
Microsoft Security Advisor web site, http://www.microsoft.com/security/default.asp.
Obtaining Support on this Issue
This is a fully supported patch. Information on contacting Microsoft
Technical Support is available at: http://support.microsoft.com/support/contact/default.asp
Microsoft
Security Bulletin (MS99-061) - Patch Available for "Escape
Character Parsing" Vulnerability
Date: December 21, 1999
Summary
Microsoft has released a patch that eliminates a vulnerability in
Microsoft(r) Internet Information Server and products that run atop it.
The vulnerability could allow files on a web server to be specified
using an alternate representation, in order to bypass access controls of
some third-party applications.
Frequently asked questions regarding this vulnerability can be found
at http://www.microsoft.com/security/bulletins/MS99-061faq.asp.
Issue
RFC 1738 specifies that web servers must allow hexadecimal digits to be
input in URLs by preceding them with the so-called "escape"
character, a percent sign. IIS complies with this specification, but
also accepts characters after the percent sign that are not hexadecimal
digits. Some of these translate to printable ASCII characters, and this
could provide an alternate means of specifying files in URLs.
The vulnerability does not affect IIS; even specifying a file name via
this alternate method does not bypass IIS' access controls. However,
third-party software that runs atop IIS but does not perform
canonicalization is affected by it.
Affected Software Versions
- Microsoft Internet Information Server 4.0
- Microsoft Site Server 3.0
- Microsoft Site Server Commerce Edition 3.0
Patch Availability
- Intel:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16357
- Alpha:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16358
NOTE: Additional security patches are available at the Microsoft
Download Center (www.microsoft.com/downloads)
More Information
Please see the following references for more information related to this
issue.
Microsoft Security Bulletin MS99-061: Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS99-061faq.asp.
- Microsoft Knowledge Base (KB) article Q246401, IIS may improperly
parses specific escape characters, http://support.microsoft.com/support/kb/articles/q246/4/01.asp.
- RFC 1738, Uniform Resource Locators, http://www.ietf.org/rfc/rfc1738.txt.
Microsoft Security Advisor web site, http://www.microsoft.com/security/default.asp.
Obtaining Support on this Issue
This is a fully supported patch. Information on contacting Microsoft
Technical Support is available at: http://support.microsoft.com/support/contact/default.asp
Microsoft
Security Bulletin (MS99-058) - Patch Available for "Virtual
Directory Naming" Vulnerability
Date: December 21, 1999
Summary
Microsoft has released a patch that eliminates a vulnerability in
Microsoft(r) Internet Information Server and other products that run
atop it. Under certain conditions, the vulnerability could cause a web
server to send the source code of .ASP and other files to a visiting
user.
Frequently asked questions regarding this vulnerability can be found
at http://www.microsoft.com/security/bulletins/MS99-058faq.asp.
Issue
If a file on one of the affected web server products resides in a
virtual directory whose name contains a legal file extension, the normal
server-side processing of the file can be bypassed. The vulnerability
would manifest itself in different ways depending on the specific file
type requested, the specific file extension in the virtual directory
name, and the permissions that the requester has in the directory. In
most cases, an error would result and the requested file would not be
served. In the worse case, the source code of .ASP or other files could
be sent to the browser.
This vulnerability would be most likely to occur due to administrator
error, or if a product generated an affected virtual directory name by
default. (Front Page Server Extensions is one such product). Recommended
security practices militate against including sensitive information in
.ASP and other files that require server-side processing, and if this
recommendation is observed, there would be no sensitive information
divulged even if this vulnerability occurred. In any event, an affected
virtual directory could be identified during routine testing of the
server.
Affected Software Versions
- Microsoft Internet Information Server 4.0
- Microsoft Site Server 3.0
- Microsoft Site Server Commerce Edition 3.0
Patch Availability
-
Intel:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16378
- Alpha:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16379
NOTE: Additional security patches are available at the Microsoft
Download Center (www.microsoft.com/downloads)
More Information
Please see the following references for more information related to this
issue.
Microsoft Security Bulletin MS99-058: Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS99-058faq.asp.
- Microsoft Knowledge Base (KB) article Q238606, Page Contents Visible
For Certain Virtual Directory Names, http://support.microsoft.com/support/kb/articles/q238/6/06.asp.
- Microsoft Knowledge Base (KB) article Q186803, Browsing Folders with
Script-Mapped Extensions Returns Errors, http://support.microsoft.com/support/kb/articles/q186/8/03.asp.
Microsoft Security Advisor web site, http://www.microsoft.com/security/default.asp.
Obtaining Support on this Issue
This is a fully supported patch. Information on contacting Microsoft
Technical Support is available at: http://support.microsoft.com/support/contact/default.asp
Microsoft
Security Bulletin (MS99-059) - Patch Available for "Malformed TDS
Packet Header" Vulnerability
Date: December 20, 1999
Summary
Microsoft has released a patch that eliminates a security vulnerability
in Microsoft(r) SQL Server(r) 7.0. The vulnerability could cause a SQL
server to crash.
Frequently asked questions regarding this vulnerability can be found
at http://www.microsoft.com/security/bulletins/MS99-059faq.asp.
Issue
If a specially-malformed TDS packet is sent to a SQL server, it can
cause the SQL service to crash. This vulnerability would not allow any
inappropriate access to the data on the server, nor would it allow a
malicious user to usurp any administrative control on the machine. An
affected machine could be put back into service by restarting the SQL
service. This vulnerability could only be remotely exploited if port
1433 were open at the firewall.
Affected Software Versions
- Microsoft SQL Server 7.0
Patch Availability
-
Intel:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16923
- Alpha:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16924
NOTE: This patch does not locate the SQL folder and install the patched
files into it; instead, you must copy the three files contained in it to
the MSSQL7/BINN folder.
NOTE: Additional security patches are available at the Microsoft
Download Center (www.microsoft.com/downloads)
More Information
Please see the following references for more information related to this
issue.
Microsoft Security Bulletin MS99-059: Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS99-059faq.asp.
- Microsoft Knowledge Base (KB) article Q248749, FIX: Possible Denial of
Service Attack with Appropriate NULL Bytes in TDS Header, http://support.microsoft.com/support/kb/articles/q248/7/49.asp.
Microsoft Security Advisor web site, http://www.microsoft.com/security/default.asp.
Microsoft
Security Bulletin (MS99-057) - Patch Available for "Malformed
Security Identifier Request" Vulnerability
Date: December 16, 1999
Summary
Microsoft has released a patch that eliminates a vulnerability in
Microsoft(r) Windows NT(r) 4.0. The vulnerability could allow a
malicious user to cause a Windows NT machine to stop responding to
requests for service. The patch for this vulnerability is included in
the previously-released patch for the "Syskey Keystream Reuse"
vulnerability; customers who have already applied it do not need to take
any further action.
Frequently asked questions regarding this vulnerability can be found
at http://www.microsoft.com/security/bulletins/MS99-057faq.asp.
Issue
The Windows NT Local Security Authority (LSA) provides a number of
functions for enumerating and manipulating security information. One of
these functions, LsaLookupSids(), is used to determine the Security
Identifier (SID) associated with a particular user or group name. A flaw
in the implementation of this function causes it to incorrectly handle
certain types of invalid arguments. If an affected call were made to
this function, it would cause the LSA to crash, thereby preventing the
machine from performing useful work.
An affected machine could be put back into service by rebooting, with
the loss of any work that was in progress at the time. Remote attacks
via this vulnerability would not be possible if NetBios is filtered at
the firewall.
Affected Software Versions
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0, Enterprise Edition
- Microsoft Windows NT Server 4.0, Terminal Server Edition
Patch Availability
-
This fix for this vulnerability is included in the patch for the
"Syskey Keystream Reuse" vulnerability. (See http://www.microsoft.com/Security/Bulletins/ms99-056.asp
for more information on this vulnerability). Customers who have already
applied it do not need to take any additional action.
NOTE: Additional security patches are available at the Microsoft
Download Center (www.microsoft.com/downloads)
More Information
Please see the following references for more information related to this
issue.
Microsoft Security Bulletin MS99-057: Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS99-057faq.asp.
- Microsoft Knowledge Base (KB) article Q248185, SID Enumeration
Function in LSA may not Handle Argument Properly, http://support.microsoft.com/support/kb/articles/q248/1/85.asp.
- Microsoft Knowledge Base (KB) article Q143475, Windows NT System Key
Permits Strong Encryption of the SAM, http://www.microsoft.com/Security/Bulletins/ms99-056.asp.
Microsoft Security Advisor web site, http://www.microsoft.com/security/default.asp.
Microsoft
Security Bulletin (MS99-056) - "Syskey Keystream Reuse"
Vulnerability
Date: December 16, 1999
Summary
Microsoft has released a patch that eliminates a vulnerability in
Syskey, a utility that provides additional protection for Microsoft(r)
Windows NT(r) password databases. The vulnerability allows a particular
cryptanalytic attack to be effective against Syskey, significantly
reducing the strength of the protection it offers. The patch eliminates
the vulnerability and restores strong protection to the password
database.
Frequently asked questions regarding this vulnerability can be found
at http://www.microsoft.com/security/bulletins/MS99-056faq.asp.
Issue
Syskey is a utility that strongly encrypts the hashed password
information in the SAM database in order to protect it against offline
password cracking attacks. However, Syskey reuses the keystream used to
perform some of the encryption. This significantly reduces the strength
of the protection it provides by enabling a well-known cryptanalytic
attack to be used against it.
A patch is available that eliminates the key reuse vulnerability and
again makes it computationally infeasible to mount a brute-force attack
against the SAM database when Syskey has been applied.
Affected Software Versions
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0, Enterprise Edition
- Microsoft Windows NT Server 4.0, Terminal Server Edition
Patch Availability
-
X86
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16798
- Alpha:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16799
NOTE: Additional security patches are available at the Microsoft
Download Center (www.microsoft.com/downloads)
More Information
Please see the following references for more information related to this
issue.
Microsoft Security Bulletin MS99-056: Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS99-056faq.asp.
- Microsoft Knowledge Base (KB) article Q248183, Syskey Utility Reuses
Keystream, http://support.microsoft.com/support/kb/articles/q248/1/83.asp.
- Microsoft Knowledge Base (KB) article Q143475, Windows NT System Key
Permits Strong Encryption of the SAM, http://support.microsoft.com/support/kb/articles/q143/4/75.asp.
Microsoft Security Advisor web site, http://www.microsoft.com/security/default.asp.
Microsoft
Security Bulletin (MS99-054) - Patch Available for "WPAD
Spoofing" Vulnerability
Date: December 2, 1999
Summary
Microsoft has released a version upgrade that eliminates a vulnerability
in Microsoft(r) Internet Explorer 5. Under very specific conditions, the
vulnerability could allow a malicious user to provide proxy settings to
web clients in another network.
Frequently asked questions regarding this vulnerability can be found
at http://www.microsoft.com/security/bulletins/MS99-054faq.asp.
Issue
The IE 5 Web Proxy Auto-Discovery (WPAD) feature enables web clients to
automatically detect proxy settings without user intervention. The
algorithm used by WPAD prepends the hostname "wpad" to the
fully-qualified domain name and progressively removes subdomains until
it either finds a WPAD server answering the hostname or reaches the
third-level domain. For instance, web clients in the domain
a.b.microsoft.com would query wpad.a.b.microsoft, wpad.b.microsoft.com,
then wpad.microsoft.com. A vulnerability arises because in international
usage, the third-level domain may not be trusted. A malicious user could
set up a WPAD server and serve proxy configuration commands of his or
her choice.
Affected Software Versions
- Microsoft Internet Explorer 5
Patch Availability
The vulnerability is eliminated by IE
5.01, which is available at:
- http://www.microsoft.com/windows/ie/download/all.htm?bShowPage
- http://www.microsoft.com/msdownload/iebuild/ie501_win32/en/ie501_win32.htm
More Information
Please see the following references for more information related to this
issue.
Microsoft Security Bulletin MS99-054: Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS99-054faq.asp.
- Microsoft Knowledge Base (KB) article Q247333, Web Proxy
Auto-Discovery "Spoofing" May Change Proxy Settings, http://support.microsoft.com/support/kb/articles/q247/7/33.asp.
- Web Proxy Auto-Discovery Protocol Internet Draft, http://ietf.org/internet-drafts/draft-ietf-wrec-wpad-01.txt.
Microsoft Security Advisor web site, http://www.microsoft.com/security/default.asp.
Microsoft
Security Bulletin (MS99-053) - Patch Available for Windows
"Multithreaded SSL ISAPI Filter" Vulnerability
Date: December 2, 1999
Summary
Microsoft has released a patch that eliminates a vulnerability in the
SSL ISAPI filter that ships with Microsoft(r) Internet Information
Server and is used by other Microsoft products. If called by a
multi-threaded application under very specific, and fairly rare,
circumstances, a synchronization error in the filter could allow a
single buffer of plaintext to be transmitted back to the data's owner.
Frequently asked questions regarding this vulnerability can be found
at http://www.microsoft.com/security/bulletins/MS99-053faq.asp.
Issue
The SSL ISAPI filter provided as part of IIS supports concurrent use.
When used in this mode, a synchronization problem could induce a race
condition and cause a single buffer of plaintext to be leaked. The
conditions under which this could happen are very rare, and could only
occur when a single user's session was multi-threaded and traffic
volumes were extremely high.
The scope of this vulnerability is very limited. The leaked plaintext
would always be sent to its owner, never another user. Also, because the
leaked data would fail its integrity check, the effect of the leak would
be to cause the SSL session to immediately collapse. The condition could
not be induced by a hostile user, and would offer at best a target of
opportunity. Finally, it is worth noting that this vulnerability only
affects the SSL ISAPI filter, not the secure communications capability
provided by Windows NT via Schannel.
Affected Software Versions
- Microsoft IIS 4.0
- Microsoft Site Server 3.0
- Microsoft Site Server Commerce Edition 3.0
Patch Availability
-
X86
http://www.microsoft.com/downloads/release.asp?ReleaseID=16186
- Alpha:
http://www.microsoft.com/downloads/release.asp?ReleaseID=16187
More Information
Please see the following references for more information related to this
issue.
Microsoft Security Bulletin MS99-053: Frequently Asked Questions, http://www.microsoft.com/security/bulletins/MS99-053faq.asp.
- Microsoft Knowledge Base (KB) article Q244613, IIS 4.0 SSL ISAPI
Filter Can Leak Single Buffer of Plaintext, http://support.microsoft.com/support/kb/articles/q244/6/13.asp.
Microsoft Security Advisor web site, http://www.microsoft.com/security/default.asp.
This
site is not related to the Microsoft Corporation in any way. Windows
and the Windows logo are trademarks of the Microsoft
Corporation. ActiveWindows is an independent site. The information
and sources here are obtained from series of hard work & research. |
