AW: Post-Windows NT 4.0 Service Pack 6a Security Rollup
From: Süß, Michael (Michael.Suess@steag.de)Date: 07/31/01
- Previous message: Aaron Dokey: "RE: SecureIIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <D1F928DE9012D21197A700805FBEA1EB01484DFE@s01ex001.hve.steag.de> From: "Süß, Michael" <Michael.Suess@steag.de> To: 'Rubens Altimari' <rubens@altimari.com.br> Subject: AW: Post-Windows NT 4.0 Service Pack 6a Security Rollup Date: Tue, 31 Jul 2001 08:23:11 +0200
Rubens,
yes not all hotfixes are included, but they have mentioned this already
under the fine ;-) Readme.txt
see
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutio
ns/security/news/nt4srp.asp
The new one for IIS
> http://www.microsoft.com/technet/security/bulletin/ms01-033.asp
>
> http://www.microsoft.com/technet/security/bulletin/ms01-035.asp
>
are not mentioned.
One thing i ask
REM ** Malformed RPC Request Can Cause Service Failure
REM ** Security Bulletin MS01-041 July 26, 2001
REM ** Q298012
REM **
http://www.microsoft.com/technet/security/bulletin/ms01-041.asp
echo Malformed RPC Request Can Cause Service Failure patch is
already installed
echo through applied SRP !
so told MS us but they dont list them . Hmmmh....????
BTW: Microsoft Security Bulletin MS01-029
Windows Media Player .ASX Processor Contains Unchecked Buffer is only needed
if you the media player installed. (clear)
I think the most have it not on their servers.
Additional Information
The fixes for the following vulnerabilities affecting Windows NT 4.0 systems
are not included in the SRP. Administrators should read the associated
security bulletin to determine if these patches should be applied:
Core OS
* MS01-022 (Q296441) - WebDAV Service Provider
Can Allow Scripts to Levy Requests as User
Front Page Server Extensions
* MS01-035 (Q300477) - FrontPage Server
Extension Sub-Component Contains Unchecked Buffer
Java Virtual Machine
* MS00-081 (Q277014) - New Variant of VM File
Reading Vulnerability
* Which includes patches for:
* MS99-031 : Virtual Machine Sandbox
Vulnerability
* MS99-045 : Virtual Machine Verifier
Vulnerability
* MS00-011 : VM File Reading
Vulnerability
* MS00-059 : Java VM Applet
Vulnerability
The following fixes are not included in the SRP because they require
administrative action rather than a software change. Administrators should
ensure that in addition to applying this patch, they also have taken the
administrative action discussed in the following bulletins:
Core OS
* MS98-001 (Q169556) - Disabling Creation of
Local Groups on a Domain by Non-Administrative Users
* MS99-036 (Q155197) - Windows NT 4.0 Does Not
Delete Unattended Installation File
* MS99-041 (Q242294) - RASMAN Security
Descriptor Vulnerability
Internet Information Server
* MS98-004 (Q184375) - Unauthorized ODBC Data
Access with RDS and IIS
* MS99-013 (Q232449) - File Viewers
Vulnerability
* MS99-025 (Q184375) - Unauthorized Access to
IIS Servers through ODBC Data Access with RDS
Front Page Server Extensions
* MS00-025 (Q259799) - Link View Server-Side
Component Vulnerability
* MS00-028 (Q260267) - Server-Side Image Map
Components Vulnerability
To get more information about the security rollup and to download the
package, click here.
Mit freundlichen Grüssen / Kind regards
Michael Süß
Security Admin
> ----------
> Von: Rubens Altimari[SMTP:rubens@altimari.com.br]
> Gesendet: Sunday, July 29, 2001 7:26 PM
> An: focus-ms@securityfocus.com
> Betreff: Re: Post-Windows NT 4.0 Service Pack 6a Security Rollup
>
> > http://support.microsoft.com/support/kb/articles/q299/4/44.asp?ID=299444
> > It would seem its a summary of all the hot fixes and patches since SP6a.
>
> Just a small note: not *all* hot fixes: there are a number of them
> that are still needed after applying q299444. I just keep track of
> NT4/IIS4 patches, but if anyone is interested, according to my own list,
> they are:
>
> for NT4:
> http://www.microsoft.com/technet/security/bulletin/ms99-041.asp
> http://www.microsoft.com/technet/security/bulletin/MS01-022.asp
> http://www.microsoft.com/technet/security/bulletin/MS01-029.asp
>
> for IIS4:
> http://www.microsoft.com/technet/security/bulletin/fq00-025.asp
> http://www.microsoft.com/technet/security/bulletin/fq00-028.asp
> http://www.microsoft.com/technet/security/bulletin/ms01-033.asp
> http://www.microsoft.com/technet/security/bulletin/ms01-035.asp
>
> Some of them are pretty old, but I haven't found any clear statement
> that they are not needed anymore.
>
> Rubens Altimari
>
- Previous message: Aaron Dokey: "RE: SecureIIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
