Re: Post SP 6a SRP
From: Eric (ews@tellurian.net)Date: 10/24/01
- Previous message: DE VILLIERS IAN: "RE: Flushing DLLs follow-up"
- In reply to: Ingersoll, Jared: "Post SP 6a SRP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <5.1.0.14.0.20011023182522.0210d9b8@mail.tellurian.net> Date: Tue, 23 Oct 2001 18:29:58 -0700 To: "Ingersoll, Jared" <JIngersoll@cswv.com>, focus-ms@securityfocus.com From: Eric <ews@tellurian.net> Subject: Re: Post SP 6a SRP
read the bottom of this page:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/nt4srp.asp
Additional Information
The fixes for the following vulnerabilities affecting Windows NT 4.0
systems are not included in the SRP. Administrators should read the
associated security bulletin to determine if these patches should be applied:
Core OS
MS01-022 (Q296441) - WebDAV Service Provider Can Allow Scripts to
Levy Requests as User
Front Page Server Extensions
MS01-035 (Q300477) - FrontPage Server Extension Sub-Component
Contains Unchecked Buffer
Java Virtual Machine
MS00-081 (Q277014) - New Variant of VM File Reading Vulnerability
Which includes patches for:
MS99-031 : Virtual Machine Sandbox Vulnerability
MS99-045 : Virtual Machine Verifier Vulnerability
MS00-011 : VM File Reading Vulnerability
MS00-059 : Java VM Applet Vulnerability
The following fixes are not included in the SRP because they require=
administrative action rather than a software change. Administrators should
ensure that in addition to applying this patch, they also have taken the=
administrative action discussed in the following bulletins:
Core OS
MS98-001 (Q169556) - Disabling Creation of Local Groups on a Domain
by Non-Administrative Users
MS99-036 (Q155197) - Windows NT 4.0 Does Not Delete Unattended
Installation File
MS99-041 (Q242294) - RASMAN Security Descriptor Vulnerability
Internet Information Server
MS98-004 (Q184375) - Unauthorized ODBC Data Access with RDS and IIS
MS99-013 (Q232449) - File Viewers Vulnerability
MS99-025 (Q184375) - Unauthorized Access to IIS Servers through ODBC
Data Access with RDS
Front Page Server Extensions
MS00-025 (Q259799) - Link View Server-Side Component Vulnerability
MS00-028 (Q260267) - Server-Side Image Map Components Vulnerability
At 01:08 PM 10/22/2001 -0400, Ingersoll, Jared wrote:
>Does anyone have information on which patches are not included in the Post
>SP6a Security Roll-up package?
>
>Jared
>
>------------------------------
>Jared Ingersoll
>Information Systems Specialist
>Case Shiller Weiss, Inc.
>1698 Massachusetts Avenue
>Cambridge, MA 02138
>617.354.1400 x237
>jingersoll@cswcasa.com
>------------------------------
- Previous message: DE VILLIERS IAN: "RE: Flushing DLLs follow-up"
- In reply to: Ingersoll, Jared: "Post SP 6a SRP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
