Re: Post SP 6a SRP

From: Eric (
Date: 10/24/01

Message-Id: <>
Date: Tue, 23 Oct 2001 18:29:58 -0700
To: "Ingersoll, Jared" <>,
From: Eric <>
Subject: Re: Post SP 6a SRP

read the bottom of this page:

Additional Information

The fixes for the following vulnerabilities affecting Windows NT 4.0
systems are not included in the SRP. Administrators should read the
associated security bulletin to determine if these patches should be applied:

Core OS
MS01-022 (Q296441) - WebDAV Service Provider Can Allow Scripts to
Levy Requests as User

Front Page Server Extensions
MS01-035 (Q300477) - FrontPage Server Extension Sub-Component
Contains Unchecked Buffer

Java Virtual Machine
MS00-081 (Q277014) - New Variant of VM File Reading Vulnerability

Which includes patches for:

MS99-031 : Virtual Machine Sandbox Vulnerability
MS99-045 : Virtual Machine Verifier Vulnerability
MS00-011 : VM File Reading Vulnerability
MS00-059 : Java VM Applet Vulnerability

The following fixes are not included in the SRP because they require=
administrative action rather than a software change. Administrators should
ensure that in addition to applying this patch, they also have taken the=
administrative action discussed in the following bulletins:

Core OS
MS98-001 (Q169556) - Disabling Creation of Local Groups on a Domain
by Non-Administrative Users
MS99-036 (Q155197) - Windows NT 4.0 Does Not Delete Unattended
Installation File
MS99-041 (Q242294) - RASMAN Security Descriptor Vulnerability

Internet Information Server
MS98-004 (Q184375) - Unauthorized ODBC Data Access with RDS and IIS
MS99-013 (Q232449) - File Viewers Vulnerability
MS99-025 (Q184375) - Unauthorized Access to IIS Servers through ODBC
Data Access with RDS

Front Page Server Extensions
MS00-025 (Q259799) - Link View Server-Side Component Vulnerability
MS00-028 (Q260267) - Server-Side Image Map Components Vulnerability

At 01:08 PM 10/22/2001 -0400, Ingersoll, Jared wrote:
>Does anyone have information on which patches are not included in the Post
>SP6a Security Roll-up package?
>Jared Ingersoll
>Information Systems Specialist
>Case Shiller Weiss, Inc.
>1698 Massachusetts Avenue
>Cambridge, MA 02138
>617.354.1400 x237