Re: Security Patches
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa@pacbell.net)
Date: 03/23/03
- Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Deploying Hotfixes - Best Method?"
- Previous message: Scallica: "Security Patches"
- In reply to: Scallica: "Security Patches"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 22 Mar 2003 16:00:03 -0800 From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
March 2003
--------------------------------------------------------------------------------
MS03-008 : Flaw in Windows Script Engine could allow code execution (814078)
MS03-007 : Unchecked buffer in Windows component could cause web server
compromise (815021)
January 2003
--------------------------------------------------------------------------------
MS03-001 : Unchecked Buffer in Locator Service Could Lead to Code Execution
(810833)
December 2002
--------------------------------------------------------------------------------
MS02-071 : Flaw in Windows WM_TIMER Message Handling Could Enable Privilege
Elevation (328310)
MS02-070 : Flaw in SMB Signing Could Enable Group Policy to be Modified
(329170)
MS02-069 : Flaw in Microsoft VM Could Enable System Compromise (810030)
November 2002
--------------------------------------------------------------------------------
MS02-065 : Buffer Overrun in Microsoft Data Access Components Could Lead to
Code Execution (Q329414)
October 2002
--------------------------------------------------------------------------------
MS02-064 : Windows 2000 Default Permissions Could Allow Trojan Horse Program
(Q327522)
MS02-063 : Unchecked Buffer in PPTP Implementation Could Enable Denial of
Service Attacks (Q329834)
MS02-055 : Unchecked Buffer in Windows Help Facility Could Enable Code
Execution (Q323255)
September 2002
--------------------------------------------------------------------------------
MS02-053 : Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution
(Q324096)
MS02-051 : Cryptographic Flaw in RDP Protocol can Lead to Information
Disclosure (Q324380)
MS02-050 : Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)
August 2002
--------------------------------------------------------------------------------
MS02-048 : Flaw in Certificate Enrollment Control Could Allow Deletion of
Digital Certificates (Q323172)
MS02-045 : Unchecked Buffer in Network Share Provider can lead to Denial of
Service (Q326830)
MS02-042 : Flaw in Network Connection Manager Could Enable Privilege Elevation
(Q326886)
June 2002
--------------------------------------------------------------------------------
MS02-029 : Unchecked Buffer in Remote Access Service Phonebook Could Lead to
Code Execution (Q318138)
May 2002
--------------------------------------------------------------------------------
MS02-024 : Authentication Flaw in Windows Debugger Can Lead to Elevated
Privileges (Q320206)
April 2002
--------------------------------------------------------------------------------
MS02-017 : Unchecked Buffer in the Multiple UNC Provider Could Enable Code
Execution (Q311967)
MS02-016 : Opening Group Policy Files for Exclusive Read Blocks Policy
Application (Q318593)
March 2002
--------------------------------------------------------------------------------
MS02-014 : Unchecked Buffer in Windows Shell Could Lead to Code Execution
MS02-013 : 04 March 2002 Cumulative VM Update
February 2002
--------------------------------------------------------------------------------
MS02-008 : XMLHTTP Control Can Allow Access to Local Files
MS02-006 : Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be
Run
MS02-004 : Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code
Execution
January 2002
--------------------------------------------------------------------------------
MS02-001 : Trusting Domains Do Not Verify Domain Membership of SIDs in
Authorization Data
October 2001
--------------------------------------------------------------------------------
MS01-052 : Invalid RDP Data Can Cause Terminal Service Failure
August 2001
--------------------------------------------------------------------------------
MS01-046 : Access Violation in Windows 2000 IRDA Driver Can Cause System to
Restart
MS01-043 : NNTP Service in Windows NT 4.0 and Windows 2000 Contains Memory Leak
July 2001
--------------------------------------------------------------------------------
MS01-041 : Malformed RPC Request Can Cause Service Failure
MS01-040 : Invalid RDP Data Can Cause Memory Leak in Terminal Services
MS01-037 : Authentication Error in SMTP Service Could Allow Mail Relaying
June 2001
--------------------------------------------------------------------------------
MS01-036 : Function Exposed via LDAP over SSL Could Enable Passwords to be
Changed
MS01-031 : Predictable Named Pipes Could Enable Privilege Elevation via Telnet
May 2001
--------------------------------------------------------------------------------
MS01-025 : Index Server Search Function Contains Unchecked Buffer
MS01-024 : Malformed Request to Domain Controller Can Cause Memory Exhaustion
April 2001
--------------------------------------------------------------------------------
MS01-022 : WebDAV Service Provider Can Allow Scripts to Levy Requests as User
March 2001
--------------------------------------------------------------------------------
MS01-017 : Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
February 2001
--------------------------------------------------------------------------------
MS01-013 : Windows 2000 Event Viewer Contains Unchecked Buffer
MS01-011 : Malformed Request to Domain Controller Can Cause CPU Exhaustion
MS01-007 : Network DDE Agent Requests Can Enable Code to Run in System Context
January 2001
--------------------------------------------------------------------------------
MS01-006 : Invalid RDP Data Can Cause Terminal Server Failure
MS01-005 : Packaging Anomaly Could Cause Hotfixes to be Removed
MS01-001 : Web Client Will Perform NTLM Authentication Regardless of Security
Settings
December 2000
--------------------------------------------------------------------------------
MS00-099 : Directory Service Restore Mode Password Vulnerability
MS00-098 : Indexing Service File Enumeration Vulnerability
MS00-096 : SNMP Parameters Vulnerability
November 2000
--------------------------------------------------------------------------------
MS00-089 : Domain Account Lockout Vulnerability
MS00-085 : ActiveX Parameter Validation Vulnerability
MS00-084 : Indexing Services Cross Site Scripting Vulnerability
MS00-083 : Netmon Protocol Parsing Vulnerability
October 2000
--------------------------------------------------------------------------------
MS00-081 : New Variant of VM File Reading Vulnerability
MS00-079 : HyperTerminal Buffer Overflow Vulnerability
MS00-077 : NetMeeting Desktop Sharing Vulnerability
MS00-075 : Microsoft VM ActiveX Component Vulnerability
MS00-070 : Multiple LPC and LPC Ports Vulnerabilities
September 2000
--------------------------------------------------------------------------------
MS00-069 : Simplified Chinese IME State Recognition Vulnerability
MS00-067 : Windows 2000 Telnet Client NTLM Authentication Vulnerability
MS00-066 : Malformed RPC Packet Vulnerability
MS00-065 : Still Image Service Privilege Escalation Vulnerability
August 2000
--------------------------------------------------------------------------------
MS00-062 : Local Security Policy Corruption Vulnerability
MS00-059 : Java VM Applet Vulnerability
MS00-053 : Service Control Manager Named Pipe Impersonation Vulnerability
July 2000
--------------------------------------------------------------------------------
MS00-052 : Relative Shell Path Vulnerability
MS00-047 : NetBIOS Name Server Protocol Spoofing Vulnerability
MS00-050 : Telnet Server Flooding Vulnerability
June 2000
--------------------------------------------------------------------------------
MS00-020 : Desktop Separation Vulnerability
MS00-032 : Protected Store Key Length Vulnerability
May 2000
--------------------------------------------------------------------------------
MS00-036 : ResetBrowser Frame and Host Announcement Frame Vulnerabilities
MS00-029 : IP Fragment Reassembly Vulnerability
April 2000
--------------------------------------------------------------------------------
MS00-027 : Malformed Environment Variable Vulnerability
MS00-026 : Mixed Object Access Vulnerability
March 2000
--------------------------------------------------------------------------------
MS00-021 : Malformed TCP/IP Print Request Vulnerability
February 2000
--------------------------------------------------------------------------------
MS00-011 : VM File Reading Vulnerability
January 2000
--------------------------------------------------------------------------------
MS00-006 : Malformed Hit-Highlighting Argument Vulnerability
http://www.microsoft.com/security/security_bulletins/archive.asp
Baseline testing tool...
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/Security/tools/tools/MBSAHome.asp
www.shavlik.com download hfnetchk and do an audit.
Scallica wrote:
> Hello All,
>
> Is there a master list of all the security patches that should be installed
> on a Win 2000 server? I want to be certain that Windows Update is not
> missing anything. Thanks!
>
> -Scallica-
- Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Deploying Hotfixes - Best Method?"
- Previous message: Scallica: "Security Patches"
- In reply to: Scallica: "Security Patches"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
