Re: MS06-040: Vulnerability in Server service could allow remote code execution.

Not only does it include you but there is a working exploit already in the wild attacking machines. Your entire network is vulnerable to the attack.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Neil Jackson wrote:
Hi,

I haven't posted to a newsgroup for a long long time, I've searched high and
low and cannot see an answer to this one but sorry if this has already been
asked before.

MS06-040: Vulnerability in Server service could allow remote code execution.

We have about 100 Windows 2000 Servers running Service Pack 4 for various
roles and about 1600 Windows 2000 Professional desktops. MS06-040 concerns
me and we have been advised by our peers to patch immediately to prevent
something terrible happening.

On the Technet at
http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx it says:

Affected Software:

. Microsoft Windows 2000 Service Pack 4
. Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack
2
. Microsoft Windows XP Professional x64 Edition
. Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
Pack 1
. Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
. Microsoft Windows Server 2003 x64 Edition

However on the Microsoft Knowledgebase article at
http://support.microsoft.com/?kbid=921883 , there is no specific mention of
Windows 2000 and all we have mentioned is:

APPLIES TO:
Microsoft Windows 2000 Service Pack 4, when used with:
Microsoft Small Business Server 2000 Standard Edition

We don't use Small Business Server 2000 so my question is, does MS06-040
apply to my Windows 2000 Servers and my Windows 2000 Professional Desktops,
all running SP4.

Secondly, if it does apply to Windows 2000 Server and Windows 2000
Professional, why arn't they mentioned on the knowledge base article?

Thanks in advance for clearing this up.

Cheers,

Neil.
System Support Engineer.



.

Relevant Pages

  • Alert: Microsoft Security Bulletin MS04-025 - Cumulative Security Update for Internet Explorer (8678
    ... Cumulative Security Update for Internet Explorer ... Microsoft Windows NT Server 4.0 Service Pack 6a ... Microsoft Windows Server 2003 64-Bit Edition ...
    (NT-Bugtraq)
  • Re: KB923980 keeps updating
    ... Microsoft Windows 2000 Service Pack 4 — ... Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 — ... Although the fix is allready installed, almost every 5 minuties the system nags me for downloading the fix. ...
    (microsoft.public.windowsupdate)
  • Re: how can we migrate 2000 to 2003 without rejoin user to new domain
    ... Microsoft Windows Server 2003, Web Edition ... Microsoft Windows Server 2003, Standard Edition ... >clients' machine that you want to migrate running. ... You mean that all client machine should shut down during the ...
    (microsoft.public.windows.server.migration)
  • Re: KB923980 update
    ... Rename Nwapi32.dll to Nwapi32.old ... Microsoft Windows 2000 Service Pack 4 — ... Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service ...
    (microsoft.public.windowsupdate)
  • Re: Critical Updates
    ... Windows Server 2008 Enterprise without Hyper-V ... Windows Vista Enterprise ... Microsoft Windows XP Professional ... Microsoft Windows Server 2003, Datacenter x64 Edition ...
    (microsoft.public.security)