Re: MS06-040: Vulnerability in Server service could allow remote c

Is there a MSI available for the Hotfix? I can't find it anywhere!

Thanks!!!

--Ed

"Roger Abell [MVP]" wrote:

You will find that
http://support.microsoft.com/kb/921883
has now been updated to clarify.
Thanks for pointing that out.

--
Roger Abell
Microsoft MVP (Windows Server : Security)

"Neil Jackson" <neil@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:WsWdncs-TemkHELZnZ2dnUVZ8tGdnZ2d@xxxxxxxxxxxx
Hi,

I haven't posted to a newsgroup for a long long time, I've searched high
and
low and cannot see an answer to this one but sorry if this has already
been
asked before.

MS06-040: Vulnerability in Server service could allow remote code
execution.

We have about 100 Windows 2000 Servers running Service Pack 4 for various
roles and about 1600 Windows 2000 Professional desktops. MS06-040 concerns
me and we have been advised by our peers to patch immediately to prevent
something terrible happening.

On the Technet at
http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx it says:

Affected Software:

. Microsoft Windows 2000 Service Pack 4
. Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack
2
. Microsoft Windows XP Professional x64 Edition
. Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service
Pack 1
. Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
. Microsoft Windows Server 2003 x64 Edition

However on the Microsoft Knowledgebase article at
http://support.microsoft.com/?kbid=921883 , there is no specific mention
of
Windows 2000 and all we have mentioned is:

APPLIES TO:
Microsoft Windows 2000 Service Pack 4, when used with:
Microsoft Small Business Server 2000 Standard Edition

We don't use Small Business Server 2000 so my question is, does MS06-040
apply to my Windows 2000 Servers and my Windows 2000 Professional
Desktops,
all running SP4.

Secondly, if it does apply to Windows 2000 Server and Windows 2000
Professional, why arn't they mentioned on the knowledge base article?

Thanks in advance for clearing this up.

Cheers,

Neil.
System Support Engineer.






.

Relevant Pages

  • RE: Windows 2000 VPN No Longer Connecting
    ... VPN Client Cannot Establish a Connection After You Install a Service Pack ... This article contains information about modifying the registry. ... your Windows XP or Windows 2000 PPTP client to your corporate network, ... obtain the latest service pack for Microsoft ...
    (microsoft.public.win2000.networking)
  • [NT] Buffer Overrun in JPEG Processing (GDI+) Allows Code Execution (MS04-028)
    ... privately reported vulnerability. ... * Microsoft Windows XP and Microsoft Windows XP Service Pack 1 ...
    (Securiteam)
  • Re: Remote Access Wizard - SBS 2003 SP1
    ... Windows Server 2003 Service Pack 1 ... Windows SharePoint Services 2.0 Service Pack 1 ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • SecurityFocus Microsoft Newsletter #176
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
    (Focus-Microsoft)
  • RE: Stop Error 0x0000008E after logging on locally
    ... > "STOP 0x0000008E" Error Message Occurs When You Upgrade to Windows Server ... > 840216 Stop 0x0000008e error occurs on a server that is running Microsoft ... try a clean boot of the server and see if the issue persists. ...
    (microsoft.public.windows.server.sbs)