Windows Security Update June 14, 2000. In this issue: Registry Request Denial of Service, Spoofing McAfee VirusScan Alerts, Unify eWave ServletExec Exposes Source Code, Path Exposure and Buffer Overrun in Ceilidh, Firewall-1 Denial of Service, Buffer Overflow Condition in EServ, Circumventing IE Cross-Frame Security, Win2K/NT Denial of Service via Invalid SMB Field, IE Mishandles SSL Certificates, NT Subject to User Session Key Reuse, Win2K and NT SMB-based Denial of Service, The Need for Layered Physical Security, Tip: How to Recover a Lost Administrator Password, and Windows 2000 Security: Checking Your Current Configuration in Group Policy.
fe902e20bf90478117f3a10877b1a53c907cafc498e2c88f49952ce0a7e58755
Windows Security Update June 7, 2000 - In this issue: Internet Explorer-Compiled HTML Might Run Unauthorized Code, Protected Store Key Length, Media Encoder dos, SQL Server 7.0 SP1 and SP2 Expose Admin Password, Imate WebMail Denial of Service, Buffer Overrun in ITHouse Mail Server, Buffer Overrun in Sambar Server, News: Microsoft's New Security Server, Tip: Event Log Security ID Descriptions, Windows 2000 Security: Creating a Custom Password-Reset MMC, Writing Secure Code: Bind Basics, and the Havenco data storage facility.
b5c531d0dc96258b829de1f3f2f95e1a6a5b7ffa391ae32eba71c9dc81852acc
Windows Security Update - May 31, 2000. In this issue: Think You're Safe from Sniffing?, Windows Computer Browser Denial of Service, Master Browser Denial of Service, WebShield SMTP Buffer Overflow Condition, Buffer Overflows in PDGSoft Shopping Cart, Mailsite Buffer Overflow, News: Beware of Killer Resumes, News: Microsoft Delays Outlook Security Update, Tip: Microsoft's Online Security Papers, and Windows 2000 Security: Creating a Custom Password-Reset MMC.
484221b76e8570ae37972f242cef601dbca92c164131328b25d3201000aaae4d
Windows Security Digest - May 24, 2000. In this issue: Is PKI Secure Enough?, Offline Explorer Exposes System Files, NiteServer FTP Server Denial of Service, Windows IP Fragment Reassembly, Internet Explorer Frame Domain Verification, Internet Explorer Unauthorized Cookie Access, Internet Explorer Malformed Component Attribute, Unchecked Buffer in Lotus Domino 5.0.1, Crashing NetProwler 3.0, and BlackICE Blank Password and Code Execution.
d7ead0ef6dcd337e450e2e948b87a9e423745e7eed5918eb9ed7a0709b54d2c2
Windows Security Digest - May 17, 2000. In this issue: Backpedaling towards security, SECURITY RISKS: Emurl 2.0 exposes Users' Mailboxes, Office 2000 UA Control Scripting, NTMail 5.x Contains an Open Proxy, IIS Denial of Service and Code Exposure, IIS Denial of Service. SECURITY ROUNDUP: Feature:NTFS Access Control Security Enhancements, HowTo: Encrypting Files for Added Security. NEW AND IMPROVED: Message Attachment Scrubbing and Virus Protection, Increase Network Security in Small and Midsized Businesses. SECURITY TOOLKIT: Book Highlight- Cyberwars: Espionage on the Internet, Tip: Detecting Email Worms in Outlook.
0490e918e02438b399b4b0df5d700c3bd9189fbfb1337b1bcec380fd43dba94c
Windows Security Update May 10 - In this issue: Aladdin eToken Allows Physical Access to Data, DMailWeb Buffer Overflow, DNewsWeb Buffer Overflow, Listserv Web Archives Buffer Overflow, News: New Virus Loves You, News: Microsoft Publishes Details of Kerberos Authorization Data, Software Prevents Receipt of Love Bug, Online Scanning Service Cleans Systems, Tip: Limit Buffer Size on IIS, and Writing Secure Code: Writing a Secure POP3 Server.
1a28e581ba2bcb95f16cb5e74bc2baa0c5068e20bbdc3e630f88a1426f13892b
Windows Security Update April 19 - In this issue: FrontPage 2000 Exposes Win2K Accounts, Buffer Overflow in Cmd.exe, Active Directory Mixed Object Access, Cisco IOS Subject to Denial of Service, Real Server Denial of Service, Netscape Communicator Exposes Local Files, Buffer Overflow and Path Exposure in HTimage, Internet Explorer 5.01 Allows Cross-Frame Navigation, Netware 5.1 Remote Administration Overflow, and Panda Security 3.0 Can Be Bypassed.
921aa9537a60c1ccb06c67629be4e513cc11a200a55ebfebf6465df15fef6632
Windows Security Update April 19 - In this issue: Buffer Overflow Condition in Microsoft Web Component, Registry Permissions Could Expose Cryptographic Keys, Excessive Escape Characters Can Slow IIS, Buffer Overflows: The Developer's Bane, News: F5 Networks Release SSL-Accelerator, News: Software Pirates Thrive on Auction Sites, Simplify Access to Private Data and Applications, Next Generation E-Business Virus Security Solution, Tip: How to Restore Default File Permission Settings, Windows 2000 Security: Advances in Administrative Authority, and Writing Secure Code: Avoid Buffer Overruns with String Safety.
d0496f27d3915d0f6a571345a7ebb8e3a46820dcc29cae74e7f0a161613bdbef
Windows Security Update April 12 - In this issue: Sting Operations in Effect, RealPlayer Buffer Overflow Condition, Cold Fusion Forums Exposed, Bypass Excel Code Execution Warning Dialogs, Shun the Frumious Bandersnatch, Bullet Product Might Raise Privacy Concerns, Managed Intrusion Detection Services, Managed Antivirus Solution, and Tip: Enable IPSec Logging.
9adde3efd632863b0d317518a8fd947b3080c5902ad1757f261d83dc24dafdf0
Windows Security Update April 5 - In this issue: Index Server Exposes Web Code, Malformed TCP/IP Print Request, UNC Mappings and IIS Virtual Paths Expose Code, News: Office 2000 SR-1 Update Might Contain Numerous Bugs, IPv6 in Windows 2000 at Least 2 Years Out, Army to Adopt Biometric Security, Protection from Hacker Attacks, Increased Security for E-Commerce.
b1b3bbeb6fc4b946deccf7e88a8a9622a473dda417e6d9ac729f84d2abee3ce1
Windows Security Update March 29 - In this issue: Microsoft Office 2000 Exposes Hidden Drives, In Focus: Outbound Traffic Is an Equally Serious Risk, Security Poll: Should Companies Be Able to Sue Hackers for Reverse Engineering?, Microsoft Internet Server Security Configuration Tool 1.0, Hazards and Pitfalls of Email, ASPAM Trojan on the Loose, and Teen's Boast of Hacking Bill Gates Looks Empty.
ef344756f14ed96d406216d66f5ced8a817567bf46d921d0344293e2830a7392
Windows Security Update March 22 - In this issue: Oracle Web Listener May Run Arbitrary Commands, Microsoft Media License Manager Denial of Service, Internet Information Server Chunked Encoding Post, Security Scripting Language, Email Security Product, Book Highlight: Windows 2000 Security Little Black Book.
2ddfba52a1a064304c5ee29fe2023ce75365f6be3ee5723c52409bf7eaf256f7
Windows Security Update - A new denial of service attack has been found in IIS 4.0 and 5.0. Sending IIS a specially coded URL that contains an excessive number of escape characters, the service is caused to perform more work than necessary, which reduces available processor cycles.
1e1d9f017223668bbeac99eec044089feca325a2062de4af6a754f9f6a651f23
Windows Security Digest - March 8, 2000. In this issue: Buffer Overflow in Clip Art Gallery, Device Names in a URL Can Crash Windows 9x, Internet Explorer 5.0 Allows Arbitrary Code Execution, Omniback Subject to Denial of Service, Feature: Kerberos in Windows 2000, HowTo: Maximizing Proxy Server Security, Review: Synch Passwords with SAM/PS or P-Synch 3.5, and How to Analyze Internal and External Firewall Activity.
6a8c9ed6cebe9b223ea141995ee14ce777b5b49b054b3802d778ae2a59be4aa9
Windows Security Alert - Serious buffer overflow in Microsoft's ClipArt Gallery Live Update that could allow an intruder to gain control over a remote machine. Because clipart updates can be received from sites other than Microsoft, a malicious Web site operator can launch an exploit against an unsuspecting user. Affected Microsoft products include Office 2000, Works 2000, PictureIt 2000, HP 2000, Publisher99, and PhotoDraw 2000 Version 1.
ad675d94704391ceb1013ac6d344640026895f7d321265f61298c341963b4d1c
Windows Security Digest - In this issue: TelnetD Subject to dos, Windows Media Services dos, Systems Management Server Might Allow Elevated Privileges, Wordpad Can Execute Embedded Code, Internet Explorer Allows Component Regression, News: Echelon: Nothing Sacred, Feature: Add Fuel to Your Firewall, Tip: Disable Source Routing on Windows NT, and Review: Hackershield 2.0.
08e4febd38622c0776a772f2584118e264e03423d7f84cfb9c5ebd600e04f367
Windows Security Alert - Two new risks were reported today: Microsoft reported a problem with its Systems Management Server 2.0 that allows an intruder to gain elevated privileges on the system and network, and Georgi Guninski reported a problem with WordPad that may allow unwanted code to execute on the desktop. According to the report, an exploit can be launched using a Web page and IE. Microsoft is aware of the problem, however no official response was known at the time of this writing.
1bfd8eb16760dc1a28c84405f40d0590d9e886eafe4097b331c98342b2e097f2
Windows Security Update - February 23, 2000. In this issue: Internet Information Server 4.0 Denial of Service, Windows Autorun.inf Vulnerability, Site Server Commerce User Input Unvalidated, Microsoft Java Virtual Machine Exposes User Files, Windows 2000 Professional Exposes System During Installation, Internet Explorer Exposes Users' Files, Zombie Zapper Helps Shut Down DDoS Attacks, How to Defend Against DoS Attacks, Novell Firewall for NT, SurfinShield Censors Hostile Code, Security for E-Business Documents, Malicious Code Protection Software, and Why Intruders Control Internet Insurance.
ff10183cd7167c4eb30e3a325f9675ee8c2fe21c8defa6a3de1759acf5ab6432
Windows Security Digest Update - Two risks were discovered: Microsoft reported a problem with its Internet Explorer version 4.x and 5.x that may expose files on a user's system with their permission, and a problem with Win2K Professional that may allow an intruder to gain Administrator access to the system in a particular window of time during the installation process.
9f9ab027f4b3eadea188d3b79b4b9f96c5bcbd0b91aa9a7a06d1aa4d132f2c6b
Windows Security Digest - Contains Something Old, Something New: DNS Hijacking, Timbuktu Pro Denial of Service, SNMP Trap Watcher Denial of Service, Internet Anywhere DoS, Firewall-1 Allows Unauthorized TCP Connections, MySQL Allows Password Bypass, Novell GroupWise DoS, poll: What Will the Recent DDoS Attacks Lead to?, RSA Security Site Ransacked, Microsoft Outlines New Windows 2000 Security Strategy, and Why Deny Read Access To Executable Content?
a0b70514856fc46ba9ccc75cadd8e80e0c93ce21ab1c975842178c1f48789536
Windows Security Digest update - Four new risks were discovered: A DoS condition within BTT Software's SNMP Trap Watcher, two DoS conditions within True North Software's Internet Anywhere mail server, a means to open unauthorized TCP ports on Checkpoint's Firewall-1, and a means to bypass complete password authentication on MySQL.
bcb4143ae284ce2188d3038dd05e44ef427558d1f9c0b020e168c5c0e4d5e49a
Windows 2000 Magazene Security Digest - New vulnerabilities include RDISK Race Condition: Update, Bypass surfControl URL Blocking, WWWThreads Elevates Privileges, Web Server Scripting Issues, Microsoft Java Exposes Files, and Windows NT Recycle Bin Goes Unchecked. Also contains articles on serious DoS attacks, IIS Administrator, FBI and CERT Warn Users Against Web-Based Scripting, and ZoneAlarm 2.0.
aefd83c89746659843b6c1be6a5a6cdf9f3be4950de270b7fb995fce23408f15
Windows/NT Security Update - Information on Outlook Express Object Access, Firewall-1 Allows Script Rule Circumvention, and Index Server Exposes File System. Also includes News: Visa Admits Its Sites Were Hacked, News: Security Holes Bite Online Bank, Kerberos 5 in Windows 2000, and Creating a Special TSE Logon Script. NTsecurity homepage here.
f5191112090c5efcd8381678f158a68ff26dc20e2592870a01b1c689e21bc399
Windows NT Security Update - Information on Rdisk Race Condition, and the InetSrv 3.0 Buffer Overflow. Also contains articles on Internet Security with Windows NT, Email Encryption Plugin, and Change-Detection Software. NTsecurity homepage here.
d3fad445ac140dcb3f3f355fadd12b079518f12f7c8cea463e9a41c776190dc6
Windows NT Magazine Security Update - Contains information on Local Procedure Call vulnerability and Super Mail Denial of Service Condition.
c21a3e6a3d70c1b1d1a373272ecf7b998329632d35146de76258ef2bb07cad6a