[SECURITY-L] Windows 2000 Security Rollup Package 1 (SRP1)

Daniela Regina Barbetti daniela em ccuec.unicamp.br
Sex Fev 1 17:10:35 -02 2002 

----- Forwarded message from Aldo Albuquerque - Segurança de Sistemas <aldo em cesar.org.br> -----

From: Aldo Albuquerque - Segurança de Sistemas <aldo em cesar.org.br>
Subject: Windows 2000 Security Rollup Package 1 (SRP1)
Date: Fri, 1 Feb 2002 15:19:44 -0300
Organization: C.E.S.A.R - Centro de Estudos e Sistemas Avançados do Recife


Caros;


   Para que ainda não sabe a Microsoft lançou uma espécie de "Service Pack 2,5" que agora foi chamado de "Windows 2000 Security Rollup Package 1 (SRP1)". Este pacote inclui uma série de hotfixes pós-SP2. Já está disponível em Inglês e Português-Brasil para download. 

URL: http://www.microsoft.com/Windows2000/downloads/critical/q311401/download.asp 


Os Hotfixes incluídos nele são: 

Core OS: 


MS01-007 (Q285851): Network DDE Agent Requests Can Enable Code to Run in System Context 
MS01-011 (Q287397): Malformed Request to Domain Controller can Cause CPU Exhaustion 
MS01-013 (Q285156): Windows 2000 Event Viewer Contains Unchecked Buffer 
MS01-024 (Q294391): Malformed Request to Domain Controller can Cause Memory Exhaustion 
MS01-036 (Q299687): Function Exposed via LDAP over SSL Could Enable Passwords to be Changed 
MS01-041 (Q298012): Malformed RPC Request Can Cause Service Failure 
MS01-046 (Q252795): Access Violation in Windows 2000 IrDA? Driver Can Cause System to Restart 

FrontPage Server Extensions: 

MS01-035 (Q300477): FrontPage? Server Extension Sub-Component Contains Unchecked Buffer 

Hyperterminal: 

MS00-079 (Q276471): Hyperterminal Buffer Overflow 

Indexing Service: 

MS01-025 (Q296185): Index Server Search Function Contains Unchecked Buffer 
MS01-033 (Q300972): Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise 

Internet Explorer 5.01: 

MS01-051 (Q306121): Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone 
Note: Only the fix for version 5.01 of Internet Explorer is included in the SRP, as this is the version that shipped with Windows 2000. Patches are available for other versions of IE. 
Internet Information Service 5.0: 


MS01-004 (Q285985): Malformed .HTR Request Allows Reading of File Fragments 
MS01-026 (Q293826): 14 May 2001 Cumulative Patch for IIS 
MS01-044 (Q301625): 15 August 2001 Cumulative Patch for IIS 

Netmeeting: 

MS00-077 (Q273854): Netmeeting Desktop Sharing 

NNTP Service: 

MS01-043 (Q303984): NNTP Service Contains Memory Leak 

SMTP Service: 

MS01-037 (Q302755): Authentication Error in SMTP Service Could Allow Mail Relaying 

Telnet Service: 

MS01-031 (Q299553): Predictable Name Pipes Could Enable Privilege Elevation via Telnet 


Terminal Service: 

MS01-040 (Q292435): Invalid RDP Data Can Cause Memory Leak in Terminal Services 
MS01-052 (Q307454): Invalid RDP Data can Cause Terminal Service Failure 


Patches for Windows 2000 that were delivered via security bulletins released after MS01-052. These will be included in Windows 2000 SRP2. 


Atenciosamente,

Aldo Albuquerque - CCSA
Tempest Security Technologies - http://www.tempest.com.br 
C.E.S.A.R. - Centro de Estudos e Sistemas Avançados do Recife - http://www.cesar.org.br

---

"Software é aquilo que você xinga, Hardware é aquilo que você chuta"


----- End forwarded message -----

Mais detalhes sobre a lista de discussão SECURITY-L