[SECURITY-L] Windows 2000 Security Rollup Package 1 (SRP1)
Daniela Regina Barbetti
daniela em ccuec.unicamp.br
Sex Fev 1 17:10:35 -02 2002
----- Forwarded message from Aldo Albuquerque - Segurança de Sistemas <aldo em cesar.org.br> -----
From: Aldo Albuquerque - Segurança de Sistemas <aldo em cesar.org.br>
Subject: Windows 2000 Security Rollup Package 1 (SRP1)
Date: Fri, 1 Feb 2002 15:19:44 -0300
Organization: C.E.S.A.R - Centro de Estudos e Sistemas Avançados do Recife
Caros;
Para que ainda não sabe a Microsoft lançou uma espécie de "Service Pack 2,5" que agora foi chamado de "Windows 2000 Security Rollup Package 1 (SRP1)". Este pacote inclui uma série de hotfixes pós-SP2. Já está disponível em Inglês e Português-Brasil para download.
URL: http://www.microsoft.com/Windows2000/downloads/critical/q311401/download.asp
Os Hotfixes incluídos nele são:
Core OS:
MS01-007 (Q285851): Network DDE Agent Requests Can Enable Code to Run in System Context
MS01-011 (Q287397): Malformed Request to Domain Controller can Cause CPU Exhaustion
MS01-013 (Q285156): Windows 2000 Event Viewer Contains Unchecked Buffer
MS01-024 (Q294391): Malformed Request to Domain Controller can Cause Memory Exhaustion
MS01-036 (Q299687): Function Exposed via LDAP over SSL Could Enable Passwords to be Changed
MS01-041 (Q298012): Malformed RPC Request Can Cause Service Failure
MS01-046 (Q252795): Access Violation in Windows 2000 IrDA? Driver Can Cause System to Restart
FrontPage Server Extensions:
MS01-035 (Q300477): FrontPage? Server Extension Sub-Component Contains Unchecked Buffer
Hyperterminal:
MS00-079 (Q276471): Hyperterminal Buffer Overflow
Indexing Service:
MS01-025 (Q296185): Index Server Search Function Contains Unchecked Buffer
MS01-033 (Q300972): Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise
Internet Explorer 5.01:
MS01-051 (Q306121): Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone
Note: Only the fix for version 5.01 of Internet Explorer is included in the SRP, as this is the version that shipped with Windows 2000. Patches are available for other versions of IE.
Internet Information Service 5.0:
MS01-004 (Q285985): Malformed .HTR Request Allows Reading of File Fragments
MS01-026 (Q293826): 14 May 2001 Cumulative Patch for IIS
MS01-044 (Q301625): 15 August 2001 Cumulative Patch for IIS
Netmeeting:
MS00-077 (Q273854): Netmeeting Desktop Sharing
NNTP Service:
MS01-043 (Q303984): NNTP Service Contains Memory Leak
SMTP Service:
MS01-037 (Q302755): Authentication Error in SMTP Service Could Allow Mail Relaying
Telnet Service:
MS01-031 (Q299553): Predictable Name Pipes Could Enable Privilege Elevation via Telnet
Terminal Service:
MS01-040 (Q292435): Invalid RDP Data Can Cause Memory Leak in Terminal Services
MS01-052 (Q307454): Invalid RDP Data can Cause Terminal Service Failure
Patches for Windows 2000 that were delivered via security bulletins released after MS01-052. These will be included in Windows 2000 SRP2.
Atenciosamente,
Aldo Albuquerque - CCSA
Tempest Security Technologies - http://www.tempest.com.br
C.E.S.A.R. - Centro de Estudos e Sistemas Avançados do Recife - http://www.cesar.org.br
---
"Software é aquilo que você xinga, Hardware é aquilo que você chuta"
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L