Note: There have been reports of fraudulent security patches being distributed through e-mail by persons misrepresenting themselves as "Microsoft." Microsoft policy is to distribute all security patches through the Microsoft Web site, and not via e-mail. Microsoft may send security notifications via e-mail, but they will always reference a Microsoft URL for download. Users should not install patches attached to e-mail messages, even if those messages claim to be from Microsoft.
There is a large link list of IE security updates and patches here.
Bleeding Edge
09-06-1999, 01:23 AM
Thanks.
Seems like they post these patches here first before it makes it to the regular Windows Update...
Hiya Socalgal! Belated congrats!
Online safety is a necessity, no doubt about it. I hope it doesn't require it's own listing category like Motherboards, Technical, etc. Maybe it could be a category on the main page, like the reviews are?
I wish everyone online would just play nice, but since they don't... we all just need to be aware!
[This message has been edited by Ygor (edited 09-10-99).]
As an aside: I'm not recommending nor suggesting that these patches be installed - as with all things Microsoft - use at your own risk! I thought I would provide them more or less as a "service". Please read the bulletins carefully before deciding to install.
If you guys/gals decide that you don't want further postings of these bulletins, then I'll discontinue doing so.
Thanks.
BBA
09-11-1999, 03:27 PM
Ya know, Win98SE comes with all these updates built in, except for 2 of the latest ones.
BBA
socalgal
09-20-1999, 08:00 PM
Apologies for the lag on this one - Note this comes with a Trojan Horse attached, if you get it, don't open!
Patch Available for "Spoofed Route Pointer" Vulnerability
Originally Posted: September 20, 1999
Summary
=======
Microsoft has released a patch that eliminates a vulnerability in
Microsoft(r) Windows(r) 95, 98 and Windows NT(r) 4.0 that could allow
source routing to be performed, even if it has ostensibly been disabled.
The patch also includes added functionality to provide additional control
over source routing.
Frequently asked questions regarding this vulnerability can be found at
www.microsoft.com/security/bulletins/ms99-038faq.asp (http://www.microsoft.com/security/bulletins/ms99-038faq.asp)
Issue
=====
Windows NT 4.0 Service Pack 5 introduced the ability to disable source
routing on a multi-homed Windows NT machine that acts as a router. However,
even if source routing is disabled, it is possible to bypass it by
including a specific type of incorrect information within the route pointer
in the data packet. Windows 95 and 98 also provide this capability, and are
affected by the same vulnerability. The patch restores correct operation to
the anti-source routing feature. In addition, it provides additional
functionality that enables source routing to be disabled on single-homed
machines and on multi-homed machines that are not used as routers.
Customers who are using multi-homed Windows 95, 98 or or Windows NT
machines, and who wish to disable source routing should apply the patch to
ensure proper operation of the anti-source routing features. In addition,
customers who have non-routing machines in vulnerable locations (for
example, single-homed machines outside of a firewall or multi-homed machines
joining two subnets) may wish to install the patch in order to use the new
functionality to disable source routing in these cases as well.
Affected Software Versions
==========================
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0, Enterprise Edition
- Microsoft Windows NT Server 4.0, Terminal Server Edition
Patch Availability
==================
- Windows 95, 98 and Windows 98 Second Edition:
To be released shortly
- Windows NT 4.0 Workstation, Windows NT 4.0 Server and Windows
NT 4.0 Server, Enterprise Edition:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/
usa/nt40/Hotfixes-PostSP5/Spoof-fix
- Windows NT 4.0 Server, Terminal Server Edition:
To be released shortly
NOTE: Line breaks have been inserted into the URLs above for readability
More Information
================
Please see the following references for more information related to this
issue.
- Microsoft Security Bulletin MS99-038: Frequently Asked Questions,
www.microsoft.com/security/bulletins/ms99-038faq.asp (http://www.microsoft.com/security/bulletins/ms99-038faq.asp)
- Microsoft Knowledge Base (KB) article Q238453,
Pointer in Source Route Option Bypasses Source Routing Disable,
support.microsoft.com/support/kb/articles/q238/4/53.asp (http://support.microsoft.com/support/kb/articles/q238/4/53.asp)
(Note: It may take 24 hours from the original posting of this
bulletin for the KB article to be visible.)
- Microsoft Security Advisor web site,
www.microsoft.com/security/default.asp (http://www.microsoft.com/security/default.asp)
Obtaining Support on this Issue
===============================
This is a fully supported patch. Information on contacting Microsoft
Technical Support is available at
support.microsoft.com/support/contact/default.asp (http://support.microsoft.com/support/contact/default.asp)
Acknowledgments
===============
Microsoft acknowledges Network Associates, Inc. (http://www.nai.com) for
bringing this issue to our attention and working with us to alert customers
about it.
Revisions
=========
- September 20, 1999: Bulletin Created.
(One or more links may not have been made active by me so as to not reformat this page - socalgal)
[This message has been edited by socalgal (edited 09-20-99).]
socalgal
09-23-1999, 08:34 PM
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
********************************
Microsoft Security Bulletin (MS99-039)
--------------------------------------
Patch Available for "Domain Resolution" and "FTP Download" Vulnerabilities
Originally Posted: September 23, 1999
Summary
=======
Microsoft has released a patch that eliminates two security
vulnerabilities in Microsoft(r) Internet Information Server 4.0.
The vulnerabilities allow security restrictions in IIS to be
bypassed under certain conditions, as discussed below. Frequently
asked questions regarding this vulnerability can be found at
www.microsoft.com/security/bulletins/ms99-039faq.asp (http://www.microsoft.com/security/bulletins/ms99-039faq.asp)
Issue
=====
There are two vulnerabilities at issue here:
- IIS 4.0 provides the ability to restrict access to a web
site based on the user's domain. However, if IIS cannot
resolve a user's IP address to a domain, it will grant
the user's first request for a session. It will correctly
deny them thereafter.
- A user who accesses an FTP site via a browser will be able
to download files even if they are marked No Access. This
vulnerability is due to a regression error that was
introduced in hotfixes released after Windows NT 4.0 Service
Pack 5; it does not exist in SP5 or in previous versions.
Neither vulnerability provides a means to usurp control of the server. A
patch is available that eliminates both vulnerabilities.
Affected Software Versions
==========================
- Microsoft Internet Information Server 4.0
More Information
================
Please see the following references for more information related to this
issue.
- Microsoft Security Bulletin MS99-039: Frequently Asked Questions www.microsoft.com/security/bulletins/ms99-039faq.asp (http://www.microsoft.com/security/bulletins/ms99-039faq.asp)
- Microsoft Knowledge Base (KB) article Q241805, Combined FTP and Domain Restriction Security Patch for IIS 4.0 support.microsoft.com/support/kb/articles/q241/8/05.asp (http://support.microsoft.com/support/kb/articles/q241/8/05.asp)
- Microsoft Knowledge Base (KB) article Q241562,
Denying Access With Domain Name Restriction Still Allows Unresolved Clients support.microsoft.com/support/kb/articles/q241/5/62.asp (http://support.microsoft.com/support/kb/articles/q241/5/62.asp)
- Microsoft Knowledge Base (KB) article Q241407,
Files can be downloaded from an FTP Server when the file permissions are explicitly No Access support.microsoft.com/support/kb/articles/q241/4/07.asp (http://support.microsoft.com/support/kb/articles/q241/4/07.asp)
Microsoft Security Advisor web site www.microsoft.com/security/default.asp (http://www.microsoft.com/security/default.asp)
NOTE: It may take 24 hours from the original posting of this bulletin
for the KB articles to be visible.
Obtaining Support on this Issue
===============================
This is a fully supported patch. Information on contacting Microsoft
Technical Support is available at
http://support.microsoft.com/support/contact/default.asp
Acknowledgments
===============
Microsoft acknowledges Roberto Franceschetti for discovering the FTP Access
vulnerability and bringing it to our attention.
Revisions
=========
- September 23, 1999: Bulletin Created.
[This message has been edited by socalgal (edited 09-23-99).]
socalgal
09-28-1999, 09:58 PM
Yeah, already knew about your Active Scripting MS! /forum/frown.gif
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Microsoft Security Bulletin (MS99-040)
======================================
Workaround for IE 5 "Download Behavior"
Originally Posted: September 28, 1999
Summary
-------
Microsoft has learned of a vulnerability in Microsoft® Internet
Explorer 5 that could allow a malicious web site operator to take
inappropriate action on the computer of a person who visited the site.
Customers can immediately protect themselves against this vulnerability
by disabling Active Scripting in IE 5, as discussed in the FAQ.
Microsoft is also developing a patch that will restore safe operation
to the affected feature; when the patch is available, this bulletin
will be re-released.
Additional information and frequently asked questions regarding this
vulnerability can be found at
www.microsoft.com/security/bulletins/MS99-040faq.asp (http://www.microsoft.com/security/bulletins/MS99-040faq.asp)
Issue
-----
IE 5 includes a feature called "download behavior" that allows web page
authors to download files for use in client-side script. By design, a
web site should only be able to download files that reside in its domain;
this prevents client-side code from exposing files on the user's machine
or local intranet to the web site. However, a server-side redirect can be
used to bypass this restriction, thereby enabling a malicious web site
operator to read files on the user's machine or the user's local intranet.
This vulnerability would chiefly affect workstations that are connected to
the Internet. As an immediate measure, customers can prevent the download
behavior function from operating by disabling Active Scripting, as discussed
in the FAQ. A patch that restores correct operation is under development
and will be delivered shortly.
Affected Software Versions
==========================
- Microsoft Internet Explorer 5
Workaround
==========
The vulnerability can be prevented by disabling Active Scripting. The FAQ
contains details on how to do this.
More Information
================
Please see the following references for more information related to this
issue.
- Microsoft Security Bulletin MS99-040: Frequently Asked Questions,
www.microsoft.com/security/bulletins/ms99-040faq.asp (http://www.microsoft.com/security/bulletins/ms99-040faq.asp)
- Microsoft Knowledge Base (KB) article Q242542 Workaround available for
download behavior vulnerability,
support.microsoft.com/support/kb/articles/Q242/5/42.asp (http://support.microsoft.com/support/kb/articles/Q242/5/42.asp)
(Note: It may take 24 hours from the posting of this bulletin for the
KB article to appear)
- Microsoft Security Advisor web site,
www.microsoft.com/security/default.asp (http://www.microsoft.com/security/default.asp)
Obtaining Support on this Issue
===============================
Information on contacting Microsoft Technical Support is available
at support.microsoft.com/support/contact/default.asp (http://support.microsoft.com/support/contact/default.asp)
Acknowledgments
===============
Microsoft acknowledges Georgi Guninski for bringing this issue to our
attention.
Revisions
=========
- September 28, 1999: Bulletin Created.
[This message has been edited by socalgal (edited 09-29-99).]
socalgal
09-30-1999, 10:51 PM
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Microsoft Security Bulletin (MS99-041)
--------------------------------------
Tool Available for "RASMAN Security Descriptor" Vulnerability
Originally Posted: September 30, 1999
Summary
=======
Microsoft has released a patch that eliminates a vulnerability in
Microsoft(r) Windows NT(r) 4.0. The vulnerability could enable a user to
execute arbitrary code on a Windows NT machine under certain conditions.
Frequently asked questions regarding this vulnerability can be found
at http://www.microsoft.com/security/bulletins/MS99-041faq.asp
Issue
=====
The security descriptor that secures the Remote Access Connection Manager,
RASMAN.EXE, contains an inappropriate ACE in its DACL and would allow an
unprivileged user to levy requests on it via the Service Control Manager.
Among the actions that could be requested is to change the location and
name of the executable code for the service. By doing so, a malicious user
could substitute arbitrary code for the legitimate service, which then
would run in a System Context.
A malicious user could only exploit this vulnerability if he or she had a
valid userid and password on the target machine. If the machine allowed
users to log on from the network, the vulnerability could be remotely
exploited. In addition, the arbitrary code could, under certain conditions,
reside on a remote machine. A tool is available to reset the permissions to
the appropriate value and eliminate the vulnerability, and should be run
against any machine that allows unprivileged users to perform either
interactive or network logons under any account.
Affected Software Versions
==========================
- Microsoft Windows NT 4.0 Workstation
- Microsoft Windows NT 4.0 Server
- Microsoft Windows NT 4.0 Server, Enterprise Edition
- Microsoft Windows NT 4.0 Server, Terminal Server Edition
NOTE: Line breaks have been inserted into the above URL for readability.
More Information
================
Please see the following references for more information related to this
issue.
- Microsoft Security Bulletin MS99-041: Frequently Asked Questions,
http://www.microsoft.com/security/bulletins/MS99-041faq.asp
- Microsoft Knowledge Base (KB) article Q242294,
Security Descriptor Allows Privilege Elevation on Remote Computers,
http://support.microsoft.com/support/kb/articles/q242/2/94.asp
(Note: It may take 24 hours from the original posting of this
bulletin for this KB article to be visible.)
- Microsoft Security Advisor web site,
http://www.microsoft.com/security/default.asp
Obtaining Support on this Issue
===============================
This is a fully supported patch. Information on contacting Microsoft
Technical Support is available at
http://support.microsoft.com/support/contact/default.asp
Acknowledgments
===============
Microsoft acknowledges Alberto Rodríguez Aragonés for bringing this issue to
our attention.
Revisions
=========
- September 30, 1999: Bulletin Created.
socalgal
09-30-1999, 10:57 PM
Microsoft Security Bulletin (MS99-039)
--------------------------------------
Update: Patch Available for "Domain Resolution" and "FTP Download"
Vulnerabilities
Originally Posted: September 23, 1999
Revised: September 30, 1999
Summary
=======
This is a re-release of a security bulletin issued on September 23, 1999.
The purpose of the re-release is to discuss an additional product,
Microsoft(r) Commercial Internet System, that is affected by this
vulnerability. The information regarding IIS has not changed, and customers
who previously applied this patch to their IIS systems do not need to take
any action.
Microsoft has released a patch that eliminates two security vulnerabilities
in Microsoft Internet Information Server (IIS) 4.0 and Microsoft
Commercial Internet System (MCIS) 2.5. The vulnerabilities allow security
restrictions in IIS and MCIS to be bypassed under certain conditions, as
discussed below. Frequently asked questions regarding this vulnerability
can be found at http://www.microsoft.com/security/bulletins/ms99-039faq.asp
Issue
=====
There are two vulnerabilities at issue here:
- IIS 4.0 provides the ability to restrict access to a web site based
on the user's domain. However, if IIS cannot resolve a user's IP
address to a domain, it will grant the user's first request for a
session. It will correctly deny them thereafter. This vulnerability
affects IIS 4.0 only; it does not any other Microsoft product,
including MCIS.
- A user who accesses an FTP site via a browser will be able to download
files even if they are marked No Access. This vulnerability is due to
a regression error that was introduced in hotfixes released after
Windows NT 4.0 Service Pack 5; it does not exist in SP5 or in previous
versions. This vulnerability affects both IIS 4.0 and MCIS 2.5, but no
other Microsoft products.
Neither vulnerability provides a means to usurp control of the server. A
patch is available that eliminates both vulnerabilities.
Affected Software Versions
==========================
- Microsoft Internet Information Server 4.0
- Microsoft Commercial Internet System 2.5
NOTE: Line breaks have been inserted into the above URLs for readability.
More Information
================
Please see the following references for more information related to this
issue.
- Microsoft Security Bulletin MS99-039: Frequently Asked Questions,
http://www.microsoft.com/security/bulletins/ms99-039faq.asp
- Microsoft Knowledge Base (KB) article Q241805,
Combined FTP and Domain Restriction Security Patch for IIS 4.0,
http://support.microsoft.com/support/kb/articles/q241/8/05.asp
- Microsoft Knowledge Base (KB) article Q241562,
Denying Access With Domain Name Restriction Still Allows Unresolved
Clients,
http://support.microsoft.com/support/kb/articles/q241/5/62.asp
- Microsoft Knowledge Base (KB) article Q241407,
Files can be downloaded from an FTP Server when the file permissions
are explicitly No Access,
http://support.microsoft.com/support/kb/articles/q241/4/07.asp
- Microsoft Knowledge Base (KB) article Q242559,
FTP Allows read on a file with NTFS permissions of No Access,
http://support.microsoft.com/support/kb/articles/q242/5/59.asp
- Microsoft Security Advisor web site,
http://www.microsoft.com/security/default.asp
(Note: It may take 24 hours from the original posting of this bulletin for
the KB articles to be visible.)
Obtaining Support on this Issue
===============================
This is a fully supported patch. Information on contacting Microsoft
Technical Support is available at
http://support.microsoft.com/support/contact/default.asp
Acknowledgments
===============
Microsoft acknowledges Rich Harrison of Halliburton Company for discovering
the "Domain Resolution" vulnerability and reporting it to us. Microsoft
acknowledges Roberto Franceschetti for discovering the FTP Access
vulnerability and bringing it to our attention.
Revisions
=========
- September 23, 1999: Bulletin Created.
- September 30, 1999: Bulletin modified to include information regarding
MCIS association with this vulnerability.
-----------
This will be the last bulletin in this thread. I'll open another thread for future bulletins. -socalgal
SysOpt.com
Copyright Internet.com Inc. All Rights Reserved.