Updated: July 11, 2020 (February 6, 2000)

  Analyst Report

Security Update

My Atlas / Analyst Reports

845 wordsTime to read: 5 min
Rob Helm by
Rob Helm

As managing vice president, Rob Helm covers Microsoft collaboration and content management. His 25-plus years of experience analyzing Microsoft’s technology... more

The table below shows security patches issued between Dec. 10, 1999, and Jan. 21, 2000. Bulletins that describe these patches are located at www.microsoft.com/Security/Bulletins/ except where indicated.

Two security bulletins described below share a common patch: bulletin 99-056 (a bug in Windows NT’s “syskey” encryption utility that exposes passwords) and bulletin 99-057 (a bug that causes NT to stop responding after receiving a malformed security identifier request). Note also that bulletin 99-060 covers two separate issues on the Macintosh: a bug in Outlook Express 5.0 that deposits attachments on a user’s system, and a problem with expired digital certificates in Internet Explorer 4.5.

Threat Systems Affected Cause Bulletin
A hacker who obtains a copy of the Security Account Manager (SAM) database can steal user passwords Windows NT 4.0. A hacker needs access to the machine’s SAM database to exploit the weakness. The SAM database includes user passwords

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now

Updated: July 11, 2020 (March 5, 2000)

  Analyst Report Archived

Security Update

The table below shows security patches issued between Jan. 21 and Feb. 18, 2000. Bulletins that describe these patches are at www.microsoft.com/technet/security/current.asp.







Threat Systems Affected Cause Bulletin
A malicious user can create, modify, or delete files in another user’s Recycle Bin on a shared machine. NT 4.0 Workstation

NT 4.0 Server

NT 4.0 Server Enterprise Edition

A Recycle Bin (a folder) is created the first time a user deletes a file. If a malicious user can create this folder first, he/she controls permissions on the folder. Ms00-007
A malicious Web site operator could view files on the computer of a visiting user if he/she knows the name and location of the file and the file is viewable in a browser. Internet Explorer 4.0 and 4.01.

Internet Explorer 5 and 5.01.

The code that allows a Web site to do a redirect to a new Web page (this includes a redirect to a folder on a user’s local hard disk) allows a brief time-period

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now

Updated: July 11, 2020 (April 2, 2000)

  Analyst Report Archived

Security Update

My Atlas / Analyst Reports

642 wordsTime to read: 4 min
Rob Helm by
Rob Helm

As managing vice president, Rob Helm covers Microsoft collaboration and content management. His 25-plus years of experience analyzing Microsoft’s technology... more

The table below shows security patches issued between Feb. 26, 2000, and Mar. 17, 2000. Bulletins that describe these patches are at www.microsoft.com/technet/security/current.asp. For information on recent security patches for Windows 2000, see “First Windows 2000 Hotfix Released“.


Threat Systems Affected Cause Bulletin
A remote attacker can issue arbitrary commands to a SQL Server database through a Web site. Site Server 3.0 Commerce Edition with any supported version of SQL Server Some sample code (and some code generated by the Site Builder Wizard) does not validate the contents of an input field before sending it to the database. By entering SQL code in this field, an attacker can execute arbitrary commands on the Web site’s database server. ms00-010
(Feb. 18)
A Web site operator can read files belonging to a visitor, if the file’s name is known to the operator. Internet Explorer 4.x, 5.x, and any other product that includes build 2000

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now

Updated: July 11, 2020 (April 24, 2000)

  Analyst Report Archived

Security Update

My Atlas / Analyst Reports

574 wordsTime to read: 3 min

The table below shows security patches issued between Mar. 16, 2000, and Apr. 7, 2000. Bulletins that describe these patches are at www.microsoft.com/technet/security/current.asp.







Threat Systems Affected Cause Bulletin
An attacker can lock users out of copy-protected content hosted on Windows Media Server.

 

Windows Media Rights Manager version 1.0

(ships with Windows Media Technologies 4.1 and 4.0)

Certain types of specially malformed license requests can corrupt an internal table in the License Manager so that it refuses to accept all further requests for new licenses. This prevents users from decrypting protected media files (audio or video) distributed by the Windows Media Server. ms00-016

(Mar. 17)

Illegal pathnames embedded on Web pages or received in e-mail can crash a Windows 9x system. Windows 95, Windows 98, Windows 98 SE The Windows 9x command parser does not check for multiple occurrences of device names (i.e., c:lpt1lpt1)

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now