Security

A big week for multipurpose patches: Microsoft releases three

This week, Microsoft released three patches, each correcting at least two vulnerabilities. The most significant patch contains a multitude of fixes for IIS 4.0 and 5.0. On the upside, Novell released nothing new, and all the viruses are low risk.


Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-025)
Regarding: Index Server 2.0 and Windows 2000 Indexing Service
Date Posted: May 10, 2001
Patch URL: Three separate patches have been released. Follow the link below to the main information page and select the patch appropriate for your system.
Information URL:Click here for more information.

This security bulletin actually contains information on two unrelated vulnerabilities. The first is an unchecked buffer in Index Server 2.0, which could cause Index Server to fail under certain circumstances. The second, affecting both Index Server and the Windows 2000 Indexing Service, is a variant originally discovered last year known as the “Malformed-Hit Highlighting” vulnerability. See Security Bulletin MS00-006 for details.

Microsoft Security Bulletin (MS01-026)
Regarding: Internet Information Server 4.0 and Internet Information Services 5.0
Date Posted: May 14
Patch URL:Click here to download the patch for IIS 4.0.

Click here to download the patch for IIS 5.0.
Information URL:Click here for more information.

These patches contain all the patches released to date—and corrections for two of them—for IIS 4.0 and IIS 5.0, as well as fixes for three newly discovered vulnerabilities. These new vulnerabilities could allow an attacker to run OS commands on your server, make a denial of service attack, and locate Guest accounts. Kill a whole flock with this one patch.

Microsoft Security Bulletin (MS01-027)
Regarding: Internet Explorer 5.01 and 5.5
Date Posted: May 16, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This is the week for multipurpose patches. This one guards against two IE vulnerabilities. Both could allow an attacker to persuade a user that he or she is visiting a trusted Web site. The first vulnerability affects the checks normally made on a digital certificate. The second could cause a different URL in the IE address bar.

Novell issues
Novell administrators can relax this week. Exterminator found nothing new to report.

Virus updates from Trend Micro
Virus/Worm: VBS_HARD.A
Posted: May 13, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: VBS_YABRAN.A
Posted: May 15, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: VBS_ZEAM.A
Posted: May 16, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: VBS_VBSWG.Z
Posted: May 17, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-025)
Regarding: Index Server 2.0 and Windows 2000 Indexing Service
Date Posted: May 10, 2001
Patch URL: Three separate patches have been released. Follow the link below to the main information page and select the patch appropriate for your system.
Information URL:Click here for more information.

This security bulletin actually contains information on two unrelated vulnerabilities. The first is an unchecked buffer in Index Server 2.0, which could cause Index Server to fail under certain circumstances. The second, affecting both Index Server and the Windows 2000 Indexing Service, is a variant originally discovered last year known as the “Malformed-Hit Highlighting” vulnerability. See Security Bulletin MS00-006 for details.

Microsoft Security Bulletin (MS01-026)
Regarding: Internet Information Server 4.0 and Internet Information Services 5.0
Date Posted: May 14
Patch URL:Click here to download the patch for IIS 4.0.

Click here to download the patch for IIS 5.0.
Information URL:Click here for more information.

These patches contain all the patches released to date—and corrections for two of them—for IIS 4.0 and IIS 5.0, as well as fixes for three newly discovered vulnerabilities. These new vulnerabilities could allow an attacker to run OS commands on your server, make a denial of service attack, and locate Guest accounts. Kill a whole flock with this one patch.

Microsoft Security Bulletin (MS01-027)
Regarding: Internet Explorer 5.01 and 5.5
Date Posted: May 16, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This is the week for multipurpose patches. This one guards against two IE vulnerabilities. Both could allow an attacker to persuade a user that he or she is visiting a trusted Web site. The first vulnerability affects the checks normally made on a digital certificate. The second could cause a different URL in the IE address bar.

Novell issues
Novell administrators can relax this week. Exterminator found nothing new to report.

Virus updates from Trend Micro
Virus/Worm: VBS_HARD.A
Posted: May 13, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: VBS_YABRAN.A
Posted: May 15, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: VBS_ZEAM.A
Posted: May 16, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: VBS_VBSWG.Z
Posted: May 17, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Editor's Picks

Free Newsletters, In your Inbox