Security

Exterminator: Windows NT receives tighter permissions

Heads up Windows NT administrators! The Exterminator's found several bug updates you won't want to miss. Plus, here's information on viruses and a new BeOS vulnerability.


Taking out one bug at a time
The Exterminator brings to you his insight on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, and other systems.

Microsoft Security Bulletin (MS00-024)
Regarding: Microsoft Windows NT 4.0

Date Posted: April 12, 2000

Patch URL:Click here for the x86 patch

Patch URL:Click here for the Alpha patch

On April 12, 2000, Microsoft posted a patch providing improved permissions in Windows NT 4.0. The default permissions could allow a user to compromise the cryptographic keys of other users who log onto the same machine. For more information, visit the Microsoft Web site.

Microsoft Security Bulletin (MS00-023)
Regarding: Microsoft IIS 4.0 and 5.0

Date Posted: April 12, 2000

Patch URL:Click here for the 4.0 patch

Patch URL:Click here for the 5.0 patch

On April 12, 2000, Microsoft posted a patch for security vulnerability in its Internet Information Server. The bug could allow a user to slow a Web server’s response, or prevent it from providing services altogether. For more information, visit the Microsoft Web site.

Microsoft Security Bulletin (MS00-022)
Regarding: Microsoft Excel

Date Posted: April 3, 2000

Patch URL:Click here for the Excel 97 patch (requires SR-2)

Patch URL:Click here for the Excel 2000 patch

Microsoft recently posted a patch for their Microsoft Excel program due to vulnerability within the software. The hole could allow a macro to be run without generating the proper security warning. For more information, visit the Microsoft Web site.

BeOS Update
Regarding: BeOS 4.5 and 5.0

Date Posted: April 10, 2000

Information URL:Click here for more information

SecurityFocus.com this week posted information regarding BeOS and a security hole that can cause the OS to crash. If a user makes a direct system call using invalid parameters through int 0x25, BeOS will crash. A reboot is required to operate normally.

Virus Update
Regarding: TROJ_IRCFLOOD

Date Posted: April 10, 2000

Information URL:Click here for more information

On April 10, 2000, Trend Micro posted an alert in their virus encyclopedia for the TROJ_IRCFLOOD Trojan. The Trojan allows for a denial of service (DOS) flood attack by a client machine. The Trojan specifically floods dal.net servers. For information on how to delete the Trojan, visit the Information URL above.

Help us squash a few bugs!
Have you found a new bug or discovered a nifty little software patch? We’re interested in what you know! Post your findings below or feel free to send us a note.

 

Editor's Picks

Free Newsletters, In your Inbox