First Win2K virus identified, but not in the wild

The first virus known to target Windows 2000 specifically has been identified, but it's not believed to exist in the wild. Check out Exterminator for the details on this week's bug, patch, and virus announcements.

Microsoft is taking a turn at leading the week’s patch, bug, virus, and OS announcements.

Count on Exterminator!
Each Friday, Exterminator brings you news of important bug fixes, virus recovery information, service release announcements, security notices, and more, from the prior week.

Microsoft Security Bulletin (MS00-003)
A vulnerability that could have allowed one of your users to log on at an NT 4.0 box locally and become an administrator for that computer has been fixed.

According to Microsoft, a flaw in the validation portion of an LPC call function “could allow a malicious user to create both the client and server threads and manipulate the impersonation request to allow it to run in the context of any desired user on the local machine.”

You can find the security bulletin’s FAQ on Microsoft’s Web site .

Microsoft Security Bulletin (MS00-005)
An error in .rtf files that shipped with Windows 9x and Windows NT could cause e-mail programs to crash. The error is related to an unchecked buffer that parses control words.

Redmond has created a patch. You'll find both the fix and more information on Microsoft’s Web site .

What happened to MS00-002 and MS00-004?
Wondering why there was no news on MS00-002 and MS00-004? Wonder no more.

As this column was being prepared for publication, Redmond had yet to release the two security bulletins. However, the word was that their release was imminent, so you may want to keep an eye out for them.

No promises, but my educated guess says these links will work once the bulletins are released:

Windows 2000 to ship early
Some administrators may look to Windows 2000 as a solution to bugs on their network. Beginning Jan. 24, Windows 2000-ready PCs from major manufacturers will begin shipping. That’s three weeks before the announced Feb. 17 rollout for the much-anticipated OS.

Your best bet is to go to Microsoft’s site for more information on which PCs qualify, as apparently Redmond has requested that the major vendors don’t promote the news. You can read the details here .

First Win2K virus identified
The OS hasn’t even been officially released yet, and hackers are already turning their pusillanimous efforts toward Windows 2000. Although the virus, W2K.Installer, is not believed to exist in the wild, Symantec credits it as the first known virus to replicate only under Windows 2000.

There are two variants: W2K.Installer.1676 and W2K.Installer.1688. Symantec says they attack Windows 2000 applications with an MSI extension (MSI is part of the Windows 2000 installation kit).

A cavity infector, W2K.Installer doesn’t change the size of files it attacks. Further, the virus doesn’t attack files protected by the System File Checker. More information is available at Symantec’s AntiVirus Research Center.

Novell Virus Signature Updates
Novell has released virus signature updates for its ManageWise product:

GroupWise Service Pack
The GroupWise 5.5 Service Pack 3 Download Assistant was posted to Novell’s site late last week. According to Novell, this utility will help GroupWise administrators identify and download the correct version of SP3 for their systems, while also helping admins “select and download the 32-bit Remote Client diskettes for Windows 95/98/NT and the 16-bit GroupWise 5.2.5 Remote Client diskettes for Windows 3.1.”

More information on the GroupWise update can be found here .

Erik Eckel MCP+I, MCSE is Community Editor for AdminRepublic.

Have a comment?
If you'd like to share your opinion, please send us an e-mail or post a comment below.


Editor's Picks

Free Newsletters, In your Inbox