Security

Get Microsoft buffer and various Novell patches

Microsoft has released two patches to fix unchecked buffers, one in Outlook and another in the Windows 2000 Event Viewer. Novell also released a host of patches. Exterminator has all the details, along with the latest virus updates.


Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-012)
Regarding: Outlook, Outlook Express
Date Posted: Feb. 22, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

An unchecked buffer in the component of Outlook and Outlook Express used to process vCards could allow an attacker to cause Outlook to fail or, more seriously, run their own code. Be aware that the patch is specific to your version of Internet Explorer, since Outlook Express ships as a component of IE.

Microsoft Security Bulletin (MS01-013)
Regarding: Windows 2000
Date Posted: Feb. 26, 2001
Patch URL:Click here to download the patch. (Patches for Windows 2000 Datacenter Server are hardware-specific. Contact your OEM.)
Information URL:Click here for more information.

Event Viewer in Windows 2000 has an unchecked buffer residing in the section of code that displays the detailed view of events. By entering specifically malformed data into a record, an attacker could cause the Event Viewer to fail or could run code of their choice.

Novell issues
Regarding: Netware 5.1, Small Business Suite 5.1
Date Posted: Feb. 26, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This patch is the IBM WebSphere version 3.02 Application Server Standard Fixpack for NetWare. It resolves a large number of issues in areas such as installation, personalization, samples, scalability, administration, Web server plug-in, security, servlet support, JSP support, and EJB support.

Regarding: ConsoleOne v. 1.2d or better.
Date Posted: Feb. 27, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

Novell has released a ConsoleOne UNIX snap-in for Windows. It allows administrators to configure UNIX profiles for NDS objects.

Regarding: NetWare5, NetWare 5.1, Small Business Suite 5.1
Date Posted: Feb. 28, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

Yet another release from Novell this week is NDS version 7.51a and DSREPAIR version 5.26c for NetWare 5.0 and NetWare 5.1 servers running with the Recman (7.x) database. This patch provides a number of fixes and changes, but take note of the various warnings associated with it.

Regarding: NDS 8, NDS Corporate Edition, NDS eDirectory, NetWare 4.11, NetWare 4.2, NetWare 5, NetWare 5.1, NetWare for Small Business 4.2, Novell Small Business Suite 5.1, intraNetWare 4.11
Date Posted: Feb. 28, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

Novell has also released a patch that consists of the files needed before installing eDirectory 8.5 into an existing Directory Services tree. The issue at hand concerns the improperly modified schema to support new functionality for eDirectory 8.5. If 8.5 is put into a tree with the problem, a -613 error will occur during schema synch.

Virus updates from Trend Micro
Virus/Worm: TROJ_SUB7.21.E
Posted: Feb. 26, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: W97M_TITCH.H
Posted: Feb. 27, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: TROJ_GNUTELMAN.A
Posted: Feb. 27, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: TROJ_MYBABYPIC.A
Posted: Feb. 27, 2001
Risk: Medium
Information URL:Click here for more information on this virus.

Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past Exterminator columns with information on bugs and patches you may have missed.

 

Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-012)
Regarding: Outlook, Outlook Express
Date Posted: Feb. 22, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

An unchecked buffer in the component of Outlook and Outlook Express used to process vCards could allow an attacker to cause Outlook to fail or, more seriously, run their own code. Be aware that the patch is specific to your version of Internet Explorer, since Outlook Express ships as a component of IE.

Microsoft Security Bulletin (MS01-013)
Regarding: Windows 2000
Date Posted: Feb. 26, 2001
Patch URL:Click here to download the patch. (Patches for Windows 2000 Datacenter Server are hardware-specific. Contact your OEM.)
Information URL:Click here for more information.

Event Viewer in Windows 2000 has an unchecked buffer residing in the section of code that displays the detailed view of events. By entering specifically malformed data into a record, an attacker could cause the Event Viewer to fail or could run code of their choice.

Novell issues
Regarding: Netware 5.1, Small Business Suite 5.1
Date Posted: Feb. 26, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This patch is the IBM WebSphere version 3.02 Application Server Standard Fixpack for NetWare. It resolves a large number of issues in areas such as installation, personalization, samples, scalability, administration, Web server plug-in, security, servlet support, JSP support, and EJB support.

Regarding: ConsoleOne v. 1.2d or better.
Date Posted: Feb. 27, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

Novell has released a ConsoleOne UNIX snap-in for Windows. It allows administrators to configure UNIX profiles for NDS objects.

Regarding: NetWare5, NetWare 5.1, Small Business Suite 5.1
Date Posted: Feb. 28, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

Yet another release from Novell this week is NDS version 7.51a and DSREPAIR version 5.26c for NetWare 5.0 and NetWare 5.1 servers running with the Recman (7.x) database. This patch provides a number of fixes and changes, but take note of the various warnings associated with it.

Regarding: NDS 8, NDS Corporate Edition, NDS eDirectory, NetWare 4.11, NetWare 4.2, NetWare 5, NetWare 5.1, NetWare for Small Business 4.2, Novell Small Business Suite 5.1, intraNetWare 4.11
Date Posted: Feb. 28, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

Novell has also released a patch that consists of the files needed before installing eDirectory 8.5 into an existing Directory Services tree. The issue at hand concerns the improperly modified schema to support new functionality for eDirectory 8.5. If 8.5 is put into a tree with the problem, a -613 error will occur during schema synch.

Virus updates from Trend Micro
Virus/Worm: TROJ_SUB7.21.E
Posted: Feb. 26, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: W97M_TITCH.H
Posted: Feb. 27, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: TROJ_GNUTELMAN.A
Posted: Feb. 27, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: TROJ_MYBABYPIC.A
Posted: Feb. 27, 2001
Risk: Medium
Information URL:Click here for more information on this virus.

Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past Exterminator columns with information on bugs and patches you may have missed.

 

Editor's Picks

Free Newsletters, In your Inbox