Security

Microsoft and Novell release a flurry of new fixes

This week, Exterminator found numerous patches and fixes, including a second attempt from Microsoft at updating last week's Outlook Web Access fix. Also included are four Novell patches and three virus warnings.


Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-030)
Regarding: Exchange 5.5 Server and Exchange 2000 Server Outlook Web Access
Date Posted: June 6, 2001
Patch URL: Click here to download the patch for Exchange 5.5.
Click here to download the patch for Exchange 2000.
Information URL: Click here for more information.

Microsoft has updated this patch twice since last week. They discovered that the vulnerability affects Exchange Server 5.5 as well as 2000. If you or any of your users access your e-mail via Outlook Web Access, then watch out for this bug. If you open an attachment containing HTML with script, then that script will execute. This could give an attacker control of your mailbox.

Microsoft Security Bulletin (MS01-031)
Regarding: Windows 2000 Telnet service
Date Posted: June 7, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Microsoft has discovered seven different vulnerabilities in Windows 2000 Telnet service. They could allow privilege elevation, denial of service, or information disclosure.

Microsoft Security Bulletin (MS01-032)
Regarding: SQL Server 7.0 and 2000 Gold
Date Posted: June 12, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This patch addresses a privilege elevation vulnerability that results from SQL Server’s practice of caching a client connection for a short time after the connection is terminated. The right query could cause reuse of that connection, giving an attacker system administrator privileges.

Novell issues
Regarding: GroupWise, GroupWise 5.5, Novell Small Business Suite 5, Novell Small Business Suite 5.1
Date Posted: June 12, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This patch fixes a number of issues with GroupWare, ranging from incorrect decoding of Japanese characters to problems sending e-mail to external users.

Regarding: NDS Corporate Edition, NDS eDirectory, eDirectory 8.5, iChain, iChain 1.5
Date Posted: June 12, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

It is with a sense of deja vu that Exterminator passes along this patch, which provides an ndsrepair menu with a DSREPAIR.NLM appearance.

Regarding: NDS 8, NetWare 5, NetWare 5.1, Novell Small Business Suite 5, Novell Small Business Suite 5.1
Date Posted: June 12, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This patch provides an NDS update for those using the eDirectory 8 database. Novell recommends that this patch be applied with Support Pack 2.0a for NetWare 5.1 or Support Pack 6.0a for NetWare 5.0.

Regarding: NetWare 5.1, Novell Small Business Suite 5.1
Date Posted: June 13, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Not a patch, this release from Novell contains a set of instructions for creating a CD to allow the concurrent installation of NetWare 5.1 and Support Pack 2a. This is an updated version from last week.

Virus updates from Trend Micro
Virus/Worm: W97M_RECENT.A
Posted: June 11, 2001
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: PE_HLLC.DANY.A
Posted: June 12, 2001
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: W97M_HLAM.A
Posted: June 13, 2001
Risk: Low
Information URL: Click here for more information on this virus.

Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-030)
Regarding: Exchange 5.5 Server and Exchange 2000 Server Outlook Web Access
Date Posted: June 6, 2001
Patch URL: Click here to download the patch for Exchange 5.5.
Click here to download the patch for Exchange 2000.
Information URL: Click here for more information.

Microsoft has updated this patch twice since last week. They discovered that the vulnerability affects Exchange Server 5.5 as well as 2000. If you or any of your users access your e-mail via Outlook Web Access, then watch out for this bug. If you open an attachment containing HTML with script, then that script will execute. This could give an attacker control of your mailbox.

Microsoft Security Bulletin (MS01-031)
Regarding: Windows 2000 Telnet service
Date Posted: June 7, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Microsoft has discovered seven different vulnerabilities in Windows 2000 Telnet service. They could allow privilege elevation, denial of service, or information disclosure.

Microsoft Security Bulletin (MS01-032)
Regarding: SQL Server 7.0 and 2000 Gold
Date Posted: June 12, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This patch addresses a privilege elevation vulnerability that results from SQL Server’s practice of caching a client connection for a short time after the connection is terminated. The right query could cause reuse of that connection, giving an attacker system administrator privileges.

Novell issues
Regarding: GroupWise, GroupWise 5.5, Novell Small Business Suite 5, Novell Small Business Suite 5.1
Date Posted: June 12, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This patch fixes a number of issues with GroupWare, ranging from incorrect decoding of Japanese characters to problems sending e-mail to external users.

Regarding: NDS Corporate Edition, NDS eDirectory, eDirectory 8.5, iChain, iChain 1.5
Date Posted: June 12, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

It is with a sense of deja vu that Exterminator passes along this patch, which provides an ndsrepair menu with a DSREPAIR.NLM appearance.

Regarding: NDS 8, NetWare 5, NetWare 5.1, Novell Small Business Suite 5, Novell Small Business Suite 5.1
Date Posted: June 12, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

This patch provides an NDS update for those using the eDirectory 8 database. Novell recommends that this patch be applied with Support Pack 2.0a for NetWare 5.1 or Support Pack 6.0a for NetWare 5.0.

Regarding: NetWare 5.1, Novell Small Business Suite 5.1
Date Posted: June 13, 2001
Patch URL: Click here to download the patch.
Information URL: Click here for more information.

Not a patch, this release from Novell contains a set of instructions for creating a CD to allow the concurrent installation of NetWare 5.1 and Support Pack 2a. This is an updated version from last week.

Virus updates from Trend Micro
Virus/Worm: W97M_RECENT.A
Posted: June 11, 2001
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: PE_HLLC.DANY.A
Posted: June 12, 2001
Risk: Low
Information URL: Click here for more information on this virus.

Virus/Worm: W97M_HLAM.A
Posted: June 13, 2001
Risk: Low
Information URL: Click here for more information on this virus.

Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Editor's Picks