Security

Microsoft releases ISA Server, Windows patches

One of the Microsoft patches Exterminator found this week will interest almost everyone: It affects all versions of Windows and could allow an attacker access to your intranet. Also, check out three issues from Novell and a medium-risk virus warning.


Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-021)
Regarding: ISA Server 2000
Date Posted: April 16, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

According to Microsoft, if a certain type of Web request exceeds a particular length, the ISA Server Web Proxy service won’t be able to process it. The result is an access violation and failure of the Web Proxy service. You’re particularly vulnerable to this bug if you have the Web Publishing feature enabled, but Microsoft recommends that everyone apply the patch.

Microsoft Security Bulletin (MS01-022)
Regarding: Windows 95 and later
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This vulnerability allows an attacker to access a user’s intranet and could allow access to Web-based e-mail by exploiting an implementation flaw in the Microsoft Data Access Component Internet Publishing Provider. The flaw prevents differentiation between requests made directly by the user and those made by a script running in the browser.

Novell issues
Regarding: NetWare 4.2, 5.1, and Small Business Suite 5.1
Date Posted: April 16, 2001
Patch URL:Click here to download.
Information URL:Click here for more information.

This download, called TOOLBOX.NLM, provides a number of utilities designed for use at the server console or through NCF files.

Regarding: ZENworks for Desktops
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

The new scanner files in this patch enable ZENworks for Desktops 3 Inventory to support the scan of Vendor Specific Asset Information from DMI.

Regarding: GroupWise
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This patch fixes a problem with GroupWise Enhancement Pack Client and PumaTech software in which the TO, CC, and BCC fields don’t sync properly.

Regarding: GroupWise, Novell Small Business Suite 5, Novell Small Business Suite 5.1
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This patch addresses the same issue as the one above but is designed specifically for GroupWise 5.5 Support Pack 3 or Support Pack 4.

Virus updates from Trend Micro
Virus/Worm: ELF_ADORE.A
Posted: April 16, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: TROJ_EUTH.152
Posted: April 17, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: TROJ_MATCHER.A
Posted: April 18, 2001
Risk: Medium
Information URL:Click here for more information on this virus.

Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-021)
Regarding: ISA Server 2000
Date Posted: April 16, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

According to Microsoft, if a certain type of Web request exceeds a particular length, the ISA Server Web Proxy service won’t be able to process it. The result is an access violation and failure of the Web Proxy service. You’re particularly vulnerable to this bug if you have the Web Publishing feature enabled, but Microsoft recommends that everyone apply the patch.

Microsoft Security Bulletin (MS01-022)
Regarding: Windows 95 and later
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This vulnerability allows an attacker to access a user’s intranet and could allow access to Web-based e-mail by exploiting an implementation flaw in the Microsoft Data Access Component Internet Publishing Provider. The flaw prevents differentiation between requests made directly by the user and those made by a script running in the browser.

Novell issues
Regarding: NetWare 4.2, 5.1, and Small Business Suite 5.1
Date Posted: April 16, 2001
Patch URL:Click here to download.
Information URL:Click here for more information.

This download, called TOOLBOX.NLM, provides a number of utilities designed for use at the server console or through NCF files.

Regarding: ZENworks for Desktops
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

The new scanner files in this patch enable ZENworks for Desktops 3 Inventory to support the scan of Vendor Specific Asset Information from DMI.

Regarding: GroupWise
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This patch fixes a problem with GroupWise Enhancement Pack Client and PumaTech software in which the TO, CC, and BCC fields don’t sync properly.

Regarding: GroupWise, Novell Small Business Suite 5, Novell Small Business Suite 5.1
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This patch addresses the same issue as the one above but is designed specifically for GroupWise 5.5 Support Pack 3 or Support Pack 4.

Virus updates from Trend Micro
Virus/Worm: ELF_ADORE.A
Posted: April 16, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: TROJ_EUTH.152
Posted: April 17, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: TROJ_MATCHER.A
Posted: April 18, 2001
Risk: Medium
Information URL:Click here for more information on this virus.

Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Editor's Picks