Y2K has come and gone, but there’s trouble in its wake. While the holidays awarded some administrators a few days off, others received the privilege of working overtime right through New Year’s Day.

Count on Exterminator

Each Friday, Exterminator brings you news of important bug fixes, virus recovery information, service release announcements, security notices, and more from the prior week.

While thoughts turned to the Y2K conversion, viruses kept right on trucking, and brand new bugs have already christened the new millennium. Here are the highlights to get you caught up quickly:

Re-release of Microsoft Security Bulletin MS99-046
Redmond eliminated a regression error that had existed in its patch developed to improve the randomness of TCP initial sequence numbers in Windows NT 4.0. You can find the details here .

Microsoft Security Bulletin (MS99-056)
In December, Redmond released a patch eliminating a Windows NT Syskey vulnerability. More information is available on Microsoft’s site .

Microsoft Security Bulletin (MS99-057)
A patch is now available for a Windows NT hole in which LsaLookupSids() could have incorrectly processed invalid arguments when determining SIDs. More information is available on Microsoft’s site .

Microsoft Security Bulletin (MS99-058)
This alert deals with a “Virtual Directory Naming” flaw in Internet Information Server. Under certain conditions, a Web server could send the source code of ASP and other files to a visiting user. You can obtain the patch from Microsoft .

Microsoft Security Bulletin (MS99-059)
Specially malformed packets sent to a SQL server could cause the SQL server to crash. Port 1433 would have to be left open at the firewall for the vulnerability to be exploited. You’ll find Microsoft’s patch fixing the hole here .

Microsoft Security Bulletin (MS99-060)
This alert, distributed by Redmond just before Christmas, addresses two issues related to the following:

  • Attachments to HTML mail in the Outlook Express mail client for Macintosh systems could automatically be downloaded onto the users’ computers.
  • Some digital certificates included in Internet Explorer for Macintosh were set to expire Dec. 31, 1999.

If you have Macintosh clients on your network, you can get the patch here .

Microsoft Security Bulletin (MS99-061)
Another Internet Information Server flaw was patched in late December. According to the bulletin, the escape character parsing vulnerability “could allow files on a Web server to be specified using an alternate representation, in order to bypass access controls of some third-party applications.”

More information is available on Microsoft’s site .

Microsoft Security Bulletin (MS00-001)
A patch is now available from Microsoft eliminating a hole in its Commercial Internet System Mail server. Without the patch, a user could remotely cause services to fail or run arbitrary code on the server. The problem is related to MCIS Mail’s IMAP service possessing an unchecked buffer.

Novell Client updates
CLIENTS.TXT is a download posted by Novell to its sit e on Dec. 20, 1999. The current Novell clients for NetWare 5, 4.x, and 3.x are as follows:

  • Novell Client v3.1 for Windows 95/98, plus Client Service Pack 2 (TID 2954141)
  • Novell Client v4.6 for Windows NT w/ Z.E.N.works Starter Pack, plus Client Service Pack 2 (TID 2954142)
  • Novell Client v2.71 for DOS and Windows 3.x

ManageWise updates
Virus signature updates were posted on Jan. 3, 2000, to Novell’s Web site for ManageWise versions 2.5 and 2.6 and InocuLAN v 4.0 for Windows NT.

You can find the files, MWINOC2T.EXE and WMINOCT2.EXE, on Novell’s support site .

TROJ_NEWAPT virus
Late in December, the Trend Micro US Virus Research Group warned of two new TROJ_NEWAPT variants. The memory-resident viruses try to propagate via e-mail. Additional information is available on Trend’s Web site .

VBS_TUNE virus
I received a report late last week from Trend warning of the VBS_TUNE virus. While it supposedly spreads using the Outlook client and Internet relay chat, I haven’t received word from anyone bothered by it. Regardless, you’ll want to be aware that it’s out there, and you may want to warn your users.

The virus is a self-spamming worm, according to Trend . It affects Windows 95/98/NT and 2000 where the Windows Scripting Host is installed and comes attached as “tune.vbs” in e-mails with a subject line of “Hey, you really need to check out this attached file I sent you…Please check it out as soon as possible.”

Have a comment?

If you’d like to share your opinion, please post a comment below.