CA-99-07 IIS Buffer Overflow There is a buffer overflow vulnerability in Microsoft Internet Information Server (IIS) 4.0. A tool to exploit this vulnerability has been publicly released.
Code Red Worm A computer worm that spreads fast on Microsoft operating systems and causes widespread Internet slowdowns could make another ugly appearance soon, government and corporate anti-virus experts warned Monday.
MS00-029: Patch Available for "IP Fragment Reassembly" Vulnerability Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Windows® 95, Windows 98, Windows NT® 4.0 and Windows 2000. The vulnerability could be used to cause an affected machine to temporarily stop performing useful work.
MS00-030: Patch Available for "Malformed Extension Data in URL" Vulnerabili Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Internet Information Server. The vulnerability could be used to slow the performance of an affected server, or temporarily stop it altogether.
MS00-031: Patch Available for "Undelimited .HTR Request" and "File Fragment Microsoft has released a patch that eliminates two security vulnerabilities in Microsoft® Internet Information Server. The vulnerabilities could, respectively, be used to slow an affected web server's response or to obtain the source code of certain types of files under very restricted conditions.
MS00-032: Patch Available for "Protected Store Key Length" Vulnerability Microsoft has released a patch and a tool that eliminate a security vulnerability in Microsoft® Windows® 2000. The vulnerability could make it easier for a malicious user who had complete control over a Windows 2000 machine to compromise users' sensitive information.
MS00-034: Patch Available for "Office 2000 UA Control" Vulnerability Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Office 2000 and Office 2000 family members. The vulnerability could allow a malicious web site operator to take inappropriate action on the computer of a user who visited his web site.
MS00-036: Patch Available for "ResetBrowser Frame" and "HostAnnouncement Fl Microsoft has released a patch that eliminates two security vulnerabilities, one affecting Microsoft® Windows NT® 4.0 and Windows® 2000, and the other affecting Windows NT 4.0 only. Under certain conditions, the vulnerability could allow a malicious user to make it difficult or impossible for other users to locate services and computers on a network; in the worst case, it could allow him to provide incorrect information about the same services and computers.
MS00-037: Patch Available for "HTML Help File Code Execution? " Vulnerabili Microsoft has released a patch that eliminates a security vulnerability in the HTML Help facility that ships with Microsoft® Internet Explorer. Under certain conditions, the vulnerability could allow a malicious web site to take inappropriate action on the computer of a visiting user.
MS00-039: Patch Available for "SSL Certificate Validation" Vulnerabilities Microsoft has released a patch that eliminates two security vulnerabilities in Microsoft® Internet Explorer. The vulnerabilities involve how IE handles digital certificates; under a very daunting set of circumstances, they could allow a malicious web site operator to pose as a trusted web site.
