Top: Advisories: Windows

• MS00-041: Patch Available for "DTS Password" Vulnerability
  Microsoft has released a patch that eliminates a security vulnerability in a component that ships with Microsoft® SQL Server 7.0. If the component is configured improperly, the vulnerability could allow passwords to be compromised.
  
• MS00-042: Patch Available for "Active Setup Download" Vulnerability
  Microsoft has released a patch that eliminates a security vulnerability in an ActiveX control that ships with Microsoft® Internet Explorer. The vulnerability could be used to overwrite files on the computer of a user who visited a malicious web site operator’s site.
  
• MS00-043: Patch Available for "Malformed E-mail Header" Vulnerability
  Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Outlook® and Outlook Express. Under certain conditions, the vulnerability could allow a malicious user to cause code of his choice to execute on another user’s computer.
  
• MS00-044: Patch Available for "Absent Directory Browser Argument" Vulnerabi
  Microsoft has released a patch that eliminates two security vulnerabilities in Microsoft® Internet Information Server. In sum, the vulnerabilities could allow a malicious user to stop the web server from providing useful service, or to extract certain types of information from it.
  
• MS00-045: Patch Available for "Persistent Mail-Browser Link" Vulnerability
  Microsoft has released a patch that eliminates a security vulnerability affecting Microsoft® Outlook Express. The vulnerability could allow a malicious user to send an email that would “read over the shoulder” of the recipient as he previews subsequent emails in Outlook Express.
  
• MS00-046: Patch Available for "Cache Bypass" Vulnerability
  Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Outlook® and Outlook Express. The vulnerability could allow a malicious user to send an HTML mail that, when opened, could read, but not add, change or delete, files on the recipient’s computer. If coupled with other vulnerabilities, it could potentially be used in more advanced attacks as well.
  
• MS00-047: Patch Available for "NetBIOS Name Server Protocol Spoofing" Vulne
  Microsoft has released a patch that eliminates a security vulnerability in a protocol implemented in Microsoft® Windows® systems. It could be used to cause a machine to refuse to respond to requests for service.
  
• MS00-048: Patch Available for "Stored Procedure Permissions" vulnerability
  Microsoft has released a patch that eliminates a security vulnerability in Microsoft® SQL Server 7.0. The vulnerability could allow a malicious user to run a database stored procedure without proper permissions.
  
• MS00-049: Patch Available for "The Office HTML Script " Vulnerability and a
  Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Office 2000 (Excel and PowerPoint) and in PowerPoint 97. Microsoft has also documented a workaround that prevents the use of Microsoft Access to exploit a vulnerability in Internet Explorer. A patch for the latter vulnerability will be available soon and we will have an update to this bulletin.
  
• MS00-050: Patch Available for "Telnet Server Flooding" Vulnerability
  Microsoft has released a patch that eliminates a security vulnerability in the Telnet Server that ships as part of Microsoft® Windows 2000. The vulnerability could allow a malicious user to prevent an affected machine from providing Telnet services.
  

[ 1 2 3 4 ]