Posted on 01/24/2003 12:39:01 PM PST by gonewt
Microsoft issued a critical warning about a security hole in Windows NT 4.0, Windows XP and Windows 2000 that could enable attackers to take over a vulnerable system.
The company also issued two more security warnings, about a flaw in Content Management Server 2001 rated as important, and a moderate-rated vulnerability in Outlook 2002. The company posted patches for all three flaws in the warnings, which were posted Wednesday.
The Windows flaw is in the Microsoft Locator service, which allows users to map easy-to-remember logical names of systems on a company's network, such as printer servers, to the actual network addresses. An attacker could take over by sending a malformed request to the Locator, although a firewall set to block external NetBIOS traffic will prevent attacks from the Internet.
The Content Management flaw would allow attackers to intercept data that an Internet user shares with a site created using the Microsoft software and change data shown to the user. And the Outlook flaw will stop Outlook from sending encrypted mail when users use V1 Exchange Server Security Certificates, which are not commonly used, Microsoft said. Instead, Outlook 2002 is set up to use Secure MIME (SMIME) certificates by default.
Microsoft has posted detailed security bulletins and patches for the Windows security flaw, as well as the Outlook and Content Management holes.
I asked my computer friend to translate this for me and here is his answer. - Tom
This sentence is out of context. What were they talking about? NTFS is a drive format only supported by WinNT, Win2000 and WinXP. Win95 98 ME can't deal with it.
If one was to upgrade a Win98 system to WinXP you wouldn't convert your hard drive. If you did a clean install of XP you would want NTFS. About the only time one wouldn't use NTFS is if you have a hard drive with multiple partitions and multiple operating systems. If one of the bootable operating systems was for example Win98 it would not be able to read the data in a WinXP NTFS partition.
This probably confuses you more, ask me over coffee.
As well as notified me that these fixes were available... and I promptly fixed it.... Thanks!
I had my system built almost three years ago. At the time, I was using Win98. I supplied the new hard drive and had them install it when they built the system. Shortly after, I upgraded to ME. Then, shortly after XP came out, I upgraded to XP, but never told the install to convert the hard drive to NTFS.
YeahRight... how many average users (even average Linux users) even know what CVS is? OTOH, everybody knows about Lookout Outlook.
That unchecked buffer in the Locator Service is pretty serious... lots of domain controllers are vulnerable. That translates to a lot of Windows users -- particularly in business settings.
CVS is primarily used by developers and librarians. I never use it, because to get a tarball or an RPM, you don't need CVS.
Just curious. I saw that you posted a thread day before yesterday indicating your belief that because CVS (a source control system used for programmers) was found to have a security flaw, that this again showed that open source is fundamentally flawed.
Yet here when a security flaw is found that impacts Microsofts Content Management server -- which does essentially what CVS does -- that it is a non-issue?
Now I tend to be neutral on the MS/Mac/Unix/Linux wars - I have used all of them and currently run Win2000, WinXP, and Linux. But it appears you are quite biased. Why do you have a knee-jerk reaction to attack Linux and Mac and defend MS no matter what? Especially here where you have attacked the one and defended the other - for flaws in the same functional area?
Is this like a religious issue for you?
No matter what position one has re MS vs Linux, etal ... I can't see as any take Bosh2K's religious mypoia about MSs work product for any value, as clearly tainted by bias it is.
MS has some great stuff, and so does Linus, open source, Sun, and Mac, etc. This CVS bug is not the problem Herr Bosher has made it to be ... there are many safeguards, checks and oversights over builds that would flag a compromise. Yet he complains not for edification, for where has the Master of MS-Mayhem been today, the day of molasses over MS-serverdom? No, not for education -- but simply to knock and mock.
Of course not. But it IS Microsoft's fault that the bug got out there in the first place.
WTF man! An unchecked buffer is one of the easiest flaws to prevent before it's released, and one of the most expensive to fix after release. I used to fix these things all of the time! I get steamed at the Open Source crowd for this too.
IF (length - pointer) <= buffer length THEN copy the buffer ELSE signal error ENDIF
It's one of the easiest constructs in programming! I know you guys don't program in assembler, but why don't your tools and code reviews pick this stuff up?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.