Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Microsoft Issues Security Warnings for Windows, Outlook And Content Management
InternetWeek.com ^

Posted on 01/24/2003 12:39:01 PM PST by gonewt

Microsoft issued a critical warning about a security hole in Windows NT 4.0, Windows XP and Windows 2000 that could enable attackers to take over a vulnerable system.

The company also issued two more security warnings, about a flaw in Content Management Server 2001 rated as important, and a moderate-rated vulnerability in Outlook 2002. The company posted patches for all three flaws in the warnings, which were posted Wednesday.

The Windows flaw is in the Microsoft Locator service, which allows users to map easy-to-remember logical names of systems on a company's network, such as printer servers, to the actual network addresses. An attacker could take over by sending a malformed request to the Locator, although a firewall set to block external NetBIOS traffic will prevent attacks from the Internet.

The Content Management flaw would allow attackers to intercept data that an Internet user shares with a site created using the Microsoft software and change data shown to the user. And the Outlook flaw will stop Outlook from sending encrypted mail when users use V1 Exchange Server Security Certificates, which are not commonly used, Microsoft said. Instead, Outlook 2002 is set up to use Secure MIME (SMIME) certificates by default.

Microsoft has posted detailed security bulletins and patches for the Windows security flaw, as well as the Outlook and Content Management holes.


TOPICS: Business/Economy; News/Current Events; Technical
KEYWORDS: microsoft; vulnerable; windows
Navigation: use the links below to view more comments.
first previous 1-2021-40 last
Comment #21 Removed by Moderator

To: Sir Gawain
NTFS wasn't the reason. To be honest, I don't know what caused the modem situation. I just didn't like the NTFS option because it was irreversible concerning the OS.
22 posted on 01/24/2003 3:51:58 PM PST by Paul Atreides
[ Post Reply | Private Reply | To 20 | View Replies]

To: Paul Atreides
Whatever you do, DO NOT have XP convert your hard drive to NTFS format. If it does, the OS cannot be uninstalled and the only way to undo the NTFS format is to have the drive reformatted

I asked my computer friend to translate this for me and here is his answer. - Tom

This sentence is out of context. What were they talking about? NTFS is a drive format only supported by WinNT, Win2000 and WinXP. Win95 98 ME can't deal with it.

If one was to upgrade a Win98 system to WinXP you wouldn't convert your hard drive. If you did a clean install of XP you would want NTFS. About the only time one wouldn't use NTFS is if you have a hard drive with multiple partitions and multiple operating systems. If one of the bootable operating systems was for example Win98 it would not be able to read the data in a WinXP NTFS partition.

This probably confuses you more, ask me over coffee.

23 posted on 01/24/2003 3:58:40 PM PST by Capt. Tom
[ Post Reply | Private Reply | To 3 | View Replies]

To: gonewt
Microsoft has posted detailed security bulletins and patches for the Windows security flaw, as well as the Outlook and Content Management holes.

As well as notified me that these fixes were available... and I promptly fixed it.... Thanks!

24 posted on 01/24/2003 4:00:17 PM PST by HairOfTheDog
[ Post Reply | Private Reply | To 1 | View Replies]

To: Capt. Tom
Here's the deal:

I had my system built almost three years ago. At the time, I was using Win98. I supplied the new hard drive and had them install it when they built the system. Shortly after, I upgraded to ME. Then, shortly after XP came out, I upgraded to XP, but never told the install to convert the hard drive to NTFS.

25 posted on 01/24/2003 4:05:51 PM PST by Paul Atreides
[ Post Reply | Private Reply | To 23 | View Replies]

To: gonewt

26 posted on 01/24/2003 4:14:11 PM PST by Bush2000
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
if you really want to complain about bugs, chew on this really serious vulnerability...

YeahRight... how many average users (even average Linux users) even know what CVS is? OTOH, everybody knows about Lookout Outlook.

27 posted on 01/24/2003 6:07:18 PM PST by TechJunkYard (via Blue)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Sir Gawain
Ditto that.

So far I like XP much more then I did Win98.

:)
28 posted on 01/24/2003 6:45:29 PM PST by Sweet_Sunflower29
[ Post Reply | Private Reply | To 14 | View Replies]

To: TechJunkYard
YeahRight... how many average users (even average Linux users) even know what CVS is? OTOH, everybody knows about Outlook.

You missed the point. People don't have to know about CVS in order to be affected by its bugs. The MS bugs cited in this article affect practically nobody. But the CVS bugs potentially affect every open source user because the use of CVS is so pervasive in open source development projects.
29 posted on 01/24/2003 8:45:25 PM PST by Bush2000
[ Post Reply | Private Reply | To 27 | View Replies]

To: Bush2000
The MS bugs cited in this article affect practically nobody.

That unchecked buffer in the Locator Service is pretty serious... lots of domain controllers are vulnerable. That translates to a lot of Windows users -- particularly in business settings.

CVS is primarily used by developers and librarians. I never use it, because to get a tarball or an RPM, you don't need CVS.

30 posted on 01/24/2003 9:05:16 PM PST by TechJunkYard (via Blue)
[ Post Reply | Private Reply | To 29 | View Replies]

To: TechJunkYard
That unchecked buffer in the Locator Service is pretty serious... lots of domain controllers are vulnerable. That translates to a lot of Windows users -- particularly in business settings.

Attacks from within the firewall are practically non-existent.

CVS is primarily used by developers and librarians. I never use it, because to get a tarball or an RPM, you don't need CVS.

The unfortunate thing is that somebody could slip trojan code into a CVS dev tree, it would get built, and then you pick up the tarball or an RPM. Now, you're affected.
31 posted on 01/24/2003 9:26:50 PM PST by Bush2000
[ Post Reply | Private Reply | To 30 | View Replies]

To: Bush2000
Yeah... and a two-year-old bug in MS-SQL can bring down half of the 'net.
32 posted on 01/25/2003 6:50:45 AM PST by TechJunkYard (via Cherie)
[ Post Reply | Private Reply | To 31 | View Replies]

To: goodnesswins
Still working with both in multiple production environments, I truly believe that, unless you need sophisticated networking, you are talking about a "sidegrade", not an upgrade.
33 posted on 01/25/2003 7:22:02 AM PST by jammer (We are doing to ourselves what Bin Laden could only dream of doing.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Bush2000
# Content Management - How many people actually run this? A thimbleful?

Just curious. I saw that you posted a thread day before yesterday indicating your belief that because CVS (a source control system used for programmers) was found to have a security flaw, that this again showed that open source is fundamentally flawed.

Yet here when a security flaw is found that impacts Microsofts Content Management server -- which does essentially what CVS does -- that it is a non-issue?

Now I tend to be neutral on the MS/Mac/Unix/Linux wars - I have used all of them and currently run Win2000, WinXP, and Linux. But it appears you are quite biased. Why do you have a knee-jerk reaction to attack Linux and Mac and defend MS no matter what? Especially here where you have attacked the one and defended the other - for flaws in the same functional area?

Is this like a religious issue for you?

34 posted on 01/25/2003 10:45:30 AM PST by dark_lord
[ Post Reply | Private Reply | To 26 | View Replies]

To: Bush2000
Is CVS as important as SQL-Server?
35 posted on 01/25/2003 4:49:28 PM PST by bvw
[ Post Reply | Private Reply | To 31 | View Replies]

To: dark_lord
Bush2000, all bluster, nearly content free. He does have a chip on his shoulder.

No matter what position one has re MS vs Linux, etal ... I can't see as any take Bosh2K's religious mypoia about MSs work product for any value, as clearly tainted by bias it is.

MS has some great stuff, and so does Linus, open source, Sun, and Mac, etc. This CVS bug is not the problem Herr Bosher has made it to be ... there are many safeguards, checks and oversights over builds that would flag a compromise. Yet he complains not for edification, for where has the Master of MS-Mayhem been today, the day of molasses over MS-serverdom? No, not for education -- but simply to knock and mock.

36 posted on 01/25/2003 5:06:41 PM PST by bvw
[ Post Reply | Private Reply | To 34 | View Replies]

To: TechJunkYard
Yeah... and a two-year-old bug in MS-SQL can bring down half of the 'net.

Is it Microsoft's fault that some customers refuse to keep their servers updated/patched?
37 posted on 01/26/2003 12:06:02 AM PST by Bush2000
[ Post Reply | Private Reply | To 32 | View Replies]

To: bvw
Is CVS as important as SQL-Server?

It depends on what's actually done about it by the people that use it. If they patch their stuff, it's should have a minimal impact.
38 posted on 01/26/2003 12:07:11 AM PST by Bush2000
[ Post Reply | Private Reply | To 35 | View Replies]

To: dark_lord
Yet here when a security flaw is found that impacts Microsofts Content Management server -- which does essentially what CVS does -- that it is a non-issue?

CVS is a widely used source control system. Most open source projects use it. Content Management server is barely used by anybody. Therefore, which do you think affects more customers? Duh.
39 posted on 01/26/2003 12:08:21 AM PST by Bush2000
[ Post Reply | Private Reply | To 34 | View Replies]

To: Bush2000
Is it Microsoft's fault that some customers refuse to keep their servers updated/patched?

Of course not. But it IS Microsoft's fault that the bug got out there in the first place.

WTF man! An unchecked buffer is one of the easiest flaws to prevent before it's released, and one of the most expensive to fix after release. I used to fix these things all of the time! I get steamed at the Open Source crowd for this too.

IF (length - pointer) <= buffer length
  THEN copy the buffer
  ELSE signal error
ENDIF

It's one of the easiest constructs in programming! I know you guys don't program in assembler, but why don't your tools and code reviews pick this stuff up?

40 posted on 01/26/2003 6:00:49 AM PST by TechJunkYard (via Cherie)
[ Post Reply | Private Reply | To 37 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-40 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson