Home > Microsoft Security > Microsoft Security Bulletin Ms02-001

Microsoft Security Bulletin Ms02-001

All of the changes included in the re-released bulletin are included in SQL Server 2000 Service Pack 3a and MSDE 2000 Service Pack 3a. As a result, it would be possible for a client to send a chunk that would overwrite most or all of the memory on the systemThis is a critical point, because See References. Like the vulnerability discussed above, this is a heap overrun. Source

I thought that the SQL Server 2000 patch in Microsoft Security Bulletin MS02-039 corrected the vulnerability being exploited by the "slammer" virus. What would these vulnerabilities enable an attacker to do? To give an example, let's assume the following scenario: A trust relationship exists between two domains, called Domain A and Domain B. In the case of this vulnerability, the affected code is an ISAPI extension that implements scripting via Active Server Pages.

In addition to eliminating previously discussed vulnerabilities, it also eliminates several new ones: A vulnerability that could enable an attacker to gain control over a web server running IIS 4.0 or What would this enable an attacker to do? A vulnerability that could enable an attacker to gain control over a web server running IIS 4.0 or 5.0. The following command will stop the service: sc stop RpcLocator To disable the service using the command line tool, use the following: sc config RpcLocator start= disabled What systems would be

Other information: Acknowledgments Microsoft thanks Zentai Peter Aron, Ivy Hungary Ltd (http://w3.ivy.hu/) for reporting this issue to us and working with us to protect customers. Data on the server can change locations from one moment to the next, impeding the attacker's ability to overwrite selected programs or data. MDAC is a ubiquitous technology that is included with many Microsoft products: By default, MDAC is included as part of Microsoft Windows XP, Windows 2000, and Windows Millennium Edition. JScript is not affected by this vulnerability.

However, to succeed at this, the server would have to be configured to allow an untrusted user to load and execute queries of their choice. By default, the Locator service is enabled only on Windows 2000 domain controllers and Windows NT 4.0 domain controllers; it is not enabled on Windows NT 4.0 workstations or member servers, This information could then be passed back to the malicious site and could include personal information such as usernames, passwords, or credit card information. There are only two significant differences: This vulnerability affects additional versions of IIS.

All of these vulnerabilities have the same scope and effect: an attacker who was able to lure a user into clicking a link on his web site could relay a request If this were done, it would have the effect of limiting the potential actions an attacker could take in the event of a successful attack. No. However, this isn't as easily exploited as it might initially appear to be, because there are no functions by which the attacker - even with administrative privileges - could arbitrarily manipulate

  1. If the vulnerability were exploited to change the operation of the server software, what would the attacker be able to do?
  2. Built at 2014-04-18T13:49:36Z-07:00 Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful?
  3. Buffer overrun in HTR ISAPI extension: Microsoft has long recommended disabling the HTR ISAPI extension.
  4. You can verify the version of VBScript you're running by checking the version of VBScript.dll, that resides in directory System32 of the Windows directory, by right clicking on it in Explorer
  5. Knowledge Base articles can be found on the Microsoft Online Support web site.
  6. To verify the individual files, use the date/time and version information provided in the following registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP3\SP2SRP1\Filelist Caveats: Subsequent to the initial release of this bulletin, a memory leak was
  7. Severity Rating: SQL Server 7.0 (Including MSDE 1.0) Critical SQL Server 2000 (Including MSDE 2000) Critical The above assessment is based on the types of systems affected by the vulnerability, their

An attacker could attempt to exploit this vulnerability by constructing a web page that would exploit the vulnerability. It would be extremely difficult. This issue received a critical rating because an authenticated user could connect to a SQL Server and insert, delete or update web tasks. Some of the Server Extensions install as part of IIS 4.0, 5.0 and 5.1 by default, and others must be installed separately.

No. this contact form Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! It would therefore reject the request. However, if you've upgraded your version of VBScript manually, the versions of VBScript and IE no longer match.

Common uses of scripts on a web page are validating user input, working with controls on a page, and communicating with the user. V2.3 (January 28, 2003): Added uninstall instructions for the re-released patch to the Additional Information section. Microsoft has developed a mechanism called SID Filtering that eliminates the vulnerability and adds further protection between trusting domains. http://chatflow.net/microsoft-security/microsoft-security-bulletin-ms04-040.html By using ODBC, you can create database applications with access to any database for which an ODBC driver exists.

The name is a logical name that is easy for users to recognize and use. Frequently asked questions What's the scope of this vulnerability? Am I vulnerable to this issue?

This is a cumulative patch that, when applied, eliminates most security vulnerabilities affecting Internet Information Server (IIS) 4.0 (exceptions are listed below in the Caveats section) and all vulnerabilities affecting Internet

What is .HTR? Yes. If the rule of least privilege has been followed, it would minimize the amount of damage an attacker could achieve. There is no capability to use the vulnerability to gain privileges on the system.

In some cases, requesting a particular web page will cause it to be included within an ASP script as part of its processing. It could allow a malicious web site operator to view files on the local computer of a visiting user. I'm confused. Check This Out By design, it should trust the trusted domain's authentication - but only for accounts the trusted domain is authoritative over.

However, by constructing a request in a particular way, it's possible to spoof this check, and make IIS conclude that the delimiting characters are present when in fact they aren't. RPC can be used in client/server applications based on Microsoft Windows operating systems and can also be used in heterogeneous network environments that include other operating systems. What causes the vulnerability? We appreciate your feedback.

If installed on Windows XP Service Pack 1:To verify that the patch has been installed, confirm that the following registry key has been created on the machine: HKLM\Software\Microsoft\Updates\Windows XP\SP2\Q810833. This sounds a lot like a variant of the Frame Domain Verification vulnerability, is it the same thing? The component containing the vulnerability is removed by default by the IIS Lockdown Tool. For Windows 2000: Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS02-001.

Thereafter, the trusting domain checks all incoming authorization data from that trusted domain and removes any SIDs that don't belong to it. The problem in this case involves how IIS handles a particular type of error condition that can be generated by ISAPI filters.