Fixlet Site - EnterpriseSecurity
Current Version: 769	Published: Thu, 10 Aug 2006 01:49:14 GMT


***************************************************************
Title: MS99-033: "Malformed Telnet Argument" Patch for Windows 98 Telnet Client
Severity: <Unspecified>
Fixlet ID: 9903301
Fixlet Link: http://www.microsoft.com/technet/Security/bulletin/MS99-033.asp

Fixlet Description: Microsoft has released a patch to fix the "Malformed Telnet Argument" security hole within the Windows 98 Telnet Client application. This security hole could allow a malicious program to gain access to affected computers when users view a corrupted web page. After installing this patch, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS99-033: CORRUPT PATCH - Windows 98
Severity: <Unspecified>
Fixlet ID: 9903302
Fixlet Link: http://www.microsoft.com/technet/Security/bulletin/MS99-033.asp

Fixlet Description: The listed computers have faulty installations of a patch for the vulnerability described in MS bulletin MS99-033. Some files being used by these computers have versions earlier than those of the corresponding files installed by the patch. Services or applications installed after the patch was distributed may have overwritten the files, or the initial installation may have been faulty. We recommend reinstalling this patch to ensure the safety of affected computers.

***************************************************************
Title: MS99-033: "Malformed Telnet Argument" Patch for Windows 95 Telnet Client
Severity: <Unspecified>
Fixlet ID: 9903303
Fixlet Link: http://www.microsoft.com/technet/Security/bulletin/MS99-033.asp

Fixlet Description: Microsoft has released a patch to fix the "Malformed Telnet Argument" security hole within the Windows 95 Telnet Client application. This security hole could allow a malicious program to gain access to affected computers when users view a corrupted web page. After installing this patch, affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-033: CORRUPT PATCH - Windows 95
Severity: <Unspecified>
Fixlet ID: 9903304
Fixlet Link: http://www.microsoft.com/technet/Security/bulletin/MS99-033.asp

Fixlet Description: The listed computers have faulty installations of a patch for the vulnerability described in MS bulletin MS99-033. Some files being used by these computers have versions earlier than those of the corresponding files installed by the patch. Services or applications installed after the patch was distributed may have overwritten the files, or the initial installation may have been faulty. We recommend reinstalling this patch to ensure the safety of affected computers. This patch fixes the "Malformed Telnet Argument" security hole within the Windows 95 Telnet Client application. This security hole could allow a malicious program to gain access to affected computers when users view a corrupted web page. After installing this patch, affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-036: Windows NT 4.0 Does Not Delete Unattended Installation File $winnt$.inf
Severity: <Unspecified>
Fixlet ID: 9903601
Fixlet Link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-036.asp

Fixlet Description: Microsoft has revealed that there could be a potential security vulnerability in the unattended installation feature of Microsoft® Windows NT 4.0 Workstation and Server that could cause sensitive information to be exposed. The parameter file $winnt$.inf is used in normal unattended installations. Sometimes this file can contain sensitive information such as machine account passwords or Local Administrator passwords. If you performed unattended installations of Windows NT, you may want to review the information within this file or click on the action button below to delete this file altogether.

***************************************************************
Title: MS99-036: Windows NT 4.0 Does Not Delete Unattended Installation File $nt4pre$.inf
Severity: <Unspecified>
Fixlet ID: 9903602
Fixlet Link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-036.asp

Fixlet Description: Microsoft has revealed that there could be a potential security vulnerability in the unattended installation feature of Microsoft® Windows NT 4.0 Workstation and Server that could cause sensitive information to be exposed. The parameter file $nt4pre$.inf is used in Sysprep. Sometimes this file can contain sensitive information such as machine account passwords or Local Administrator passwords. If you performed unattended installations of Windows NT, you may want to review the information within this file or click on the action button below to delete this file altogether.

***************************************************************
Title: MS99-036: Windows NT 4.0 Does Not Delete Unattended Installation Files
Severity: <Unspecified>
Fixlet ID: 9903603
Fixlet Link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-036.asp

Fixlet Description: Microsoft has revealed that there could be a potential security vulnerability in the unattended installation feature of Microsoft® Windows NT 4.0 Workstation and Server that could cause sensitive information to be exposed. The parameter files $winnt$.inf and $nt4pre$.inf are used in normal unattended installations and in Sysprep (respectively). Sometimes these files can contain sensitive information such as machine account passwords or Local Administrator passwords. If you performed unattended installations of Windows NT, you may want to review the information within these files or click on the action button below to delete these files altogether.

***************************************************************
Title: MS99-038,034: "Spoofed Route Pointer" and "Fragmented IGMP Packet" Vulnerabilities - Windows 98
Severity: <Unspecified>
Fixlet ID: 9903801
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-038.asp
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-034.asp

Fixlet Description: Microsoft has released an update that will eliminate the following security vulnerabilities:  MS99-038: The "Spoofed Route Pointer" vulnerability. This vulnerability could allow a malicious user to obtain network information, even if source routing has been disabled. Installing this update will eliminate this vulnerability and provide additional control over source routing. MS99-034: The "Fragmented IGMP Packet" vulnerability. If fragmented or malformed, Internet Group Management Protocol (IGMP) data packets can cause a variety of problems in Windows 98, ranging from slowing system performance to system failure. 

***************************************************************
Title: MS99-038,034: "Spoofed Route Pointer" and "Fragmented IGMP Packet" Vulnerabilities - Windows 98 SE
Severity: <Unspecified>
Fixlet ID: 9903802
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-038.asp
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-034.asp

Fixlet Description: Microsoft has released an update that will eliminate the following security vulnerabilities:   MS99-038: The "Spoofed Route Pointer" vulnerability. This vulnerability could allow a malicious user to obtain network information, even if source routing has been disabled. Installing this update will eliminate this vulnerability and provide additional control over source routing. MS99-034: The "Fragmented IGMP Packet" vulnerability. If fragmented or malformed, Internet Group Management Protocol (IGMP) data packets can cause a variety of problems in Windows 98, ranging from slowing system performance to system failure. 

***************************************************************
Title: MS99-038,034: CORRUPT PATCH - Windows 98
Severity: <Unspecified>
Fixlet ID: 9903803
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-038.asp
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-034.asp

Fixlet Description: The listed computers have faulty installations of a patch for the vulnerability described in MS bulletins MS99-038 and MS99-034. Some files being used by these computers have versions earlier than those of the corresponding files installed by the patch. Services or applications installed after the patch was distributed may have overwritten the files, or the initial installation may have been faulty. We recommend reinstalling this patch to ensure the safety of affected computers.This patch eliminates the following security vulnerabilities:MS99-038: The "Spoofed Route Pointer" vulnerability. This vulnerability could allow a malicious user to obtain network information, even if source routing has been disabled. Installing this update will eliminate this vulnerability and provide additional control over source routing.MS99-034: The "Fragmented IGMP Packet" vulnerability. If fragmented or malformed, Internet Group Management Protocol (IGMP) data packets can cause a variety of problems in Windows 98, ranging from slowing system performance to system failure.

***************************************************************
Title: MS99-038,034: CORRUPT PATCH - Windows 98 SE
Severity: <Unspecified>
Fixlet ID: 9903804
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-038.asp
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-034.asp

Fixlet Description:  The listed computers have faulty installations of a patch for the vulnerability described in MS bulletins MS99-038 and MS99-034. Some files being used by these computers have versions earlier than those of the corresponding files installed by the patch. Services or applications installed after the patch was distributed may have overwritten the files, or the initial installation may have been faulty. We recommend reinstalling this patch to ensure the safety of affected computers.  

***************************************************************
Title: MS99-038,034: "Spoofed Route Pointer" and "Fragmented IGMP Packet" Vulnerabilities - Windows 95
Severity: <Unspecified>
Fixlet ID: 9903805
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-038.asp
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-034.asp

Fixlet Description: Microsoft has released an update that will eliminate the following security vulnerabilities:  MS99-038: The "Spoofed Route Pointer" vulnerability. This vulnerability could allow a malicious user to obtain network information, even if source routing has been disabled. Installing this update will eliminate this vulnerability and provide additional control over source routing. MS99-034: The "Fragmented IGMP Packet" vulnerability. If fragmented or malformed, Internet Group Management Protocol (IGMP) data packets can cause a variety of problems in Windows 95, ranging from slowing system performance to system failure. 

***************************************************************
Title: MS99-038,034: CORRUPT PATCH - Windows 95
Severity: <Unspecified>
Fixlet ID: 9903806
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-038.asp
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-034.asp

Fixlet Description:  The listed computers have faulty installations of a patch for the vulnerability described in MS bulletins MS99-038 and MS99-034. Some files being used by these computers have versions earlier than those of the corresponding files installed by the patch. Services or applications installed after the patch was distributed may have overwritten the files, or the initial installation may have been faulty. We recommend reinstalling this patch to ensure the safety of affected computers.  This patch eliminates the following security vulnerabilities:   MS99-038: The "Spoofed Route Pointer" vulnerability. This vulnerability could allow a malicious user to obtain network information, even if source routing has been disabled. Installing this update will eliminate this vulnerability and provide additional control over source routing. MS99-034: The "Fragmented IGMP Packet" vulnerability. If fragmented or malformed, Internet Group Management Protocol (IGMP) data packets can cause a variety of problems in Windows 95, ranging from slowing system performance to system failure. 

***************************************************************
Title: MS99-049: "File Access URL" Vulnerability in Windows 98
Severity: <Unspecified>
Fixlet ID: 9904901
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-049.asp

Fixlet Description: Microsoft has released a patch for the "File Access URL" security vulnerability in Windows 98. This vulnerability could allow a malicious web site or e-mail message to crash affected computers or run unauthorized code. After installing this patch, affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-049: "File Access URL" Vulnerability in Windows 95
Severity: <Unspecified>
Fixlet ID: 9904902
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms99-049.asp

Fixlet Description: Microsoft has released a patch for the "File Access URL" security vulnerability in Windows 95. This vulnerability could allow a malicious web site or e-mail message to crash affected computers or run unauthorized code. After installing this patch, affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-052: Legacy Credential Caching Vulnerability in Windows 98
Severity: <Unspecified>
Fixlet ID: 9905201
Fixlet Link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-052.asp

Fixlet Description: Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows 98. The vulnerability could allow a malicious user to retrieve a user's network password from affected machines. After installing this patch, affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-052: Legacy Credential Caching Vulnerability in Windows 95
Severity: <Unspecified>
Fixlet ID: 9905202
Fixlet Link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-052.asp

Fixlet Description: Microsoft has released a patch that eliminates a security vulnerability in Windows 95 caused by a legacy mechanism for caching network security credentials. The vulnerability could allow a user's plaintext network password to be retrieved from the cache. 

***************************************************************
Title: MS99-052: CORRUPT PATCH - Windows 95
Severity: <Unspecified>
Fixlet ID: 9905203
Fixlet Link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-052.asp

Fixlet Description: The listed computers have faulty installations of a patch for the vulnerability described in MS bulletin MS99-052. Some files being used by these computers have versions earlier than those of the corresponding files installed by the patch. Services or applications installed after the patch was distributed may have overwritten the files, or the initial installation may have been faulty. We recommend reinstalling this patch to ensure the safety of affected computers. The patch eliminates a security vulnerability in Windows 95 and 98 caused by a legacy mechanism for caching network security credentials. The vulnerability could allow a user's plaintext network password to be retrieved from the cache. 

***************************************************************
Title: MS99-030: Office 95 ODBC Vulnerabilities (Windows 9x/NT)
Severity: <Unspecified>
Fixlet ID: 9903001
Fixlet Link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-030.asp

Fixlet Description: Microsoft has released a patch fixing several vulnerabilities in the Jet database engine for Office 95. These vulnerabilities would allow an attacker to embed an operating system command within a database query. These commands could allow the attacker to take almost any action on the computer. 

***************************************************************
Title: MS99-030: Office 95 ODBC Vulnerabilities (No Update Available)
Severity: <Unspecified>
Fixlet ID: 9903002
Fixlet Link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-030.asp

Fixlet Description: Microsoft has released a security bulletin detailing several vulnerabilities in the Jet database engine for Office 95. These vulnerabilities would allow an attacker to embed an operating system command within a database query. These commands could allow the attacker to take almost any action on the computer. The MS99-030 security update will run only on computers running Windows 9x and NT, which are the operating systems supported for Office 95. The listed computers are not running Windows 9x or NT, but have been detected to have a vulnerable version of the file updated by the security patch. To determine the level of risk affected computers are exposed to, please read Security Bulletin MS99-030.

***************************************************************
Title: MS99-030: Office 97 ODBC Vulnerabilities (Windows 9x/NT)
Severity: <Unspecified>
Fixlet ID: 9903003
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS99-030.asp

Fixlet Description: Microsoft has released a patch fixing several vulnerabilities in the Jet database engine for Office 97. These vulnerabilities would allow an attacker to embed an operating system command within a database query. These commands could allow the attacker to take almost any action on the computer. 

***************************************************************
Title: MS99-030: Office 97 ODBC Vulnerabilities (No Update Available)
Severity: <Unspecified>
Fixlet ID: 9903004
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS99-030.asp

Fixlet Description: Microsoft has released a patch fixing several vulnerabilities in the Jet database engine for Office 97. These vulnerabilities would allow an attacker to embed an operating system command within a database query. These commands could allow the attacker to take almost any action on the computer. The MS99-030 security update will run only on computers running Windows 9x and NT, which are the operating systems supported for Office 97. The listed computers are not running Windows 9x or NT, but have been detected to have a vulnerable version of the file updated by the security patch. To determine the level of risk affected computers are exposed to, please read Security Bulletin MS99-030.

***************************************************************
Title: MS99-010:  File Access Vulnerability in FrontPage 98 Personal Web Server
Severity: <Unspecified>
Fixlet ID: 9901001
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS99-010.asp

Fixlet Description: Microsoft has released a patch that eliminates a security vulnerability in FrontPage 98 Personal Web Server for Windows 9x systems. This vulnerability could allow an attacker to use a non-standard URL to read files on computers using the web server. After downloading and installing this patch, the affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-010:  File Access Vulnerability in FrontPage 97 Personal Web Server
Severity: <Unspecified>
Fixlet ID: 9901002
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS99-010.asp

Fixlet Description: Microsoft has announced a security vulnerability in FrontPage 97 Personal Web Server for Windows 9x systems. This vulnerability could allow an attacker to use a non-standard URL to read files on computers running the web server.Microsoft has not provided a patch to fix this vulnerability. Instead, they have detailed two possible methods for closing this hole. If you do not require remote authoring, Microsoft recommends that you upgrade to Microsoft Personal Web Server. This is available on CDs for FrontPage 97, Windows 98, and the NT Option Pack. If you do require remote authoring Microsoft recommends that you upgrade to the most recent release of FrontPage Server Extensions, modify a file to point to your FrontPage root, and install a new patch. 

***************************************************************
Title: MS99-010:  File Access Vulnerability in Personal Web Server
Severity: <Unspecified>
Fixlet ID: 9901003
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS99-010.asp

Fixlet Description: Microsoft has released a patch that eliminates a security vulnerability in Microsoft Personal Web Server 4.0 for Windows 9x systems. This vulnerability could allow an attacker to use a non-standard URL to read files on computers using the web server. After downloading and installing this patch, the affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-005: BackOffice Server 4.0 Does Not Delete Installation Setup File
Severity: <Unspecified>
Fixlet ID: 9900501
Fixlet Link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-005.asp

Fixlet Description: Microsoft has released a bulletin announcing a vulnerability in Backoffice Server 4.0. Computers whose installation of Backoffice Server included SQL Server, Exchange Server or Microsoft Transaction Server have a password vulnerability. When the programs were installed the passwords were saved in the reboot.ini file, which was not deleted after installation was completed. Anyone with access to the folder in which the file is stored would have access to the programs' passwords.  After deleting the file, affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS99-007: Taskpads Scripting Vulnerability
Severity: <Unspecified>
Fixlet ID: 9900701
Fixlet Link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-007.asp

Fixlet Description: Microsoft has released a patch fixing a vulnerability in the Taskpads functionality of Windows 98 Resource Kit and Backoffice Resource Kit Second Edition for Windows 9x Systems. Taskpads allows you to run Resource Kit functions via an HTML page. A scripting vulnerability would allow a visited website to run executables on a computer on which Taskpads is installed.  After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability.

***************************************************************
Title: MS99-001:  Exposure in Forms 2.0 TextBox Control Allows Access to Clipboard
Severity: <Unspecified>
Fixlet ID: 9900101
Fixlet Link: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS99-001.asp

Fixlet Description: Microsoft has released a patch that eliminates a vulnerability in the Forms 2.0 ActiveX control. This control is distributed in any application that includes Visual Basic for Applications 5.0. A malicious hacker could use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a web site set up by the malicious hacker or opens a HTML email created by the malicious hacker. After installing this patch the affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS05-004: Vulnerability in ASP.NET Path Validation - .NET Framework 1.1 SP1 - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 500477
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx

Fixlet Description: Microsoft has released a patch eliminating a security vulnerability in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS05-004: CORRUPT PATCH - Windows XP/2003 (x64)
Severity: Important
Fixlet ID: 500480
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx

Fixlet Description: The listed computers have faulty installations of a patch for the vulnerability described in MS05-004. Some files being used by these computers have versions earlier than those of the corresponding files installed by the patch. Services or applications installed after the patch was distributed may have overwritten the files, or the initial installation may have been faulty. We recommend reinstalling this patch to ensure the safety of affected computers. Microsoft has released a patch eliminating a security vulnerability in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS06-047: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution - Access 2000 Runtime (Network/Local Install)
Severity: Critical
Fixlet ID: 604706
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS06-047.mspx

Fixlet Description:  Microsoft has released a security patch for Access 2000 Runtime. This update resolves several newly-discovered, privately reported and public vulnerabilities. On vulnerable versions of Access 2000 Runtime, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities. 

***************************************************************
Title: MS06-047: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution - Microsoft VBA
Severity: Critical
Fixlet ID: 604707
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/MS06-047.mspx

Fixlet Description: Microsoft has released a security patch for Visual Basic for Applications. This update resolves several newly-discovered, privately reported and public vulnerabilities. On vulnerable versions of Visual Basic for Applications, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. After downloading and installing this patch, affected computers will no longer be susceptible to these vulnerabilities. 

***************************************************************
Title: MS05-004: Vulnerability in ASP.NET Path Validation - .NET Framework 1.1 SP1 - Windows XP/2003 (x64) - BES < 6.0
Severity: Important
Fixlet ID: 500481
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx

Fixlet Description: Microsoft has released a patch eliminating a security vulnerability in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability. 

***************************************************************
Title: MS05-004: CORRUPT PATCH - Windows XP/2003 (x64) - BES < 6.0
Severity: Important
Fixlet ID: 500482
Fixlet Link: http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx

Fixlet Description: The listed computers have faulty installations of a patch for the vulnerability described in MS05-004. Some files being used by these computers have versions earlier than those of the corresponding files installed by the patch. Services or applications installed after the patch was distributed may have overwritten the files, or the initial installation may have been faulty. We recommend reinstalling this patch to ensure the safety of affected computers. Microsoft has released a patch eliminating a security vulnerability in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability.