News

Microsoft Releases Security Updates

Two new security updates for Windows 2000 Server, Advanced Server.

Microsoft has released two new Win2K security updates:

  1. “Malformed Domain Controller Service Request”—This vulnerability specifically affects Win2K Server and Advanced Server. If a malicious user sends a stream of malformed data packets to a domain controller, these packets can disrupt service request processing and user authentication. To download the security update, go to www.microsoft.com/windows2000/downloads/critical/
    q287397/default.asp
  2. “Malformed Event Record”—If a malicious user inserts a malformed record into the Win2K Event Viewer snap-ins event log, the viewer can fail or malicious code can be run on the affected computer. To download the security update, go to www.microsoft.com/windows2000/
    downloads/critical/q285156/default.asp
    .

Microsoft Corp., Redmond, Washington, www.microsoft.com.

comments powered by Disqus

Reader Comments:

Thu, Nov 14, 2002 Anonymous Anonymous

golestan kuy sadi turbat 121
ahwaz
iran
61366

Mon, Nov 11, 2002 Anonymous Anonymous

asdf

Tue, Sep 17, 2002 RoboServer Ft. Bragg

We've been supporting the post at Ft. Bragg the last few years using Microsoft IIS. We were ready to switch it out last year since the security was horrible. Besides all the patches, it was just a giant headache. We added an eEye product called SecureIIS to guard it (right after Code Red) and 365+ days later it has been running perfect. We've got a bunch of IIS servers now running SecureIIS and we call the original server we installed it on -- RoboServer. I hope Microsoft never buys eEye, I'd hate to see them ruin a great product.

Thu, Jul 18, 2002 lfletcher cdi college

which server options are included when requesting support

Wed, Apr 17, 2002 Anonymous Anonymous

I have a pet squirrel named theodore

Thu, Mar 28, 2002 Anonymous Anonymous

Why buy eEye when Microsoft gets it's QA done for free?

Mon, Mar 25, 2002 Anonymous Anonymous

Well I redoubled my efforts and put FrontPage and ACL in the MS tech support engine and came up with 1 hit, that was worseless.

Sat, Mar 23, 2002 Anonymous Anonymous

I agree with the suggestion that MS buy eEye. If they do, the combination would be a killer !

Sat, Mar 23, 2002 Anonymous Anonymous

I agree with the suggestion that MS buy eEye. If they do, the combination would be a killer !

Mon, Mar 18, 2002 Army No Va Anonymous

Microsoft should just migrate to Apache (including bringing their "value-add") and they'd eliminate much of their problem. Or they can spend $1 billion in marketing funds attempting to convince the world IIS is secure. Whether it is or not is of secondary importance at this stage. They've been out marketed by an OSS community backed by strong vendors!

Mon, Mar 18, 2002 Anonymous Anonymous

Microsoft should simply buy eEye, the security vendor that exposes most of their flaws, and have them pound on their products. This would make the software more secure, and less noticible to the public.

Thu, Mar 14, 2002 Dominicon Anonymous

I disagree with the first post. If you search through the Knowledge Base on security you will find quite a bit of info on what ACLs need to be set.

Not to mention the vast array of information out there by third parties about security.

If you can't find the information you are looking for, you aren't looking hard enough. I did not have one server go down from any of the recent outbreaks, but then again, I did the research.

Mon, Mar 11, 2002 Anonymous Anonymous

MS tries to make everything to easy and leaves out the details of what needs to be secured. Look at any MS article on security and they spend 10 pages telling you about the dfference between NTLM and Basic authentication. Try to find out what ACL permissions need to be set on directories in a Front Page web or on the .net caching directories and the MS security experts eyes glaze over.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.