OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Microsoft Product Security (secnotifMICROSOFT.COM)
Date: Tue Jan 30 2001 - 13:00:47 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    The following is a Security Bulletin from the Microsoft Product Security
    Notification Service.

    Please do not reply to this message, as it was sent from an unattended
    mailbox.
                        ********************************

    -----BEGIN PGP SIGNED MESSAGE-----

    - ----------------------------------------------------------------------
    Title: Tool and Patch Available to correct Hotfix Packaging
                Anomalies
    Date: 30 January 2001
    Software: Windows 2000
    Bulletin: MS01-005
    KB Article: Q281767 and Q282784 (available soon)

    Microsoft encourages customers to review the Security Bulletin at:
    http://www.microsoft.com/technet/security/bulletin/ms01-005.asp
    - ----------------------------------------------------------------------

    Issue:
    ======
    Microsoft packages all Windows 2000 hotfixes (including security
    patches) with a catalog file that lists all of the valid hotfixes
    that have been issued to date. The catalog is digitally signed to
    ensure its integrity, and Windows File Protection uses the signed
    catalog to determine which hotfixes are valid. An error in the
    production of the catalog files for English language Windows 2000
    Post Service Pack 1 hotfixes made available through December 18, 2000
    could, under very unlikely circumstances, cause Windows File
    Protection to remove a valid hotfix from a system. The removal of a
    hotfix could cause a customer's system to revert to a version of a
    Windows 2000 module that contained a security vulnerability.

    Windows File Protection will only remove valid hotfixes from a
    Windows 2000 system under a very restrictive set of circumstances.
    The system administrator would have to have applied multiple hotfixes
    in an order other than that in which Microsoft produced and packaged
    them. Furthermore, Windows File Protection would only remove hotfixes
    from a system if it were run explicitly (by running sfc/scannow for
    instance) or triggered by some administrator action (such as
    specifying that it be invoked under a group policy).

    - ----------------------------------------------------------------------

    THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
    "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
    WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
    MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
    SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
    DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
    CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
    MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
    OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
    THE FOREGOING LIMITATION MAY NOT APPLY.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Personal Privacy 6.5.3

    iQEVAwUBOncPX40ZSRQxA/UrAQHpWggApgHJ9yJTncAgNlozveulXNSzCkjg6R2I
    1WKqtHRtZ8nY8Kqm6YOmpxsBByQqWUmAQ2Lic/V1tca889b5ngCOZuEmwLRRv14V
    ja+lW8qqSQLqihD9MLU0VWFYVy4t6oOmOOdIWkXYrGrGftJMdwG7xPbCWIvRi65D
    TBR3iz0J4kChifv1r+EE/ZScn2MS6DSF+xa3F00vvr653ok7Qut6SoAZDiGyytKT
    1CwlKyBmYOGTV+jp1ZnQMN+NumKRwklya0N/QqvuhbIp5in+2RZ0yfeQIt+z6YQo
    bodyj0e82Vnf9tZAAx044kIL0jUWJRHIKxZmP4hSHXup99Hq3JKOKg==
    =iELH
    -----END PGP SIGNATURE-----

       *******************************************************************
    You have received this e-mail bulletin as a result of your registration
    to the Microsoft Product Security Notification Service. You may
    unsubscribe from this e-mail notification service at any time by sending
    an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUESTANNOUNCE.MICROSOFT.COM
    The subject line and message body are not used in processing the request,
    and can be anything you like.

    To verify the digital signature on this bulletin, please download our PGP
    key at http://www.microsoft.com/technet/security/notify.asp.

    For more information on the Microsoft Security Notification Service
    please visit http://www.microsoft.com/technet/security/notify.asp. For
    security-related information about Microsoft products, please visit the
    Microsoft Security Advisor web site at http://www.microsoft.com/security.

    _____________________________________________________________________
    ** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
    ** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
    SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net