Tutorial - Windows Updates Needed

Windows Updates Needed

Updated 5/12/03
CAN 1999-0662

Impact

The absence of critical updates leads to the potential for denial of service or unauthorized access by attackers or malicious web sites.

Background

Microsoft releases updates for each of its Windows operating systems to fix a variety of problems which are discovered after the operating system is released. Some of these updates are released to address security issues which, if left unfixed, could have serious security implications.

There are three levels of updates released by Microsoft. Hotfixes are updates that fix a single issue or a few closely related issues. Service Packs (SP) are major updates of the operating system, which include all the hotfixes released since the last service pack. Rollup Packages are a collection of security hotfixes released since the last service pack. Rollup packages are used to ease the process of bringing a computer up-to-date in between the release of service packs.

The Problems and Resolutions

One or more of the following security updates is not installed on the target system. The resolution is to install the needed updates. This can be done either by following the links in the table, or by visiting the Windows Update service which will automatically determine which updates are needed for your system and help you install them. It is a good idea to make a backup of the system before installing an update, especially for service packs. After the system has been brought up-to-date, check Microsoft's web site regularly for new critical updates.

Note: The links below do not apply to Windows NT Terminal Server Edition. Consult the corresponding Microsoft Security Bulletins for patch information for NT Terminal Servers.

Update Name Description Fix Bulletin

Windows NT 4.0 Post SP-6a Security Rollup Pack Bundle of security hotfixes released since Windows NT 4.0 Service Pack 6a. NT: Q299444

Windows 2000 Post SP 2 Security Rollup Pack Bundle of security hotfixes released since Windows 2000 Service Pack 2. 2000: Q311401 or SP3.

Relative Shell Path Fixes a problem in which an attacker could cause an alternate Explorer.exe program to run when another user logs in, resulting in arbitrary code execution. (CVE 2000-0663) NT: Q269049 or Q299444
2000: Q269049 or SP2 or SP3
XP: Not Affected 00-052

RPC Denial of Service Fixes vulnerabilities in various Windows RPC services which could allow an attacker to cause a denial of service. (CAN 2001-0509) NT: Q299444
2000: Q298012 or Q311401 or SP3
XP: Not Affected 01-041

Unchecked Buffer in UPnP HotFix Fixes two vulnerabilities: (1) a buffer overflow which would allow an attacker to take complete control over the computer; and (2) a denial of service vulnerability. (CVE 2001-0876, CVE 2001-0877) NT: Not Affected
2000: Not Affected
XP: Q315000 or SP1 01-059

Java Applet Redirect Hotfix Fixes two vulnerabilities in Microsoft Virtual Machine. (CAN 2002-0058 CVE 2002-0076) NT: Q300845 or 810030
2000: Q300845 or 810030 or SP3.
XP: Q300845 or 810030 or SP1 02-013

Windows Shell Unchecked Buffer Hotfix Fixes a buffer overflow condition in the Windows shell that could allow a local attacker to execute arbitrary code at the user's privilege level. (CVE 2002-0070) NT: Q313829
2000: Q313829 or SP3.
XP: Not Affected 02-014

Multiple UNC Provider Hotfix Fixes a vulnerability in Windows' Multiple Uniform Naming Convention Provider which could allow an attacker to gain Local System privileges. (CVE 2002-0151) NT: Q311967
2000: Q311967 or SP3.
XP: Q311967 or SP1 02-017

Windows debugger authentication HotFix Fixes an authentication flaw in the Windows debugger which could allow a local user to execute commands with the privileges of the operating system. (CVE 2002-0367) NT: Q320206
2000: Q320206 or SP3.
XP: Not Affected 02-024

Remote Access Service Phonebook HotFix Eliminates an unchecked buffer vulnerability which could allow an unprivileged user to gain complete control over the machine hosting the RAS Phonebook. (CVE 2002-0366) NT: Q318138
2000: Q318138 or SP3.
XP: Q318138 or SP1 02-029

Network Connection Manager Hotfix Fixes a vulnerability in the Network Connection Manager which could allow a local attacker to gain Local System privileges. (CVE 2002-0720) NT: Not Affected
2000: Q326886
XP: Not Affected 02-042

Unchecked Buffer in Network Share Provider HotFix Eliminates an unchecked buffer associated with the Server Message Block (SMB) protocol that could lead to Denial of Service (DoS). (CAN 2002-0724) NT: Q326830
2000: Q326830
XP: Q326830 or SP1 02-045

Certificate Validation Flaw HotFix Eliminates a security vulnerability (associated with the validation of digital certificate chains) that could permit identity spoofing. (CAN 2002-0862) NT: Q329115
2000: Q329115
XP: Q329115 02-050

VM JDBC Classes HotFix Eliminates three vulnerabilities in Microsoft Virtual Machine's Java Database Connectivity classes which could allow code execution from a malicious web site or e-mail message. (CAN 2002-0865 CAN 2002-0866 CAN 2002-0867) NT: Q329077 or 810030
2000: Q329077 or 810030
XP: Q329077 or 810030 02-052

Help Facility HotFix Fixes two vulnerabilities in the Windows Help Facility, one in the ActiveX Control (CAN 2002-0693) and another in the processing of .chm files (CAN 2002-0694), which could allow code execution from a remote web site or mail message. NT: Q323255
2000: Q323255
XP: Q323255 02-055

VM COM object access HotFix Fixes eight vulnerabilities in Microsoft Virtual Machine, including a vulnerability which could allow a Java applet to access COM objects. (CAN 2002-1257 CAN 2002-1258 CAN 2002-1260 CAN 2002-1262 CAN 2002-1286 CAN 2002-1292 CAN 2002-1295) NT: 810030
2000: 810030
XP: 810030 02-069

Windows XP shell buffer overflow HotFix Fixes a buffer overflow in the Windows XP shell which could allow an attacker to run commands via a .MP3 or .WMA file with corrupt custom attributes. (CAN 2002-1327) NT: not affected
2000: not affected
XP: 32-bit: Q329390
64-bit:Q329390 02-072
CA-2002-37

VM ByteCode Verifier HotFix Fixes the ByteCode Verifier to check for illegal commands when loading Java applets, thus preventing attacks from remote web pages and e-mail messages. (CAN 2003-0111) NT: 816093
2000: 816093
XP: 816093 03-011

Kernel Debugger HotFix Fixes a flaw in the way the kernel passes error messages to the debugger which could allow a local attacker to gain system privileges. (CAN 2003-0112) NT: 811493
2000: 811493
XP: 32-bit: 811493
64-bit: 811493 03-013

Internet Explorer URLMON HotFix Fixes a buffer overflow in urlmon.dll which could allow code execution from a malicious web site, and three other vulnerabilities. (CAN 2003-0113 CAN 2003-0114 CAN 2003-0115 CAN 2003-0116) NT: 813489
2000: 813489
XP: 813489 03-015

Windows Media Player skins filename decoding HotFix Fixes a problem which could allow a web site or e-mail message to save .wmz files to arbitrary directories, leading to command execution. (CAN 2003-0228) Media Player 7.1: 817787
Media Player 8.0: 817787 03-017

Where can I read more about this?

For more information on critical updates, see the Windows critical update pages which are available for Windows 2000, Windows NT 4.0, Windows XP, and Internet Explorer.

Update Name	Description	Fix	Bulletin
Windows NT 4.0 Post SP-6a Security Rollup Pack	Bundle of security hotfixes released since Windows NT 4.0 Service Pack 6a.	NT: Q299444
Windows 2000 Post SP 2 Security Rollup Pack	Bundle of security hotfixes released since Windows 2000 Service Pack 2.	2000: Q311401 or SP3.
Relative Shell Path	Fixes a problem in which an attacker could cause an alternate `Explorer.exe` program to run when another user logs in, resulting in arbitrary code execution. (CVE 2000-0663)	NT: Q269049 or Q299444 2000: Q269049 or SP2 or SP3 XP: Not Affected	00-052
RPC Denial of Service	Fixes vulnerabilities in various Windows RPC services which could allow an attacker to cause a denial of service. (CAN 2001-0509)	NT: Q299444 2000: Q298012 or Q311401 or SP3 XP: Not Affected	01-041
Unchecked Buffer in UPnP HotFix	Fixes two vulnerabilities: (1) a buffer overflow which would allow an attacker to take complete control over the computer; and (2) a denial of service vulnerability. (CVE 2001-0876, CVE 2001-0877)	NT: Not Affected 2000: Not Affected XP: Q315000 or SP1	01-059
Java Applet Redirect Hotfix	Fixes two vulnerabilities in Microsoft Virtual Machine. (CAN 2002-0058 CVE 2002-0076)	NT: Q300845 or 810030 2000: Q300845 or 810030 or SP3. XP: Q300845 or 810030 or SP1	02-013
Windows Shell Unchecked Buffer Hotfix	Fixes a buffer overflow condition in the Windows shell that could allow a local attacker to execute arbitrary code at the user's privilege level. (CVE 2002-0070)	NT: Q313829 2000: Q313829 or SP3. XP: Not Affected	02-014
Multiple UNC Provider Hotfix	Fixes a vulnerability in Windows' Multiple Uniform Naming Convention Provider which could allow an attacker to gain Local System privileges. (CVE 2002-0151)	NT: Q311967 2000: Q311967 or SP3. XP: Q311967 or SP1	02-017
Windows debugger authentication HotFix	Fixes an authentication flaw in the Windows debugger which could allow a local user to execute commands with the privileges of the operating system. (CVE 2002-0367)	NT: Q320206 2000: Q320206 or SP3. XP: Not Affected	02-024
Remote Access Service Phonebook HotFix	Eliminates an unchecked buffer vulnerability which could allow an unprivileged user to gain complete control over the machine hosting the RAS Phonebook. (CVE 2002-0366)	NT: Q318138 2000: Q318138 or SP3. XP: Q318138 or SP1	02-029
Network Connection Manager Hotfix	Fixes a vulnerability in the Network Connection Manager which could allow a local attacker to gain Local System privileges. (CVE 2002-0720)	NT: Not Affected 2000: Q326886 XP: Not Affected	02-042
Unchecked Buffer in Network Share Provider HotFix	Eliminates an unchecked buffer associated with the Server Message Block (SMB) protocol that could lead to Denial of Service (DoS). (CAN 2002-0724)	NT: Q326830 2000: Q326830 XP: Q326830 or SP1	02-045
Certificate Validation Flaw HotFix	Eliminates a security vulnerability (associated with the validation of digital certificate chains) that could permit identity spoofing. (CAN 2002-0862)	NT: Q329115 2000: Q329115 XP: Q329115	02-050
VM JDBC Classes HotFix	Eliminates three vulnerabilities in Microsoft Virtual Machine's Java Database Connectivity classes which could allow code execution from a malicious web site or e-mail message. (CAN 2002-0865 CAN 2002-0866 CAN 2002-0867)	NT: Q329077 or 810030 2000: Q329077 or 810030 XP: Q329077 or 810030	02-052
Help Facility HotFix	Fixes two vulnerabilities in the Windows Help Facility, one in the ActiveX Control (CAN 2002-0693) and another in the processing of `.chm` files (CAN 2002-0694), which could allow code execution from a remote web site or mail message.	NT: Q323255 2000: Q323255 XP: Q323255	02-055
VM COM object access HotFix	Fixes eight vulnerabilities in Microsoft Virtual Machine, including a vulnerability which could allow a Java applet to access COM objects. (CAN 2002-1257 CAN 2002-1258 CAN 2002-1260 CAN 2002-1262 CAN 2002-1286 CAN 2002-1292 CAN 2002-1295)	NT: 810030 2000: 810030 XP: 810030	02-069
Windows XP shell buffer overflow HotFix	Fixes a buffer overflow in the Windows XP shell which could allow an attacker to run commands via a `.MP3` or `.WMA` file with corrupt custom attributes. (CAN 2002-1327)	NT: not affected 2000: not affected XP: 32-bit: Q329390 64-bit:Q329390	02-072 CA-2002-37
VM ByteCode Verifier HotFix	Fixes the ByteCode Verifier to check for illegal commands when loading Java applets, thus preventing attacks from remote web pages and e-mail messages. (CAN 2003-0111)	NT: 816093 2000: 816093 XP: 816093	03-011
Kernel Debugger HotFix	Fixes a flaw in the way the kernel passes error messages to the debugger which could allow a local attacker to gain system privileges. (CAN 2003-0112)	NT: 811493 2000: 811493 XP: 32-bit: 811493 64-bit: 811493	03-013
Internet Explorer URLMON HotFix	Fixes a buffer overflow in `urlmon.dll` which could allow code execution from a malicious web site, and three other vulnerabilities. (CAN 2003-0113 CAN 2003-0114 CAN 2003-0115 CAN 2003-0116)	NT: 813489 2000: 813489 XP: 813489	03-015
Windows Media Player skins filename decoding HotFix	Fixes a problem which could allow a web site or e-mail message to save `.wmz` files to arbitrary directories, leading to command execution. (CAN 2003-0228)	Media Player 7.1: 817787 Media Player 8.0: 817787	03-017