Home > Microsoft Security > Microsoft Security Bulletin Ms01-021

Microsoft Security Bulletin Ms01-021

Vulnerability identifier: Server certificate validation vulnerability: CAN-2001-0338 URL spoofing vulnerability: CAN-2001-0339 New variants of "Frame Domain Verification" vulnerability: CAN-2001-0246 and CAN-2001-0332 Tested Versions: Microsoft tested Internet Explorer 5.01 and 5.5 to Is there any other way for an external user to exploit the vulnerability? The fix for this issue is included in IE 5.01 Service Pack 2. What machines should this patch be applied to? weblink

What's wrong with WebDAV? Frequently asked questions What's the scope of the vulnerability? If IIS 4.0 were in use on the server, the administrator could resume normal operation by restarting the service; if IIS 5.0 were in use, the web service would automatically restart Server-side includes (SSI) allow web developers to reduce the work required to build server-side files. her latest blog

The IIS 5.0 patch can be installed on systems running Windows 2000 Gold, Windows 2000 Service Pack 1 and the forthcoming Windows 2000 Service Pack 2. Best practices, if followed, could make it difficult or impossible for an attacker to exploit the vulnerability. Affected Software: Microsoft Windows 2000 General Information Technical details Technical description: This bulletin discusses a total of seven vulnerabilities affecting the Windows 2000 Telnet service. This spoofing could occur within a valid SSL session with the impersonated site.

What's wrong with the Web Proxy service? Let's start with what MIME is. Do I need to install the patch? This could enable the web site operator to read any file on the user's local computer that could be opened in a browser window.

Hiromitsu Takagi for reporting the cross-site scripting vulnerability. Affected Software: Microsoft Index Server 2.0 Indexing Service in Windows 2000 Note: Indexing Service in versions of Windows XP prior to Release Candidate 1 is also affected by the vulnerability. Would this vulnerability give a malicious user complete control over the machine? No. Homepage The vulnerability would only allow the Web Proxy service to be disrupted.

It doesn't, but it's important to be precise about why. Even after applying all needed patches, a web server still needs to be appropriately configured for its role - that is, it needs to be configured to provide the services you No. What's the scope of the second vulnerability?

The patch eliminates the vulnerabilities improving the randomness with which named pipes' names are selected by the Telnet service. This could potentially enable an attacker's web site to masquerade as a trusted site. Steps like this can limit overall exposure and impede an attacker's ability to broaden the scope of a possible compromise. Revisions: V1.0 (April 16, 2001): Bulletin Created.

What privileges does the IUSR_machinename account have? have a peek at these guys Support: Microsoft Knowledge Base articles Q297860, Q305359, Q304867, Q294774, Q301625, and Q298340 discuss this issue and will be available approximately 24 hours after the release of this bulletin. Their effects are local. Like many operating systems and applications, FTP enables the user to use wildcard characters like asterisks and question marks to extend commands to operate on groups of files rather than single

Recall two points from the discussion above: The mechanism by which some programs run in process and some run out of process was introduced in IIS 5.0 In IIS 4.0 all The set of folders on the fictionalized computer is known as the virtual folder structure. As a result, the attacker would need to already have the ability to install software on the server in order to exploit the vulnerability. check over here If the other site were trusted by the user, the attacker might be able to persuade the user to provide sensitive or personal information.

However, as discussed in the FAQ and in Knowledge Base article Q308411, customers who upgrade to IE 6 on Windows 95, 98, 98SE or ME must select either Typical Install (this When you say the problem involves how IIS handles requests to run programs on the server, what do you mean? What causes the vulnerability? Like the vulnerability above, this one results because of a memory leak.

This is an important point, because it means the attacker could only exploit the vulnerability if she had the ability to load a program onto the server and run it.

In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation Each time Telnet starts a new session, it creates a named pipe and assigns it to the session. Four vulnerabilities that could be used to disrupt Telnet services. The web page or HTML e-mail could contain a request of the type described above, and because it would originate from within the network, it could exploit the vulnerability even if

A vulnerability that could enable denial of service attacks against the FTP service. If the Guest account on the local machine had been enabled, the vulnerability could not be exploited, because the FTP service would try to log the attacker into the local Guest The vulnerability would not allow the attacker to usurp any administrative control over the firewall, nor would it enable an attacker to breach the security of the firewall. You can eliminate the vulnerability by upgrading to IE 6.

The problem results because if one type of CRL checking is enabled, other types of checks are no longer performed correctly. An attacker could exploit the vulnerability by tricking a user into submitting to ISA Server 2000 an URL that has the following characteristics: (a) it references a valid web site; (b)it Does any of these vulnerabilities affect IE 6? No. The best action is to simply click the Cancel button in the dialogue.

Microsoft Security Bulletin MS01-016 - Critical Malformed WebDAV Request Can Cause IIS to Exhaust CPU Resources Published: March 08, 2001 | Updated: June 23, 2003 Version: 2.2 Originally posted: March 08, What could an attacker do via this vulnerability? An attacker could deliberately send a large number of the malformed H.323 data in order to deplete the server's available memory. If an HTML mail contains an executable attachment whose MIME type is incorrectly given as one of several unusual types, a flaw in IE will cause the attachment to be executed Of course, the user would need to know the password for any user account she wanted to log into.

How might an attacker exploit this vulnerability? What causes the vulnerability? The vulnerability results because of an error in the functionality that processes requests to run programs housed on the server. Even if the attacker correctly guessed which sites had placed cookies on a user's machine, there should be no sensitive information in the cookies, if best practices have been followed. Built at 2014-04-18T13:49:36Z-07:00 Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful?

There has to be a way to indicate unambiguously how such a character is being used. At worst, the Telnet service would need to be restarted. The vulnerability results because, if a userid is specified in a particular way when a user logs onto an affected FTP server, the system will automatically search all trusted domains for Affected Software: Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5 General Information Technical details Technical description: A patch is available to eliminate two newly discovered vulnerabilities affecting Internet Explorer, both of