|
More Bulletins:
Year 2003 Security Bulletins
Year 2002 Security Bulletins
Year 2001 Security Bulletins
Year 2000 Security Bulletins
Year 1999 Security Bulletins
What's Listed
Only Official Microsoft Security
Bulletins that apply to Windows 98/Me and any applets that are
included with the operating system (Media Player, Internet
Explorer, Outlook Express, etc.)
This is not a complete list. You should
also go to the Windows
Update site at Microsoft and also visit the Security
pages at Microsoft.
Be sure to read the Microsoft
Terms of Use.
Microsoft Security Bulletin (MS98-020)
Patch Available for "Frame Spoof" Vulnerability
Microsoft has released a patch that fixes a vulnerability in
Microsoft(r) Internet Explorer(r) that could allow a
malicious web site operator to impersonate a window on a
legitimate web site. The threat posed by this vulnerability is
that the bogus window could collect information from the user
and send it back to the malicious site.
Affected Software Versions
- Microsoft Internet Explorer versions 3.X, 4.0, 4.01,
4.01 Service Pack 1 for Windows 95
- Microsoft Internet Explorer versions 4.01 Service Pack 1
for Windows 98
- Microsoft Internet Explorer versions 3.X, 4.0, 4.01,
4.01 Service Pack 1 for Windows NT4.0
- Microsoft Internet Explorer versions 3.X, 4.0, 4.01 for
Windows 3.1
- Microsoft Internet Explorer versions 3.X, 4.0, 4.01 for
Windows NT 3.51
- Microsoft Internet Explorer versions 3.X, 4.X for
Macintosh
- Microsoft Internet Explorer version 4 for UNIX on HPUX
- Microsoft Internet Explorer version 4 for UNIX on Sun
Solaris
Microsoft Security Bulletin (MS98-019)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS98-018)
Patch Available for Excel "CALL Vulnerability"
Microsoft has released a patch that fixes a vulnerability in
Microsoft (r) Excel (r) that could allow certain types of
executables to be run without a warning to the user. A
legitimate Excel function, CALL, allows executables to be run
from a worksheet. If the executable called by the function is of
a malicious nature, a worksheet containing this function could
represent a security risk to customers.
Affected Software Versions
- Microsoft Excel 97
Microsoft Security Bulletin (MS98-017)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS98-016)
Update available for "Dotless IP Address" Issue
in Microsoft Internet Explorer 4
Microsoft has released a patch that fixes a vulnerability in
the way Internet Explorer 4 determines what security zone a
target server is in. By exploiting this vulnerability, a
malicious hacker could misrepresent the URL of their website,
causing the site to be treated as it if were located on an
intranet by Internet Explorer's Security Zones feature.
Affected Software Versions
- Microsoft Internet Explorer 4.0, 4.01 and 4.01 SP1 on
Windows NT 4.0, Windows 95
- Microsoft Windows 98, with integrated Internet Explorer
- Microsoft Internet Explorer 4.0 and 4.01 for Windows
3.1and Windows NT 3.51
- Microsoft Internet Explorer 4.01 for UNIX
This vulnerability does not affect Internet Explorer 3.
This vulnerability does not affect Internet Explorer 4 for the
Macintosh.
Microsoft Security Bulletin (MS98-015)
Update available for "Untrusted Scripted Paste"
Issue in Microsoft (r) Internet Explorer (r) 4.01
On November 18th Microsoft released an updated version of the
patch for the "Untrusted Scripted Paste"
vulnerability. This vulnerability, also known as the
"Cuartango" vulnerability, could enable a malicious
web site operator to use scripted paste operations to read
a file that resides in a known location on a user's
system. The updated patch fixes the original vulnerability
as well as a newly-discovered variant.
Affected Software Versions
- Microsoft Internet Explorer 4.01 and 4.01 SP1
on Windows NT (r) 4.0, Windows (r) 95
- Microsoft Windows 98, with integrated Internet Explorer
- Microsoft Internet Explorer 4.01 for Windows 3.1 and
Windows NT 3.51
Microsoft Security Bulletin (MS98-014)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS98-013)
Fix available for Internet Explorer Cross Frame Navigate
Vulnerability
Microsoft has released a patch that fixes a recently
discovered issue with the implementation of cross frame security
in Microsoft Internet Explorer. Customers using affected
software listed below should download and apply these patches as
soon as possible.
Affected Software Versions
The following software is affected by this vulnerability:
- Microsoft Internet Explorer 4.0, 4.01 and 4.01 SP1 on
Windows NT 4.0, Windows 95
- Microsoft Windows 98, with integrated Internet Explorer
(version 4.01 SP1)
- Microsoft Internet Explorer 4.0 and 4.01 for Windows 3.1
and Windows NT 3.51
- Microsoft Internet Explorer 4.0 and 4.01 for Macintosh
- Microsoft Internet Explorer 3.x
Microsoft Security Bulletin (MS98-012)
Updates available for Security Vulnerabilities in
Microsoft PPTP
Microsoft has released a set of patches that fix several
security issues with implementations of the Point-to-Point
Tunneling Protocol (PPTP) used in Microsoft Virtual Private
Networking (VPN) products. Customers using affected software
listed below to secure communcations over a public network (i.e.
the Internet) should download and apply these patches as soon as
possible.
Affected Software Versions
The following software is affected by this vulnerability:
- Microsoft Dialup Networking 1.2x and earlier on Windows
95
- Microsoft Remote Access Services on Windows NT 4.0 (both
client and server)
- Microsoft Routing and Remote Access Services on Windows
NT Server 4.0
- Microsoft Windows 98 Dialup Networking
Microsoft Security Bulletin (MS98-011)
Update available for "Window.External" JScript
Vulnerability in Microsoft Internet Explorer 4
Recently Microsoft was notified by Georgi Guninski and
NTBugTraq (http://ntbugtraq.ntadvice.com)
of a security issue affecting the way Microsoft Internet
Explorer 4.0, 4.01 and 4.01 SP1 handles JScript scripts
downloaded from web sites.
Affected Software Versions
The following software is affected by this vulnerability:
- Microsoft Internet Explorer 4.0, 4.01, 4.01 SP1 on
Windows 95 and Windows NT 4.0
- Microsoft Windows 98
Internet Explorer 4 for Windows 3.1, Windows NT 3.51,
Macintosh and UNIX (Solaris) are not affected by this problem.
Internet Explorer 3.x is not affected by this problem.
Microsoft Security Bulletin (MS98-010)
Information on the BackOrifice Program
On July 21, a self-described hacker group known as the Cult
of the Dead Cow released a tool called BackOrifice, and suggested
that Windows users were at risk from unauthorized attacks.
Microsoft takes security seriously, and has issued this bulletin
to advise customers that Windows 95(r) and Windows 98(r) users
following safe computing practices are not at risk and Windows
NT(r) users are not threatened in any way by this tool.
Microsoft Security Bulletin (MS98-009)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS98-008)
Long Filename Attachment Vulnerability affecting Microsoft
(R) Outlook (TM) 98 and Microsoft Outlook Express 4.x
Recently Microsoft was notified by AUSCERT (http://www.auscert.org.au),
OUSPG (http://www.oulu.fi/Welcome.html)
and NTBugtraq (http://ntbugtraq.ntadvice.com)
of a security vulnerability affecting the way Microsoft email
clients handle file attachments with extremely long file names.
Affected Software Versions
- Outlook 98 on Windows (R) 95, Windows 98 and Microsoft
Windows NT (R) 4.0
- Outlook Express 4.0, 4.01 (including Outlook Express
4.01 with Service Pack 1) on Windows 95, Windows 98 and Windows
NT 4.0
- Outlook Express 4.01 on Solaris
- Outlook Express 4.01 on the Macintosh
Microsoft Security Bulletin (MS98-007)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS98-006)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS98-005)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS98-004)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS98-003)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS98-002)
xxx
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS98-001)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Year 2003 Security Bulletins
Year 2002 Security Bulletins
Year 2001 Security Bulletins
Year 2000 Security Bulletins
Year 1999 Security Bulletins
Microsoft Terms of Use
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR
IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT
CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN
IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT
ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION
MAY NOT APPLY.
(c) 2000 Microsoft Corporation. All rights reserved. Terms of
use.
|
