More Bulletins:
Year 2003 Security Bulletins
Year 2001 Security Bulletins
Year 2000 Security Bulletins
Year 1999 Security Bulletins
Year 1998 Security Bulletins
Important: You should also go to the Windows
Update site at Microsoft and also visit the Security
pages at Microsoft.
Be sure to read the Microsoft Terms
of Use.
Microsoft Security Bulletin (MS02-072)
Unchecked Buffer in Windows Shell Could Enable System Compromise
(329390)
Date:
Software:
Impact:
- Run code of an attacker's choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-072.asp.
http://www.microsoft.com/security/security_bulletins/ms02-072.asp
Microsoft Security Bulletin (MS02-071)
Flaw in Windows WM_TIMER Message Handling Could Enable Privilege
Elevation (328310)
Date:
Revised:
- April 30, 2003 (version 3.0)
Software:
- Microsoft Windows NT 4.0
- Windows 2000
- Windows XP
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-071.asp.
http://www.microsoft.com/security/security_bulletins/ms02-071.asp
Microsoft Security Bulletin (MS02-070)
Flaw in SMB Signing Could Enable Group Policy to be Modified
(309376)
Date:
Modified:
- 22 January 2003 (version 2.0)
Software:
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-070.asp.
http://www.microsoft.com/security/security_bulletins/ms02-070.asp
Microsoft Security Bulletin (MS02-069)
Flaw in Microsoft VM Could Enable System Compromise (810030)
Date:
Software:
Impact:
- Eight vulnerabilities, the most serious of which would
enable an attacker to gain control over another user's system.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-069.asp.
http://www.microsoft.com/security/security_bulletins/ms02-069.asp
Microsoft Security Bulletin (MS02-068)
Cumulative Patch for Internet Explorer (324929)
Date:
Revised:
- 06 December 2002 (version 2.0)
Software:
- Microsoft(r) Internet Explorer
Impact:
- Allow an attacker to execute commands on a user's system.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-068.asp.
http://www.microsoft.com/security/security_bulletins/ms02-068.asp
Microsoft Security Bulletin (MS02-067)
E-mail Header Processing Flaw Could Cause Outlook 2002 to
Fail (331866)
Date:
Software:
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-067.asp.
http://www.microsoft.com/security/security_bulletins/ms02-067.asp
Microsoft Security Bulletin (MS02-066)
Cumulative Patch for Internet Explorer (Q328970)
Date:
Software:
Impact:
- Execute commands on a user's system
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-066.asp.
http://www.microsoft.com/security/security_bulletins/ms02-066.asp
Microsoft Security Bulletin (MS02-065)
Buffer Overrun in Microsoft Data Access Components Could
Lead to Code Execution (Q329414)
Date:
Software:
- Microsoft Data Access Components (MDAC) 2.1
- Microsoft Data Access Components (MDAC) 2.5
- Microsoft Data Access Components (MDAC) 2.6
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
Impact:
- Run code of attacker?s choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-065.asp.
http://www.microsoft.com/security/security_bulletins/ms02-065.asp
Microsoft Security Bulletin (MS02-064)
Windows 2000 Default Permissions Could Allow Trojan Horse
Program (Q327522)
Date:
Software:
Impact:
- Trojan Horse program execution.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-064.asp.
Microsoft Security Bulletin (MS02-063)
Unchecked Buffer in PPTP Implementation Could Enable Denial
of Service Attacks (Q329834)
Date:
Software:
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-063.asp.
Microsoft Security Bulletin (MS02-062)
Cumulative Patch for Internet Information Service (Q327696)
Date:
Software:
- Internet Information Service
Impact:
- Four vulnerabilities, the most serious of which could
enable applications on a server to gain system-level privileges.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-062.asp.
Microsoft Security Bulletin (MS02-061)
Elevation of Privilege in SQL Server Web Tasks (Q316333)
Date:
Software:
- Microsoft SQL Server 7.0 and 2000
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-061.asp.
Microsoft Security Bulletin (MS02-060)
Flaw in Windows XP Help and Support Center Could Enable File
Deletion (Q328940)
Date:
Software:
Impact:
- Delete files on the user's system
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-060.asp.
Microsoft Security Bulletin (MS02-059)
Flaw in Word Fields and Excel External Updates Could Lead
to Information Disclosure (Q330008)
Date:
Software:
-
Microsoft(r) Word
-
Microsoft(r) Excel
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-059.asp.
Microsoft Security Bulletin (MS02-058)
Unchecked Buffer in Outlook Express S/MIME Parsing Could
Enable System Compromise (Q328676)
Date:
Software:
Impact:
- Run code of attacker's choice.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-058.asp.
Microsoft Security Bulletin (MS02-057)
Flaw in Services for Unix 3.0 Interix SDK Could Allow Code
Execution (Q329209)
Date:
Software:
- Services for Unix 3.0 Interix SDK
Impact:
- Buffer overrun and denial of service
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-057.asp.
Microsoft Security Bulletin (MS02-056)
Cumulative Patch for SQL Server (Q316333)
Date:
Software:
- Microsoft SQL Server 7.0
- Microsoft Data Engine (MSDE) 1.0
- Microsoft SQL Server 2000
- Microsoft Desktop Engine (MSDE) 2000
Impact:
- Four vulnerabilities, the most serious of which could
enable an attacker to gain control over an affected server.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-056.asp.
Microsoft Security Bulletin (MS02-055)
Unchecked Buffer in Windows Help Facility Could Enable Code
Execution (Q323255)
Date:
Software:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition
- Microsoft Windows Millennium Edition
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0, Terminal Server Edition
- Microsoft Windows 2000
- Microsoft Windows XP
Impact:
- Attacker could gain control over user's system
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-055.asp.
Microsoft Security Bulletin (MS02-054)
Unchecked Buffer in File Decompression Functions Could Lead
to Code Execution (Q329048)
Date:
Software:
- Microsoft Windows 98 with Plus! Pack
- Windows Me
- Windows XP
Impact:
- Two vulnerabilities, the most serious of which could run
code of attacker's choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-054.asp.
Microsoft Security Bulletin (MS02-053)
Buffer Overrun in SmartHTML Interpreter Could Allow Code
Execution (Q324096)
Date:
Software:
- FrontPage Server Extensions 2000 and 2002
Impact:
- Denial of service or privilege elevation
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-053.asp.
Microsoft Security Bulletin (MS02-052)
Flaw in Microsoft VM JDBC Classes Could Allow Code Execution
(Q329077)
Date:
Software:
- Versions of the Microsoft virtual machine (Microsoft VM)
Impact:
- Three vulnerabilities, the most serious of which could
enable an attacker to gain complete control over a user's
system.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-052.asp.
Microsoft Security Bulletin (MS02-051)
Cryptographic Flaw in RDP Protocol can Lead to Information
Disclosure (Q324380)
Date:
Software:
- Microsoft Windows 2000
- Microsoft Windows XP
Impact:
- Two vulnerabilities: information disclosure, denial of
service
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-051.asp.
Microsoft Security Bulletin (MS02-050)
Certificate Validation Flaw Could Enable Identity Spoofing
(Q329115)
Date:
Revised:
- 20 November 2002 (version 4.0)
Software:
- Microsoft Windows
- Microsoft Office for Mac
- Microsoft Internet Explorer for Mac
- Microsoft Outlook Express for Mac
Impact:
- Identity spoofing and, in some cases, ability to gain
control over a user's system.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-050.asp.
Microsoft Security Bulletin (MS02-049)
Flaw Could Enable Web Page to Launch Visual FoxPro 6.0 Application
Without Warning (Q326568)
Date:
Software:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition
- Microsoft Windows Millennium
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
- Microsoft Windows XP
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-049.asp.
Microsoft Security Bulletin (MS02-048)
Flaw in Certificate Enrollment Control Could Allow Deletion
of Digital Certificates (Q323172)
Date:
Software:
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition
- Microsoft Windows Millennium
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
- Microsoft Windows XP
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-048.asp.
Microsoft Security Bulletin (MS02-047)
Cumulative Patch for Internet Explorer (Q323759)
Date:
Software:
Impact:
- Six new vulnerabilities, the most serious of which could
enable an attacker to execute commands on a user's system.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-047.asp.
Microsoft Security Bulletin (MS02-046)
Buffer Overrun in TSAC ActiveX Control Could Allow Code Execution
(Q327521)
Date:
Software:
- Microsoft Terminal Services Advanced Client (TSAC) ActiveX
control, which can be installed on any Windows system.
Impact:
- Run code of the attacker's choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-046.asp.
Microsoft Security Bulletin (MS02-045)
Unchecked Buffer in Network Share Provider Can Lead to Denial
of Service (Q326830)
Date:
Software:
- Microsoft Windows NT 4.0 Workstation
- Microsoft Windows NT 4.0 Server
- Microsoft Windows NT 4.0 Server, Terminal Sever Edition
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Windows XP Professional
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-045.asp.
Microsoft Security Bulletin (MS02-044)
Unsafe Functions in Office Web Components (Q328130)
Date:
Software:
- Office Web Components
- Office
- BackOffice Server
- BizTalk Server
- Commerce Server
- ISA Server
- Money
- Microsoft Project
- Microsoft Project Server
- Small Business Server
Impact:
- Three vulnerabilities, the most serious of which could
allow an attacker to run commands on the user's system.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-044.asp.
Microsoft Security Bulletin (MS02-043)
Cumulative Patch for SQL Server (Q316333)
Date:
Software:
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-043.asp.
Microsoft Security Bulletin (MS02-042)
Flaw in Network Connection Manager Could Enable Privilege
Elevation (Q326886)
Date:
Software:
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-042.asp.
Microsoft Security Bulletin (MS02-041)
Unchecked Buffer in Content Management Server Could Enable
Server Compromise (Q326075)
Date:
Software:
- Microsoft Content Management Server
Impact:
- Three vulnerabilities, the most serious of which could
enable an attacker to run code of an attackers choice.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-041.asp.
Microsoft Security Bulletin (MS02-040)
Unchecked Buffer in MDAC Function Could Enable SQL Server
Compromise (Q326573)
Date:
Revised:
- 20 August 2003 (version 2.0)
Software:
- Microsoft Data Access Components
Impact:
- Run code of attacker's choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-040.asp.
Microsoft Security Bulletin (MS02-039)
Buffer Overruns in SQL Server 2000 Resolution Service Could
Enable Code Execution (Q323875)
Date:
Software:
Impact:
- Three vulnerabilities, the most serious of which could
enable an attacker to gain control over an affected SQL
Server 2000 installation
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-039.asp.
Microsoft Security Bulletin (MS02-038)
Cumulative Patch for SQL Server 2000 Service Pack 2 (Q316333)
Date:
Software:
- Microsoft SQL Server 2000
- Microsoft Desktop Engine (MSDE) 2000
Impact:
- Two vulnerabilities, both of which could enable an attacker
to run code on the server.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-038.asp.
Microsoft Security Bulletin (MS02-037)
Server Response To SMTP Client EHLO Command Results In Buffer
Overrun (Q326322)
Date:
Software:
Impact:
- Ability to run arbitrary code
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-037.asp.
Microsoft Security Bulletin (MS02-036)
uthentication Flaw in Microsoft Metadirectory Services Could
Allow Privilege Elevation (Q317138)
Date:
Software:
- Microsoft Metadirectory Services 2.2
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-036.asp.
Microsoft Security Bulletin (MS02-035)
SQL Server Installation Process May Leave Passwords on System
(Q263968)
Date:
Software:
- Microsoft SQL Server 7.0
- Microsoft Data Engine 1.0 (MSDE 1.0)
- SQL Server 2000
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-035.asp.
Microsoft Security Bulletin (MS02-034)
Cumulative Patch for SQL Server (Q316333)
Date:
Software:
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-034.asp.
Microsoft Security Bulletin (MS02-033)
Unchecked Buffer in Profile Service Could Allow Code Execution
in Commerce Server (Q322273)
Date:
Software:
- Microsoft Commerce Server 2000
- Commerce Server 2002
Impact:
- Four vulnerabilities, each of which could run code of
attacker's choice.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-033.asp.
Microsoft Security Bulletin (MS02-032)
26 June 2002 Cumulative Patch for Windows Media Player (Q320920)
Date:
Revised:
- 24 July 2002 (version 2.0)
Software:
- Microsoft Windows Media Player 6.4
- Microsoft Windows Media Player 7.1
- Microsoft Windows Media Player for Windows XP
Impact:
- Three new vulnerabilities, the most serious of which could
run code of attacker's choice.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-032.asp.
Microsoft Security Bulletin (MS02-031)
Cumulative Patches for Excel and Word for Windows (Q324458)
Date:
Software:
- Microsoft Office for Windows
Impact:
- Run Code of Attacker's Choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-031.asp.
Microsoft Security Bulletin (MS02-030)
Unchecked Buffer in SQLXML Could Lead to Code Execution (Q321911)
Date:
Software:
Impact:
- Two vulnerabilities, the most serious of which could run
code of attacker's choice.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-030.asp
Microsoft Security Bulletin (MS02-029)
Unchecked Buffer in Remote Access Service Phonebook Could
Lead to Code Execution (Q318138)
Date:
Revised:
- 02 July 2002 (Version 2.0)
Software:
- Windows NT 4.0
- NT 4.0 Terminal Server Edition
- Windows 2000
- Windows XP
- Routing and Remote Access Server (RRAS)
Impact:
- Local Privilege Escalation
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-029.asp.
Microsoft Security Bulletin (MS02-028)
Heap Overrun in HTR Chunked Encoding Could Enable Web Server
Compromise (Q321599)
Date:
Revised:
- 01 July 2002 (version 2.0)
Software:
- Internet Information Server
Impact:
- Run Code of Attacker's Choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-028.asp.
Microsoft Security Bulletin (MS02-027)
Unchecked Buffer in Gopher Protocol Handler Can Run Code
of Attacker's Choice (Q323889)
Date:
Revised:
- 14 June 2002 (version 2.0)
Software:
- Internet Explorer
- Proxy Server
- Internet Security
- Acceleration Server
Impact:
- Run Code of Attacker's Choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-027.asp.
Microsoft Security Bulletin (MS02-026)
Unchecked Buffer in ASP.NET Worker Process (Q322289)
Date:
Software:
Impact:
- Denial of service, potentially run code of attacker's
choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-026.asp.
Microsoft Security Bulletin (MS02-025)
Malformed Mail Attribute can Cause Exchange 2000 to Exhaust
CPU Resources (Q320436)
Date:
Software:
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-025.asp.
Microsoft Security Bulletin (MS02-024)
Authentication Flaw in Windows Debugger can Lead to Elevated
Privileges (Q320206)
Date:
Software:
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 Server, Terminal Server Edition
- Microsoft Windows 2000
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-024.asp.
Microsoft Security Bulletin (MS02-023)
15 May 2002 Cumulative Patch for Internet Explorer (Q321232)
Date:
Software:
Impact:
- Six new vulnerabilities, the most serious of which could
allow code of attacker's choice to run.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-023.asp.
Microsoft Security Bulletin (MS02-022)
Unchecked Buffer in MSN Chat Control Can Lead to Code Execution
(Q321661)
Date:
Software:
- MSN Chat
- MSN Messenger
- Exchange Instant Messenger
Impact:
- Run Code of Attacker's Choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at:
http://www.microsoft.com/technet/security/bulletin/MS02-022.asp.
Microsoft Security Bulletin (MS02-021)
E-mail Editor Flaw Could Lead to Script Execution on Reply
or Forward (Q321804)
Date:
Software:
Impact:
- Run Code of Attacker's Choice
Maxium Risk:
Recommendation:
Microsoft Security Bulletin (MS02-020)
SQL Extended Procedure Functions Contain Unchecked Buffers
(Q319507)
Date:
Software:
Impact:
- Run Code of Attacker's Choice
Maxium Risk:
Recommendation:
Microsoft Security Bulletin (MS02-019)
Unchecked Buffer in Internet Explorer and Office for Mac
Can Cause Code to Execute (Q321309)
Date:
Software:
- Microsoft Internet Explorer 5.1 for Macintosh
- Microsoft Outlook Express 5.0 for Macintosh
- Microsoft Office v. X for Macintosh
- Microsoft Office 2001 for Macintosh
- Microsoft PowerPoint 98 for Macintosh
Impact:
- Run Code of Attacker's Choice
Maxium Risk:
Recommendation:
Microsoft Security Bulletin (MS02-018)
Cumulative Patch for Internet Information Services (Q319733)
Date:
Software:
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Services 5.1
Impact:
- Ten new vulnerabilities, the most serious of which could
enable code of an attacker's choice to be run on a server.
Maxium Risk:
Recommendation:
Microsoft Security Bulletin (MS02-017)
Unchecked buffer in the Multiple UNC Provider Could Enable
Code Execution (Q311967)
Date:
Software:
- Microsoft Windows NT 4.0 Workstation
- Microsoft Windows NT 4.0 Server
- Microsoft Windows NT 4.0 Server, Enterprise Edition
- Microsoft Windows NT 4 Terminal Server Edition
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows XP Professional
Impact:
- Local privilege elevation and run code of attacker's choice.
Maxium Risk:
Recommendation:
Microsoft Security Bulletin (MS02-016)
Opening Group Policy Files for Exclusive Read Blocks Policy
Application (Q318593)
Date:
Software:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
Impact:
- Attacker could block application of Group Policy.
Maxium Risk:
Recommendation:
Microsoft Security Bulletin (MS02-015)
28 March 2002 Cumulative Patch for Internet Explorer (Q319182)
Date:
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-015.asp.
Microsoft Security Bulletin (MS02-014)
Unchecked Buffer in Windows Shell Could Lead to Code Execution
(Q313829)
Date:
Software:
- Microsoft Windows 98
- Microsoft Windows 98 SE
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
- Microsoft Windows 4.0 Terminal Server Edition
Impact:
- Run code of attacker's choice
Maxium Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-014.asp.
Microsoft Security Bulletin (MS02-013)
version 2
04 March 2002 Cumulative VM Update (Q300845)
Date:
Revised:
- 18 March 2002 (version 2.0)
Software:
- Microsoft Virtual Machine
Impact:
- Information Disclosure, run code of an attacker's choice
Maxium Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-013.asp.
Microsoft Security Bulletin (MS02-012)
Malformed Data Transfer Request can Cause Windows SMTP Service
to Fail (Q313450)
Date:
Software:
- Microsoft Windows 2000
- Microsoft Windows XP Professional
- Microsoft Exchange 2000
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-012.asp.
Microsoft Security Bulletin (MS02-011)
Authentication Flaw Could Allow Unauthorized Users To Authenticate
To SMTP Service (Q313450
and Q289258)
Date:
Software:
- Microsoft Windows 2000
- Microsoft Exchange Server 5.5
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-011.asp.
Microsoft Security Bulletin (MS02-010)
Unchecked Buffer in ISAPI Filter Could Allow Commerce Server
Compromise (Q317615)
Date:
Software:
Impact:
- Run code of attacker's choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-010.asp.
Microsoft Security Bulletin (MS02-009)
Incorrect VBScript Handling in IE can Allow Web Pages to
Read Local Files (Q318089)
Date:
Software:
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-009.asp.
Microsoft Security Bulletin (MS02-008)
XMLHTTP Control Can Allow Access to Local Files (Q318202,
Q317244)
Date:
Software:
- Microsoft XML Core Services
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-008.asp.
Microsoft Security Bulletin (MS02-007)
SQL Server Remote Data Source Function Contain Unchecked
Buffers (Q317979)
Date:
Software:
Impact:
- Run code of attacker's choice on server
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-007.asp.
Microsoft Security Bulletin (MS02-006
- ver 6)
Unchecked Buffer in SNMP Service Could Enable Arbitrary Code
to be Run (Q314147)
Date:
Revised:
- 26 April 2002 (Version 6.0)
Software:
- Windows 95, 98, 98SE
- windows 2000
- windows XP
- Windows NT 4.0
- Windows NT 4.0 Terminal Server
Impact:
- Denial of Service, potentially run code of attacker's
choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-006.asp.
Microsoft Security Bulletin (MS02-005)
11 February 2002 Cumulative Patch for Internet Explorer (Q316059,
Q317727,
Q317726,
Q317745,
Q317729,
and Q317742)
Date:
Affected Software:
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
Impact of vulnerability:
- Six vulnerabilities, the most serious of which could allow
an attacker to run code on another users system.
Maximum Severity Rating:
Recommendation:
- Customers using an affected version of IE should install
the patch immediately.
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-005.asp.
Microsoft Security Bulletin (MS02-004)
Unchecked Buffer in Telnet Server Could Lead to Arbitrary
Code Execution (Q307298)
Date:
Software:
- Telnet Service in Microsoft Windows 2000
- Telnet Daemon in Microsoft Interix 2.2
Impact:
- Denial of Service
- Possibly Run Code of Attacker's Choice
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-004.asp.
Microsoft Security Bulletin (MS02-003)
Exchange 2000 System Attendant Incorrectly Sets Remote Registry
Permissions (Q316056)
Date:
Software:
Impact:
- Less Secure Default Settings
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-003.asp.
Microsoft Security Bulletin (MS02-002)
Malformed Network Request can cause Office v. X for Mac to
Fail (Q317879)
Date:
Software:
- Microsoft Office v. X for Mac
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-002.asp.
Microsoft Security Bulletin (MS02-001)
Trusting Domains Do Not Verify Domain Membership of SIDs
in Authorization Data (Q311401,
Q289243
and Q289246)
Date:
Software:
- Windows NT 4.0
- Windows 2000
Impact:
Max Risk:
Microsoft encourages customers to review the Security Bulletin
at: http://www.microsoft.com/technet/security/bulletin/MS02-001.asp.
Year 2003 Security Bulletins
Year 2001 Security Bulletins
Year 2000 Security Bulletins
Year 1999 Security Bulletins
Year 1998 Security Bulletins
Microsoft Terms of Use
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE
IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR
IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT
CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER
INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS
OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT
CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE
EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT
APPLY.
(c) 2002 Microsoft Corporation. All rights reserved. Terms
of use.
|