Make your own free website on Tripod.com
Microsoft Security Bulletins Windows Assistance
Go To
Home
Windows XP
Virus Info Center
Windows Web Sites
Books
Tips From The Past
Searching For
Commentary
Microsoft Security Bulletins
eMail
About This Site
Search Me


Advanced Search

Search The Web


Advanced Search

 

More Bulletins: 

Year 2003 Security Bulletins
Year 2001 Security Bulletins

Year 2000 Security Bulletins
 
Year 1999 Security Bulletins 
Year 1998 Security Bulletins 

Important: You should also go to the Windows Update site at Microsoft and also visit the Security pages at Microsoft.

Be sure to read the Microsoft Terms of Use.


Microsoft Security Bulletin (MS02-072)

Unchecked Buffer in Windows Shell Could Enable System Compromise (329390)

Date:

  • 18 December 2002

Software:

  • Microsoft Windows XP

Impact:

  • Run code of an attacker's choice

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-072.asp.

http://www.microsoft.com/security/security_bulletins/ms02-072.asp


Microsoft Security Bulletin (MS02-071)

Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310)

Date:

  • 11 December 2002

Revised:

  • April 30, 2003 (version 3.0)

Software:

  • Microsoft Windows NT 4.0
  • Windows 2000
  • Windows XP

Impact:

  • Privilege elevation

Max Risk:

  • Important

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-071.asp.

http://www.microsoft.com/security/security_bulletins/ms02-071.asp


Microsoft Security Bulletin (MS02-070)

Flaw in SMB Signing Could Enable Group Policy to be Modified (309376)

Date:

  • 11 December 2002

Modified:

  • 22 January 2003 (version 2.0)

Software:

  • Windows 2000
  • Windows XP

Impact:

  • Modify group policy

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-070.asp.

http://www.microsoft.com/security/security_bulletins/ms02-070.asp


Microsoft Security Bulletin (MS02-069)

Flaw in Microsoft VM Could Enable System Compromise (810030)

Date:

  • 11 December 2002

Software:

  • Microsoft VM

Impact:

  • Eight vulnerabilities, the most serious of which would enable an attacker to gain control over another user's system.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-069.asp.

http://www.microsoft.com/security/security_bulletins/ms02-069.asp


Microsoft Security Bulletin (MS02-068)

Cumulative Patch for Internet Explorer (324929)

Date:

  • 04 December 2002

Revised:

  • 06 December 2002 (version 2.0)

Software:

  • Microsoft(r) Internet Explorer

Impact:

  • Allow an attacker to execute commands on a user's system.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-068.asp.

http://www.microsoft.com/security/security_bulletins/ms02-068.asp


Microsoft Security Bulletin (MS02-067)

E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail (331866)

Date:

  • 04 December 2002

Software:

  • Microsoft Outlook 2002

Impact:

  • Denial of Service

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-067.asp.

http://www.microsoft.com/security/security_bulletins/ms02-067.asp


Microsoft Security Bulletin (MS02-066)

Cumulative Patch for Internet Explorer (Q328970)

Date:

  • 20 November 2002

Software:

  • Internet Explorer

Impact:

  • Execute commands on a user's system

Max Risk:

  • Important

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-066.asp.

http://www.microsoft.com/security/security_bulletins/ms02-066.asp


Microsoft Security Bulletin (MS02-065)

Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414)

Date:

  • 20 November, 2002

Software:

  • Microsoft Data Access Components (MDAC) 2.1
  • Microsoft Data Access Components (MDAC) 2.5
  • Microsoft Data Access Components (MDAC) 2.6
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 6.0

Impact:

  • Run code of attacker?s choice

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-065.asp.
http://www.microsoft.com/security/security_bulletins/ms02-065.asp


Microsoft Security Bulletin (MS02-064)

Windows 2000 Default Permissions Could Allow Trojan Horse Program (Q327522)

Date:

  • 30 October 2002

Software:

  • Windows 2000

Impact:

  • Trojan Horse program execution.

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-064.asp.


Microsoft Security Bulletin (MS02-063)

Unchecked Buffer in PPTP Implementation Could Enable Denial of Service Attacks (Q329834)

Date:

  • 30 October 2002

Software:

  • Windows 2000
  • Windows XP

Impact:

  • Denial of Service.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-063.asp.


Microsoft Security Bulletin (MS02-062)

Cumulative Patch for Internet Information Service (Q327696)

Date:

  • 30 October 2002

Software:

  • Internet Information Service

Impact:

  • Four vulnerabilities, the most serious of which could enable applications on a server to gain system-level privileges.

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-062.asp.


Microsoft Security Bulletin (MS02-061)

Elevation of Privilege in SQL Server Web Tasks (Q316333)

Date:

  • 16 October 2002

Software:

  • Microsoft SQL Server 7.0 and 2000

Impact:

  • Elevation of privilege.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-061.asp.


Microsoft Security Bulletin (MS02-060)

Flaw in Windows XP Help and Support Center Could Enable File Deletion (Q328940)

Date:

  • 16 October 2002

Software:

  • Microsoft Windows XP

Impact:

  • Delete files on the user's system

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-060.asp.


Microsoft Security Bulletin (MS02-059)

Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure (Q330008)

Date:

  • 16 October 2002

Software:

  • Microsoft(r) Word

  • Microsoft(r) Excel

Impact:

  • Information Disclosure

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-059.asp.


Microsoft Security Bulletin (MS02-058)

Unchecked Buffer in Outlook Express S/MIME Parsing Could Enable System Compromise (Q328676)

Date:

  • 10 October 2002

Software:

  • Outlook Express

Impact:

  • Run code of attacker's choice.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-058.asp.


Microsoft Security Bulletin (MS02-057)

Flaw in Services for Unix 3.0 Interix SDK Could Allow Code Execution (Q329209)

Date:

  • 02 October 2002

Software:

  • Services for Unix 3.0 Interix SDK

Impact:

  • Buffer overrun and denial of service

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-057.asp.


Microsoft Security Bulletin (MS02-056)

Cumulative Patch for SQL Server (Q316333)

Date:

  • 02 October 2002

Software:

  • Microsoft SQL Server 7.0
  • Microsoft Data Engine (MSDE) 1.0
  • Microsoft SQL Server 2000
  • Microsoft Desktop Engine (MSDE) 2000

Impact:

  • Four vulnerabilities, the most serious of which could enable an attacker to gain control over an affected server.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-056.asp.


Microsoft Security Bulletin (MS02-055)

Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255)

Date:

  • 02 October 2002

Software:

  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows Millennium Edition
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0, Terminal Server Edition
  • Microsoft Windows 2000
  • Microsoft Windows XP

Impact:

  • Attacker could gain control over user's system

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-055.asp.


Microsoft Security Bulletin (MS02-054)

Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048)

Date:

  • 02 October 2002

Software:

  • Microsoft Windows 98 with Plus! Pack
  • Windows Me
  • Windows XP

Impact:

  • Two vulnerabilities, the most serious of which could run code of attacker's choice

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-054.asp.


Microsoft Security Bulletin (MS02-053)

Buffer Overrun in SmartHTML Interpreter Could Allow Code Execution (Q324096)

Date:

  • 25 September 2002

Software:

  • FrontPage Server Extensions 2000 and 2002

Impact:

  • Denial of service or privilege elevation

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-053.asp.


Microsoft Security Bulletin (MS02-052)

Flaw in Microsoft VM JDBC Classes Could Allow Code Execution (Q329077)

Date:

  • 18 September 2002

Software:

  • Versions of the Microsoft virtual machine (Microsoft VM)

Impact:

  • Three vulnerabilities, the most serious of which could enable an attacker to gain complete control over a user's system.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-052.asp.


Microsoft Security Bulletin (MS02-051)

Cryptographic Flaw in RDP Protocol can Lead to Information Disclosure (Q324380)

Date:

  • 18 September 2002

Software:

  • Microsoft Windows 2000
  • Microsoft Windows XP

Impact:

  • Two vulnerabilities: information disclosure, denial of service

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-051.asp.


Microsoft Security Bulletin (MS02-050)

Certificate Validation Flaw Could Enable Identity Spoofing (Q329115)

Date:

  • September 04, 2002

Revised:

  • 20 November 2002 (version 4.0)

Software:

  • Microsoft Windows
  • Microsoft Office for Mac
  • Microsoft Internet Explorer for Mac
  • Microsoft Outlook Express for Mac

Impact:

  • Identity spoofing and, in some cases, ability to gain control over a user's system.

Max Risk:

  • Important

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-050.asp.


Microsoft Security Bulletin (MS02-049)

Flaw Could Enable Web Page to Launch Visual FoxPro 6.0 Application Without Warning (Q326568)

Date:

  • 04 September 2002

Software:

  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows Millennium
  • Microsoft Windows NT 4.0
  • Microsoft Windows 2000
  • Microsoft Windows XP

Impact:

  • Denial of service

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-049.asp.


Microsoft Security Bulletin (MS02-048)

Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172)

Date:

  • 28 August 2002

Software:

  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows Millennium
  • Microsoft Windows NT 4.0
  • Microsoft Windows 2000
  • Microsoft Windows XP

Impact:

  • Denial of service

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-048.asp.


Microsoft Security Bulletin (MS02-047)

Cumulative Patch for Internet Explorer (Q323759)

Date:

  • 22 August 2002

Software:

  • Internet Explorer

Impact:

  • Six new vulnerabilities, the most serious of which could enable an attacker to execute commands on a user's system.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-047.asp.


Microsoft Security Bulletin (MS02-046)

Buffer Overrun in TSAC ActiveX Control Could Allow Code Execution (Q327521)

Date:

  • 22 August 2002

Software:

  • Microsoft Terminal Services Advanced Client (TSAC) ActiveX control, which can be installed on any Windows system.

Impact:

  • Run code of the attacker's choice

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-046.asp.


Microsoft Security Bulletin (MS02-045)

Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)

Date:

  • 22 August 2002

Software:

  • Microsoft Windows NT 4.0 Workstation
  • Microsoft Windows NT 4.0 Server
  • Microsoft Windows NT 4.0 Server, Terminal Sever Edition
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Windows XP Professional

Impact:

  • Denial of Service

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-045.asp.


Microsoft Security Bulletin (MS02-044)

Unsafe Functions in Office Web Components (Q328130)

Date:

  • 21 August 2002

Software:

  • Office Web Components
  • Office
  • BackOffice Server
  • BizTalk Server
  • Commerce Server
  • ISA Server
  • Money
  • Microsoft Project
  • Microsoft Project Server
  • Small Business Server

Impact:

  • Three vulnerabilities, the most serious of which could allow an attacker to run commands on the user's system.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-044.asp.


Microsoft Security Bulletin (MS02-043)

Cumulative Patch for SQL Server (Q316333)

Date:

  • 14 August 2002

Software:

  • Microsoft SQL Server

Impact:

  • Elevation of privilege

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-043.asp.


Microsoft Security Bulletin (MS02-042)

Flaw in Network Connection Manager Could Enable Privilege Elevation (Q326886)

Date:

  • 14 August 2002

Software:

  • Microsoft Windows 2000

Impact:

  • Privilege elevation

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-042.asp.


Microsoft Security Bulletin (MS02-041)

Unchecked Buffer in Content Management Server Could Enable Server Compromise (Q326075)

Date:

  • 07 August 2002

Software:

  • Microsoft Content Management Server

Impact:

  • Three vulnerabilities, the most serious of which could enable an attacker to run code of an attackers choice.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-041.asp.


Microsoft Security Bulletin (MS02-040)

Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise (Q326573)

Date:

  • 31 July 2002

Revised:

  • 20 August 2003 (version 2.0)

Software:

  • Microsoft Data Access Components

Impact:

  • Run code of attacker's choice

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-040.asp.


Microsoft Security Bulletin (MS02-039)

Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875)

Date:

  • 24 July 2002

Software:

  • SQL Server 2000

Impact:

  • Three vulnerabilities, the most serious of which could enable an attacker to gain control over an affected SQL Server 2000 installation

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-039.asp.


Microsoft Security Bulletin (MS02-038)

Cumulative Patch for SQL Server 2000 Service Pack 2 (Q316333)

Date:

  • 24 July 2002

Software:

  • Microsoft SQL Server 2000
  • Microsoft Desktop Engine (MSDE) 2000

Impact:

  • Two vulnerabilities, both of which could enable an attacker to run code on the server.

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-038.asp.


Microsoft Security Bulletin (MS02-037)

Server Response To SMTP Client EHLO Command Results In Buffer Overrun (Q326322)

Date:

  • 24 July 2002

Software:

  • Microsoft Exchange 5.5

Impact:

  • Ability to run arbitrary code

Max Risk:

  • Medium

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-037.asp.


Microsoft Security Bulletin (MS02-036)

uthentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation (Q317138)

Date:

  • 24 July 2002

Software:

  • Microsoft Metadirectory Services 2.2

Impact:

  • Elevation of privilege

Max Risk:

  • Medium

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-036.asp.


Microsoft Security Bulletin (MS02-035)

SQL Server Installation Process May Leave Passwords on System (Q263968)

Date:

  • July 10, 2002

Software:

  • Microsoft SQL Server 7.0
  • Microsoft Data Engine 1.0 (MSDE 1.0)
  • SQL Server 2000

Impact:

  • Elevation of privilege

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-035.asp.


Microsoft Security Bulletin (MS02-034)

Cumulative Patch for SQL Server (Q316333)

Date:

  • 10 July 2002

Software:

  • SQL Server 2000

Impact:

  • Elevation of privilege

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-034.asp.


Microsoft Security Bulletin (MS02-033)

Unchecked Buffer in Profile Service Could Allow Code Execution in Commerce Server (Q322273)

Date:

  • 26 June 2002

Software:

  • Microsoft Commerce Server 2000
  • Commerce Server 2002

Impact:

  • Four vulnerabilities, each of which could run code of attacker's choice.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-033.asp.


Microsoft Security Bulletin (MS02-032)

26 June 2002 Cumulative Patch for Windows Media Player (Q320920)

Date:

  • 26 June 2002

Revised:

  • 24 July 2002 (version 2.0)

Software:

  • Microsoft Windows Media Player 6.4
  • Microsoft Windows Media Player 7.1
  • Microsoft Windows Media Player for Windows XP

Impact:

  • Three new vulnerabilities, the most serious of which could run code of attacker's choice.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-032.asp.


Microsoft Security Bulletin (MS02-031)

Cumulative Patches for Excel and Word for Windows (Q324458)

Date:

  • 19 June 2002

Software:

  • Microsoft Office for Windows

Impact:

  • Run Code of Attacker's Choice

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-031.asp.


Microsoft Security Bulletin (MS02-030)

Unchecked Buffer in SQLXML Could Lead to Code Execution (Q321911)

Date:

  • 12 June 2002

Software:

  • Microsoft SQLXML

Impact:

  • Two vulnerabilities, the most serious of which could run code of attacker's choice.

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-030.asp


Microsoft Security Bulletin (MS02-029)

Unchecked Buffer in Remote Access Service Phonebook Could Lead to Code Execution (Q318138)

Date:

  • 12 June 2002

Revised:

  • 02 July 2002 (Version 2.0)

Software:

  • Windows NT 4.0
  • NT 4.0 Terminal Server Edition
  • Windows 2000
  • Windows XP
  • Routing and Remote Access Server (RRAS)

Impact:

  • Local Privilege Escalation

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-029.asp.


Microsoft Security Bulletin (MS02-028)

Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise (Q321599)

Date:

  • 12 June 2002

Revised:

  • 01 July 2002 (version 2.0)

Software:

  • Internet Information Server

Impact:

  • Run Code of Attacker's Choice

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-028.asp.


Microsoft Security Bulletin (MS02-027)

Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker's Choice (Q323889)

Date:

  • 11 June 2002

Revised:

  • 14 June 2002 (version 2.0)

Software:

  • Internet Explorer
  • Proxy Server
  • Internet Security
  • Acceleration Server

Impact:

  • Run Code of Attacker's Choice

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-027.asp.


Microsoft Security Bulletin (MS02-026)

Unchecked Buffer in ASP.NET Worker Process (Q322289)

Date:

  • 06 June 2002

Software:

  • .NET Framework

Impact:

  • Denial of service, potentially run code of attacker's choice

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-026.asp.


Microsoft Security Bulletin (MS02-025)

Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources (Q320436)

Date:

  • 29 May 2002

Software:

  • Microsoft Exchange

Impact:

  • Denial of Service

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-025.asp.


Microsoft Security Bulletin (MS02-024)

Authentication Flaw in Windows Debugger can Lead to Elevated Privileges (Q320206)

Date:

  • 22 May 2002

Software:

  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0 Server, Terminal Server Edition
  • Microsoft Windows 2000

Impact:

  • Elevation of Privilege

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-024.asp.


Microsoft Security Bulletin (MS02-023)

15 May 2002 Cumulative Patch for Internet Explorer (Q321232)

Date:

  • 16 May 2002

Software:

  • Internet Explorer

Impact:

  • Six new vulnerabilities, the most serious of which could allow code of attacker's choice to run.

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-023.asp.


Microsoft Security Bulletin (MS02-022)

Unchecked Buffer in MSN Chat Control Can Lead to Code Execution (Q321661)

Date:

  • 08 May 2002

Software:

  • MSN Chat
  • MSN Messenger
  • Exchange Instant Messenger

Impact:

  • Run Code of Attacker's Choice

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-022.asp.


Microsoft Security Bulletin (MS02-021)

E-mail Editor Flaw Could Lead to Script Execution on Reply or Forward (Q321804)

Date:

  • 25 April 2002

Software:

  • Microsoft Outlook

Impact:

  • Run Code of Attacker's Choice

Maxium Risk:

  • Moderate

Recommendation:


Microsoft Security Bulletin (MS02-020)

SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507)

Date:

  • 17 April 2002

Software:

  • Microsoft SQL Server

Impact:

  • Run Code of Attacker's Choice

Maxium Risk:

  • Moderate

Recommendation:


Microsoft Security Bulletin (MS02-019)

Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309)

Date:

  • 16 April 2002

Software:

  • Microsoft Internet Explorer 5.1 for Macintosh
  • Microsoft Outlook Express 5.0 for Macintosh
  • Microsoft Office v. X for Macintosh
  • Microsoft Office 2001 for Macintosh
  • Microsoft PowerPoint 98 for Macintosh

Impact:

  • Run Code of Attacker's Choice

Maxium Risk:

  • Critical

Recommendation:


Microsoft Security Bulletin (MS02-018)

Cumulative Patch for Internet Information Services (Q319733)

Date:

  • 10 April 2002

Software:

  • Microsoft Internet Information Server 4.0
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Services 5.1

Impact:

  • Ten new vulnerabilities, the most serious of which could enable code of an attacker's choice to be run on a server.

Maxium Risk:

  • High

Recommendation:


Microsoft Security Bulletin (MS02-017)

Unchecked buffer in the Multiple UNC Provider Could Enable Code Execution (Q311967)

Date:

  • 04 April 2002

Software:

  • Microsoft Windows NT 4.0 Workstation
  • Microsoft Windows NT 4.0 Server
  • Microsoft Windows NT 4.0 Server, Enterprise Edition
  • Microsoft Windows NT 4 Terminal Server Edition
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows XP Professional

Impact:

  • Local privilege elevation and run code of attacker's choice.

Maxium Risk:

  • Moderate

Recommendation:


Microsoft Security Bulletin (MS02-016)

Opening Group Policy Files for Exclusive Read Blocks Policy Application (Q318593)

Date:

  • 04 April 2002

Software:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server

Impact:

  • Attacker could block application of Group Policy.

Maxium Risk:

  • Moderate

Recommendation:


Microsoft Security Bulletin (MS02-015)

28 March 2002 Cumulative Patch for Internet Explorer (Q319182)

Date:

  • 28 March 2002

Software:

  • Internet Explorer

Impact:

  • Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.

Maxium Risk:

  • Critical
Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-015.asp.

Microsoft Security Bulletin (MS02-014)

Unchecked Buffer in Windows Shell Could Lead to Code Execution (Q313829)

Date:

  • 07 March 2002

Software:

  • Microsoft Windows 98
  • Microsoft Windows 98 SE
  • Microsoft Windows NT 4.0
  • Microsoft Windows 2000
  • Microsoft Windows 4.0 Terminal Server Edition

Impact:

  • Run code of attacker's choice

Maxium Risk:

  • Moderate
Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-014.asp.
Microsoft Security Bulletin (MS02-013) version 2

04 March 2002 Cumulative VM Update (Q300845)

Date:

  • 04 March 2002

Revised:

  • 18 March 2002 (version 2.0)

Software:

  • Microsoft Virtual Machine

Impact:

  • Information Disclosure, run code of an attacker's choice

Maxium Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-013.asp.


Microsoft Security Bulletin (MS02-012)

Malformed Data Transfer Request can Cause Windows SMTP Service to Fail (Q313450)

Date:

  • 27 February 2002

Software:

  • Microsoft Windows 2000
  • Microsoft Windows XP Professional
  • Microsoft Exchange 2000

Impact:

  • Denial of Service

Max Risk:

  • Low

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-012.asp.


Microsoft Security Bulletin (MS02-011)

Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service (Q313450 and Q289258)

Date:

  • 27 February 2002

Software:

  • Microsoft Windows 2000
  • Microsoft Exchange Server 5.5

Impact:

  • Mail Relaying

Max Risk:

  • Low

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-011.asp.


Microsoft Security Bulletin (MS02-010)

Unchecked Buffer in ISAPI Filter Could Allow Commerce Server Compromise (Q317615)

Date:

  • 21 February 2002

Software:

  • Commerce Server 2000

Impact:

  • Run code of attacker's choice

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-010.asp.


Microsoft Security Bulletin (MS02-009)

Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files (Q318089)

Date:

  • 21 February 2002

Software:

  • Internet Explorer

Impact:

  • Information Disclosure

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-009.asp.


Microsoft Security Bulletin (MS02-008)

XMLHTTP Control Can Allow Access to Local Files (Q318202, Q317244)

Date:

  • 21 February 2002

Software:

  • Microsoft XML Core Services

Impact:

  • Information disclosure

Max Risk:

  • Critical

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-008.asp.


Microsoft Security Bulletin (MS02-007)

SQL Server Remote Data Source Function Contain Unchecked Buffers (Q317979)

Date:

  • 20 February 2002

Software:

  • Microsoft SQL Server

Impact:

  • Run code of attacker's choice on server

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-007.asp.


Microsoft Security Bulletin (MS02-006 - ver 6)

Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run (Q314147)

Date:

  • 12 February 2002

Revised:

  • 26 April 2002 (Version 6.0)

Software:

  • Windows 95, 98, 98SE
  • windows 2000
  • windows XP
  • Windows NT 4.0
  • Windows NT 4.0 Terminal Server

Impact:

  • Denial of Service, potentially run code of attacker's choice

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-006.asp.


Microsoft Security Bulletin (MS02-005)

11 February 2002 Cumulative Patch for Internet Explorer (Q316059, Q317727, Q317726, Q317745, Q317729, and Q317742)

Date:

  • 11 February 2002

Affected Software:

  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 6.0

Impact of vulnerability:

  • Six vulnerabilities, the most serious of which could allow an attacker to run code on another user’s system.

Maximum Severity Rating:

  • Critical

Recommendation:

  • Customers using an affected version of IE should install the patch immediately.

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-005.asp.


Microsoft Security Bulletin (MS02-004)

Unchecked Buffer in Telnet Server Could Lead to Arbitrary Code Execution (Q307298)

Date:

  • 07 February 2002

Software:

  • Telnet Service in Microsoft Windows 2000
  • Telnet Daemon in Microsoft Interix 2.2

Impact:

  • Denial of Service
  • Possibly Run Code of Attacker's Choice

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-004.asp.


Microsoft Security Bulletin (MS02-003)

Exchange 2000 System Attendant Incorrectly Sets Remote Registry Permissions (Q316056)

Date:

  • 7 February 2002

Software:

  • Exchange Server 2000

Impact:

  • Less Secure Default Settings

Max Risk:

  • Low

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-003.asp.


Microsoft Security Bulletin (MS02-002)

Malformed Network Request can cause Office v. X for Mac to Fail (Q317879)

Date:

  • 6 February 2002

Software:

  • Microsoft Office v. X for Mac

Impact:

  • Denial of Service

Max Risk:

  • Low

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-002.asp.


Microsoft Security Bulletin (MS02-001)

Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data (Q311401, Q289243 and Q289246)

Date:

  • 30 January 2002

Software:

  • Windows NT 4.0
  • Windows 2000 

Impact:

  • Privilege Elevation

Max Risk:

  • Moderate

Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS02-001.asp.


Year 2003 Security Bulletins
Year 2001 Security Bulletins

Year 2000 Security Bulletins
 
Year 1999 Security Bulletins 
Year 1998 Security Bulletins 


Microsoft Terms of Use

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT  DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR  PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS  SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF  LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

(c) 2002 Microsoft Corporation. All rights reserved. Terms of use.