|
More Bulletins:
Year 2003 Security Bulletins
Year 2002 Security Bulletins
Year 2001 Security Bulletins
Year 2000 Security Bulletins
Year 1998 Security Bulletins
What's Listed
Only Official Microsoft Security
Bulletins that apply to Windows 98/Me and any applets that are
included with the operating system (Media Player, Internet
Explorer, Outlook Express, etc.)
This is not a complete list. You should
also go to the Windows
Update site at Microsoft and also visit the Security
pages at Microsoft.
Be sure to read the Microsoft
Terms of Use.
Microsoft Security Bulletin (MS99-048)
Patch Available for "Active Setup Control"
Vulnerability
Microsoft has released a patch that eliminates a vulnerability
that could
allow a malicious user to embed an unsafe executable within an
email and
disguise it as a safe type of attachment. Through a complicated
series of
steps, the unsafe executable could be made to execute under
certain
conditions, if the user opened the attachment.
Affected Software Versions
The affected ActiveX control ships as part of Microsoft Internet
Explorer 4
and 5
Microsoft Security Bulletin (MS99-047)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-046)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-045)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-044)
Patch Available for "Excel SYLK" Vulnerability
Microsoft has released a patch that eliminates two
vulnerabilities in Microsoft(r) Excel 97 and 2000 that could allow macros to
run without
warning under certain conditions.
Affected Software Versions
- Microsoft Excel 97, whether shipped alone or as part of
Office 97.
- Microsoft Excel 2000, whether shipped alone or as part
of Office 2000.
Microsoft Security Bulletin (MS99-043)
Patch Available for "Javascript Redirect"
Vulnerability
On October 18, 1999, Microsoft released the original version of
this
bulletin, in order to advise customers of a workaround for
a vulnerability
in Microsoft(r) Internet Explorer. The vulnerability could
allow a
malicious web site operator to read files on the computer of a
user who
visited the site, under certain circumstances. Microsoft has
completed a
patch that completely eliminates the vulnerability, and
has re-released
this bulletin in order to advise customers of its
availability.
Affected Software Versions
- Microsoft Internet Explorer 4.01 and 5.
Microsoft Security Bulletin (MS99-046)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-046)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-046)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-046)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-046)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-046)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-046)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-046)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-046)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-032)
Patch Available for "Scriptlet.typlib/Eyedog"
Vulnerability
Microsoft has released a patch that eliminates security
vulnerabilities in
two ActiveX controls. The net effect of the
vulnerabilities is that a web
page could take unauthorized action against a person who
visited it.
Specifically, the web page would be able to do anything on the
computer
that the user could do.
Affected Software Versions
- Microsoft(r) Internet Explorer 4.0 and 5.0
Microsoft Security Bulletin (MS99-046)
28 March 2002 Cumulative Patch for Internet Explorer
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-030)
Patch Available for Office "ODBC Vulnerabilities"
Microsoft has released a patch that eliminates security
vulnerabilities in
the Microsoft(r) Jet database engine. The vulnerabilities
could affect any
application that runs atop Jet, and could allow a database
query to take
virtually any action on a user's computer. Microsoft recommends
that all
customers who are running applications that use Jet, especially
users of
Microsoft Office97 and Office2000, install the patch.
Affected Software Versions
- Microsoft Jet, all versions
note: Jet serves as the database engine for a number of
Microsoft products,
including but not limited to:
- Microsoft Office
- Microsoft Visual Studio
- Microsoft Publisher
- Microsoft Streets & Trips
Jet also serves as the database engine for many third-party
software products. The patch does not require any change
to any of the applications that use Jet; instead, it operates
directly on the Jet database engine and restores proper
functionality to it.
Microsoft Security Bulletin (MS99-029)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-028)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-027)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-026)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-025)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-024)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-023)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-022)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-021)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-020)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-019)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-018)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-017)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-016)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-015)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-014)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-013)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-012)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-011)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-010)
Patch Available for File Access Vulnerability in Personal Web
Server
Microsoft has released a patch that eliminates a vulnerability
in certain
versions of Personal Web Server running under Windows (c)
95 or Windows 98,
which could allow files on the server to be read by an
unauthorized user
who knew the name of the file and requested it via a specific
non-standard
URL. Users running web server products on Microsoft Windows NT
(c) are not
affected.
Affected Software Versions
This vulnerability involves two different products with similar
names:
Microsoft (r) Personal Web Server and FrontPage (r)
Personal Web Server.
The products can be installed on Windows 95, 98 or Windows
NT; however,
none of the products are affected by this vulnerability if
installed on
Windows NT.
- Microsoft Personal Web Server is available as part of Windows 98 and the Windows NT Option Pack (which can be installed on Windows 95 and 98, as well as Windows NT). Microsoft Personal Web Server 4.0 is the only version affected by the vulnerability.
- There is only one version of FrontPage Personal Web
Server, which shipped as part of Microsoft FrontPage 1.1,
FrontPage 97, and FrontPage 98. It is affected by this
vulnerability.
Note: Most FrontPage users will not be affected by this
vulnerability.
FrontPage 97 and 98 include two personal web servers -
FrontPage Personal
Web Server and Microsoft Personal Web Server 2.0 - and by
default install
the latter, which is not affected by the vulnerability.
Frontage 1.1 does
install the FrontPage Personal Web Server by default.
Microsoft Security Bulletin (MS99-009)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-008)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-007)
Patch Available for Taskpads Scripting Vulnerability
Microsoft has released a patch that eliminates a vulnerability
in the
Taskpads feature, which is provided as part of the Microsoft(r)
Windows(r)
98 Resource Kit, Windows 98 Resource Kit Sampler, and
BackOffice(r) Resource
Kit, second edition. The vulnerability could allow a malicious
web site
operator to run executables on the computer of a visiting user.
Only
customers who have installed one of the affected products and
who surf the
web using the machine on which it is installed are at risk from
this
vulnerability.
Affected Software Versions
- Microsoft Windows 98 Resource Kit, Microsoft Windows 98
- Resource Kit Sampler (included as part of Windows 98 but not installed by default)
- Microsoft BackOffice Resource Kit, second edition
Microsoft Security Bulletin (MS99-006)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-005)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-004)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-003)
xxx
Software:
Impact:
- Two vulnerabilities, the most serious of which would allow
script to run in the Local Computer Zone.
Maxium Risk:
Microsoft Security Bulletin (MS99-002)
Patch Available for "Word 97 Template"
Vulnerability
Microsoft has released a patch that fixes a vulnerability in
Word 97 which
could permit macros to run without warning the user when the
user opens a
document based on a template containing macros. A malicious
hacker could
exploit this vulnerability to cause malicious macro code to be
run without
warning if a user opens a Word attachment that was sent by a
malicious
hacker, or posted on a web site controlled by the malicious
hacker. This
malicious macro could possibly be used to damage or retrieve
data on a
user's system.
Affected Software Versions
The following software versions are affected:
- Microsoft Word 97
Microsoft Security Bulletin (MS99-001)
Patch Available for exposure in Forms 2.0 TextBox
Control that allows data to be read from user's Clipboard
Microsoft has released a patch that fixes a vulnerability in the
Forms 2.0
ActiveX control. This control is distributed in any application
that
includes Visual Basic for Applications 5.0. A malicious hacker
could use the
Forms 2.0 Control to read or export text on a user's Clipboard
when that
user visits a web site set up by the malicious hacker or opens a
HTML email
created by the malicious hacker.
Affected Software Versions
The following software installs the Forms 2.0 control:
- Microsoft Office 97
- Microsot Outlook 98
- Microsoft Project 98
- Microsoft Visual Basic 5.0
- Any third-party product that includes Visual Basic for Applications 5.0
Year 2003 Security Bulletins
Year 2002 Security Bulletins
Year 2001 Security Bulletins
Year 2000 Security Bulletins
Year 1998 Security Bulletins
Microsoft Terms of Use
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR
IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT
CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN
IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT
ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION
MAY NOT APPLY.
(c) 2001 Microsoft Corporation. All rights reserved. Terms of
use.
|
