Microsoft Security Bulletins

Windows Assistance
Go To
Home
Windows XP
Virus Info Center
Windows Web Sites
Books
Tips From The Past
Searching For
Commentary
Microsoft Security Bulletins
eMail
About This Site
Search Me


Advanced Search

Search The Web


Advanced Search

 

More Bulletins: 

Year 2003 Security Bulletins
Year 2002 Security Bulletins
Year 2000 Security Bulletins 
Year 1999 Security Bulletins 
Year 1998 Security Bulletins 

What's Listed

Only Official Microsoft Security Bulletins that apply to Windows 98/Me and any applets that are included with the operating system (Media Player, Internet Explorer, Outlook Express, etc.) 

This is not a complete list. You should also go to the Windows Update site at Microsoft and also visit the Security pages at Microsoft.

Be sure to read the Microsoft Terms of Use.

Microsoft Security Bulletin (MS01-060)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-059)

Unchecked Buffer in Universal Plug and Play can Lead to System Compromise

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-058)

  • Superseded patches: MS01-055.
  • This Security Bulletin is at the Microsoft Technet Web Site. The patch is to important to outline here. There are several vulnerabilities that this patch eliminates including three (3) newly found vulnerabilities. Please go directly to Microsoft and download the required patch.
  • Detailed information on this Security Bulletin at Microsoft Technet web site. WindowsAssistance.com

13 December 2001 Cumulative Patch for IE

Impact:

  • Run code of attacker’s choice.
  • Customers using IE should install the patch immediately.

Software:

  • Internet Explorer 5.5
  • Internet Explorer 6.0
Download locations for this patch

Microsoft Security Bulletin (MS01-057)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-056)

Windows Media Player .ASF Processor Contains Unchecked Buffer

Impact:

  • Run code of attacker's choice

Software:

  • Windows Media Player

Microsoft Security Bulletin (MS01-055 version 2)

Important Notice:

13 November 2001 Cumulative Patch for IE 

Cookie Data in IE Can Be Exposed or Altered Through Script Injection

Impact:

  • Exposure and altering of data in cookies

Effected Software:

  • Internet Explorer 

Microsoft Security Bulletin (MS01-054 version 2)

Invalid Universal Plug and Play Request can Disrupt System Operation.

Revised:

  • 13 November 2001

Impact:

  • Denial of Service 

Effected Software:

  • Windows 98
  • Windows ME
  • Windows XP

Microsoft Security Bulletin (MS01-053)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-052)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-051)

Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone 

Impact: 

  • Cause web page to render a web page using inappropriate security settings
  • Send commands to a third-party web site in the guise of the user
  • Create a file on the system of a user who visited a web site. 

Effected Software:

  • Internet Explorer

Microsoft Security Bulletin (MS01-050)

Malformed Excel or PowerPoint Document Can Bypass Macro Security 

Impact:

  • Run Code Of Attacker's Choice 

Effected Software:

  • Microsoft Excel or PowerPoint for Windows or Macintosh 

Microsoft Security Bulletin (MS01-049)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-048)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-047)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-046)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-045)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-044)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-043)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-042)

Windows Media Player .NSC Processor Contains Unchecked Buffer

Impact: Run code of attacker's choice

Effected Software:

  • Windows Media Player 6.4, 7, and 7.1

Microsoft Security Bulletin (MS01-041)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-040)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-039)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-038)

Outlook View Control Exposes Unsafe Functionality

Impact: Run code of attacker's choice via either web page or HTML e-mail.

Effected Software:

  • Outlook 98, 2000, and 2002

Microsoft Security Bulletin (MS01-037)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-036)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-035)

xxxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-034)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-033)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-032)

xxxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-031)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-030)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-029)

Windows Media Player .ASX Processor Contains Unchecked Buffer

Impact: Potentially run code of attacker's choice.

Effected Software:

  • Windows Media Player 6.4 and 7

Microsoft Security Bulletin (MS01-028)

RTF document linked to template can run macros without warning

Impact: Run Macros without warning.

Effected Software:

  • Microsoft Word for Windows
  • Microsoft Word for the Mac

Microsoft Security Bulletin (MS01-027)

Flaws in Web Server Certificate Validation Could Enable Spoofing

Impact of vulnerability: Spoofing of trusted web site.

Affected Software:

  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.5

Microsoft Security Bulletin (MS01-026)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-025)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-024)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-023)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-022)

WebDAV Service Provider Can Allow Scripts to Levy Requests as User

Impact of vulnerability: Web-based script could levy WebDAV requests on the user’s behalf.

Affected Software:

  • Microsoft Windows® 95
  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows Me
  • Microsoft Windows NT® 4.0
  • Microsoft Windows 2000

Microsoft Security Bulletin (MS01-021)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-020)

Incorrect MIME Header Can Cause IE to Execute E-mail Attachment.

If an attacker created an HTML e-mail containing an executable attachment, then modified the MIME header information to specify that the attachment was one of the unusual MIME types that IE handles incorrectly, IE would launch the attachment automatically when it rendered the e-mail.

Effected Software:

  • Microsoft Internet Explorer

Microsoft Security Bulletin (MS01-019)

Passwords for Compressed Folders are Recoverable

Due to a flaw in the package's implementation, the passwords used to protect the compressed folders are recorded in a file on the user's system. If an attacker gained access to an affected machine on which password-protected folders were stored, she could learn the passwords and access the files.

Affected Software:

  • Plus! 98 for Windows 98 & Windows 98SE 
  • Windows Me

Microsoft Security Bulletin (MS01-018)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-017)

Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard

VeriSign, Inc., recently advised Microsoft that on January 30 and 31, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is “Microsoft Corporation”. The ability to sign executable content using keys that purport to belong to Microsoft would clearly be advantageous to an attacker who wished to convince users to allow the content to run.

Affected Software:

  • Microsoft Windows® 95
  • Microsoft Windows 98
  • Microsoft Windows Me
  • Microsoft Windows NT® 4.0
  • Microsoft Windows 2000

Microsoft Security Bulletin (MS01-016)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-015 Rev 2)

IE can Divulge Location of Cached Content

Impact of vulnerability: Run code of attacker's choice, if user visited attacker's web site or opened an HTML e-mail from the attacker. Three other vulnerabilities, of lesser severity and exploitable in more restricted circumstances, also are eliminated by the patches.

Affected Software:

  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.5
  • Microsoft Windows Scripting Host 5.1
  • Microsoft Windows Scripting Host 5.5

Microsoft Security Bulletin (MS01-014)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-013)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

 

Microsoft Security Bulletin (MS01-012)

Outlook, Outlook Express VCard Handler Contains Unchecked Buffer

Outlook Express provides several components that are used both by it and, if installed on the machine, Outlook. One such component, used to process vCards, contains an unchecked buffer in the functionality that processes VCards.

Because the component that contains the flaw ships as part of OE, which itself ships as part of IE, the patch is specified in terms of the version of IE rather than OE or Outlook.

Affected Software:

  • Microsoft Outlook 97
  • Microsoft Outlook 2000
  • Microsoft Outlook Express 5.01
  • Microsoft Outlook Express 5.5

Microsoft Security Bulletin (MS01-011)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

 

Microsoft Security Bulletin (MS01-010)

Patch Available for "Windows Media Player Skins File Download" Vulnerability

Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Windows Media™ Player 7. This vulnerability could potentially enable a malicious user to cause a program of his choice to run on another user’s computer.

Affected Software Versions

  • Microsoft Windows Media Player 7

Microsoft Security Bulletin (MS01-009)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-008)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-007)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-006)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-005)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-004)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-003)

xxx

Software:

  • Windows 98
  • Windows 98SE
  • Windows ME
  • Windows XP 

Impact:

  • Run code of attacker's choice

Microsoft Security Bulletin (MS01-002)

Patch Available for “PowerPoint File Parsing” Vulnerability

Microsoft has released a patch that eliminates a security vulnerability in Microsoft® PowerPoint 2000. The vulnerability could allow a user to construct a PowerPoint file that, when opened, could potentially run code on the reader’s system .

Affected Software Versions

  • Microsoft PowerPoint 2000

Microsoft Security Bulletin (MS01-001)

Patch Available for "Web Client NTLM Authentication" Vulnerability

Microsoft has released a patch that eliminates a security vulnerability in a component that ships with Microsoft® Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a web server.

Affected Software Versions

  • Microsoft Office 2000
  • Microsoft Windows 2000
  • Microsoft Windows Me

Year 2003 Security Bulletins
Year 2002 Security Bulletins
Year 2000 Security Bulletins 
Year 1999 Security Bulletins 
Year 1998 Security Bulletins 

Microsoft Terms of Use

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT  DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR  PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS  SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF  LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

(c) 2001 Microsoft Corporation. All rights reserved. Terms of use.