Windows 2000 Security Rollup Package 1 Now Available

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/w2ksrp1.asp


Enjoy! *;D

Quote from MS Technet Bulletin:
{QUOTE->
Windows 2000 Security Rollup Package 1 Now Available

Microsoft has released the first Security Rollup Package (SRP) for Microsoft® Windows® 2000. Windows 2000 SRP1 includes the functionality of virtually all Windows 2000 security patches issued since the release of Windows 2000 Service Pack 2 (SP2).

Windows 2000 SRP1 is a small, comprehensive rollup of post-SP2 fixes, and provides an easier mechanism for managing the rollout of security fixes. For more information, please refer to Microsoft Knowledge Base article Q311401 (http://support.microsoft.com/support/kb/articles/Q311/4/01.ASP).

<-QUOTE}

Link to download here: http://www.microsoft.com/windows2000/downloads/critical/q311401/default.asp

The full list of patches delivered in this security rollup package (it was too big to fit in my previous post, for some odd reason):

{QUOTE->
Windows 2000 SRP1 supersedes the patches delivered in the following security bulletins:

Core OS:
MS01-007 (Q285851): Network DDE Agent Requests Can Enable Code to Run in System Context
MS01-011 (Q287397): Malformed Request to Domain Controller can Cause CPU Exhaustion
MS01-013 (Q285156): Windows 2000 Event Viewer Contains Unchecked Buffer
MS01-024 (Q294391): Malformed Request to Domain Controller can Cause Memory Exhaustion
MS01-036 (Q299687): Function Exposed via LDAP over SSL Could Enable Passwords to be Changed
MS01-041 (Q298012): Malformed RPC Request Can Cause Service Failure
MS01-046 (Q252795): Access Violation in Windows 2000 IrDA Driver Can Cause System to Restart
MS02-001 (Q289246): Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data

FrontPage Server Extensions:
MS01-035 (Q300477): FrontPage Server Extension Sub-Component Contains Unchecked Buffer

Hyperterminal:
MS00-079 (Q276471): Hyperterminal Buffer Overflow

Indexing Service:
MS01-025 (Q296185): Index Server Search Function Contains Unchecked Buffer
MS01-033 (Q300972): Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise

Internet Explorer 5.01:
MS01-051 (Q306121): Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone
Note: Only the fix for version 5.01 of Internet Explorer is included in the SRP, as this is the version that shipped with Windows 2000. Patches are available for other versions of IE.

Internet Information Service 5.0:
MS01-004 (Q285985): Malformed .HTR Request Allows Reading of File Fragments
MS01-026 (Q293826): 14 May 2001 Cumulative Patch for IIS
MS01-044 (Q301625): 15 August 2001 Cumulative Patch for IIS

Netmeeting:
MS00-077 (Q273854): Netmeeting Desktop Sharing

NNTP Service:
MS01-043 (Q303984): NNTP Service Contains Memory Leak

SMTP Service:
MS01-037 (Q302755): Authentication Error in SMTP Service Could Allow Mail Relaying

Telnet Service:
MS01-031 (Q299553): Predictable Name Pipes Could Enable Privilege Elevation via Telnet

Terminal Service:
MS01-040 (Q292435): Invalid RDP Data Can Cause Memory Leak in Terminal Services
MS01-052 (Q307454): Invalid RDP Data can Cause Terminal Service Failure

Windows 2000 SRP1 does not supersede the patches delivered in the following security bulletins:

MS01-022 (Q296441): WebDAV Service Provider Can Allow Scripts to Levy Requests as User. This vulnerability involves the Microsoft Data Access Component Internet Publishing Provider, rather than Windows 2000 itself.

Patches for Windows 2000 that were delivered via security bulletins released after MS01-052. These will be included in Windows 2000 SRP2.

For more information about the security rollup and to download the package, click here (http://www.microsoft.com/windows2000/downloads/critical/q311401/default.asp).

<-QUOTE}

Thanks for posting this, javacool.

As for:

{QUOTE-> (it was too big to fit in my previous post, for some odd reason): <-QUOTE}

In order to avoid posts taking up too much space, a character limit has been implemented. No big deal in this case: thanks for splitting!

regards.

paul
*

{QUOTE-> Thanks for posting this, javacool.

As for:


In order to avoid posts taking up too much space, a character limit has been implemented. No big deal in this case: thanks for splitting!

regards.

paul
*



<-QUOTE}

I figured that was the case (and it makes quite a lot of sense).

Be careful installing this update on Terminal Services. See http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0202&L=ntbugtraq&F=P&S=&P=2845