Windows 2000 Security Patches Windows 2K Security Patches for 2000
Windows 2000 Security Patches for 2000
12.20.00. The "Indexing Service File Enumeration" patch eliminates a vulnerability in an ActiveX control that ships as part of the Windows 2000 Indexing Service. The vulnerability could allow a malicious web site operator to learn the names and properties of file and folders on the machine of a visiting user.
12.07.00. The "SNMP Parameters" patch includes a tool that corrects the permissions on several registry values in Windows 2000. The default permissions could allow a malicious user to monitor or reconfigure certain devices on a network.
12.05.00. The "Phone Book Service Buffer Overflow" patch eliminates a vulnerability in the Phone Book Service component of Windows 2000 and Windows NT 4 that could allow a malicious user to execute hostile code on a remote server that is running the service.
11.22.00. The "Domain Account Lockout" patch eliminates a vulnerability in Windows 2000 that could allow could allow a malicious user to use repeated attempts to guess an account password even if the domain administrator had set an account lockout policy.
11.03.00. The "ActiveX Parameter Validation" patch eliminates a security vulnerability in Windows 2000 that could enable a malicious user to potentially run code on another user's machine. This is due to an ActiveX control that contains an unchecked buffer.
11.02.00. The "Netmon Protocol Parsing" patch eliminates a security vulnerability in Windows NT and Windows 2000 server products and Systems Management Server that could allow a malicious user to gain control of an affected server.
10.19.00. The "HyperTerminal Buffer Overflow" patch eliminates a security vulnerability in the HyperTerminal application that ships with Windows 98/98 SE, 2000, and ME (Millennium Edition). The vulnerability could, under certain circumstances, allow a malicious user to execute arbitrary code on another user’s system.
10.05.00. The Multiple LPC and LPC Ports Vulnerabilities patch eliminates several security vulnerabilities in Windows NT 4.0 and Windows 2000 which could allow a range of effects, from denial of service attacks to, in some cases, privilege elevation. The following vulnerabilities are addressed by this patch: "Invalid LPC Request" (only affects NT 4.0), "LPC Memory Exhaustion", "Predictable LPC Message Identifier", and a new variant of the previously reported "Spoofed LPC Port Request" vulnerability.
09.30.00. The "Simplified Chinese IME State Recognition" patch eliminates a security vulnerability in Windows 2000 could allow a malicious user to gain complete control over an affected machine due to the IME for Simplified Chinese not correctly recognizing the machine's state. This vulnerability only affects the Simplified Chinese version of Win2000.
09.21.00. The "Windows 2000 Telnet Client NTLM Authentication" patch eliminates a security vulnerability in the Windows 2000 telnet client that could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user. Originally released on 9/15/00 and updated on 9/21/00.
09.12.00. The "Malformed RPC Packet" patch eliminates a security vulnerability that could allow a malicious user to cause a Denial of Service on a Windows 2000 computer when a malicious user sends a particular malformed RPC (Remote Procedure Call) packet.
09.07.00. The "Still Image Service Privilege Escalation" patch eliminates a security vulnerability that could allow a user logged onto a Windows 2000 machine from the keyboard to become an administrator on the machine. This is due to an unchecked buffer that exists in the ‘Still Image Service' on Windows 2000 hosts.
08.28.00. The "Local Security Policy Corruption" patch eliminates a security vulnerability that could allow a malicious user to disrupt operation of an affected machine or even an entire network. Users with Windows 2000 Service Pack 1 installed are already protected against the vulnerability and do not need to take any further action.
08.03.00. The "Service Control Manager Named Pipe Impersonation" patch eliminates a security vulnerability that could allow a user logged onto a Windows 2000 machine from the keyboard to become an administrator on the machine.
07.27.00. The "NetBIOS Name Server Protocol Spoofing" patch eliminates a security vulnerability in a protocol implemented in Microsoft Windows systems that could be used to cause a machine to refuse to respond to requests for service. All editions of Windows NT 4.0 and Windows 2000 are affected by this vulnerability.
07.24.00. The "Telnet Server Flooding" patch eliminates a security vulnerability in the Telnet Server that ships with Windows 2000. This vulnerability could allow a malicious user to prevent an affected machine from providing Telnet services.
06.16.00. The "Desktop Separation" patch eliminates a security vulnerability in Windows 2000 that could allow a malicious user to gain additional privileges on a machine that he could log onto at the keyboard.
06.01.00. The "Protected Store Key Length" patch eliminates a security vulnerability in Windows 2000 that could allow a malicious user who had complete control over a Windows 2000 machine to compromise other users' sensitive information. Updated on July 26, 2000 with a new patch that corrects an error in the original patch.
05.30.00. The "ResetBrowser Frame" patch eliminates a security vulnerability in both Windows 2000 and Windows NT 4.0. The vulnerability could allow a malicious user to shut down browsers on that user's network as a denial of service attack against the browser service, or, in the worst case, to shut down all browsers and declare his machine the new Master Browser.
05.20.00. The "IP Fragment Reassembly" patch eliminates a security vulnerability in all editions of Windows 95, Windows 98, Windows 2000, and Windows NT 4.0. The vulnerability could be used to cause the CPU of an affected machine to devote all of its processing power to reassembling a fragmented stream of data packets, thereby temporarily preventing the computer from performing other tasks.
04.21.00. The "Malformed Environment Variable" patch eliminates a security vulnerability in Windows 2000 and Windows NT 4.0 that could allow a malicious user to make some or all of the memory on an affected server unavailable, potentially slowing or stopping an affected server's response time (i.e. could be used to mount denial of service attacks.)
04.20.00. The "Mixed Object Access" patch eliminates a security vulnerability in Windows 2000 that could (under very specific conditions) allow a malicious user to change information in the Active Directory that he should not be able to change.
03.31.00. The "Malformed TCP/IP Print Request" patch eliminates a security vulnerability in the TCP/IP Printing Services for Windows NT 4.0 and Windows 2000. If this service is installed, the vulnerability could allow a malicious user to disrupt printing services.
