Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Microsoft Security Bulletin (MS01-005) (fwd)

From: Ben Greenbaum <bgreenbaum () SECURITYFOCUS COM>
Date: Tue, 30 Jan 2001 13:19:08 -0700
---------- Forwarded message ----------
Date: Tue, 30 Jan 2001 11:00:47 -0800
From: Microsoft Product Security <secnotif () MICROSOFT COM>
To: MICROSOFT_SECURITY () ANNOUNCE MICROSOFT COM
Subject: Microsoft Security Bulletin (MS01-005)

The following is a Security  Bulletin from the Microsoft Product Security
Notification Service.

Please do not  reply to this message,  as it was sent  from an unattended
mailbox.
                    ********************************

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------
Title:      Tool and Patch Available to correct Hotfix Packaging
            Anomalies
Date:       30 January 2001
Software:   Windows 2000
Bulletin:   MS01-005
KB Article: Q281767 and Q282784 (available soon)

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/ms01-005.asp
- ----------------------------------------------------------------------

Issue:
======
Microsoft packages all Windows 2000 hotfixes (including security
patches) with a catalog file that lists all of the valid hotfixes
that have been issued to date. The catalog is digitally signed to
ensure its integrity, and Windows File Protection uses the signed
catalog to determine which hotfixes are valid. An error in the
production of the catalog files for English language Windows 2000
Post Service Pack 1 hotfixes made available through December 18, 2000
could, under very unlikely circumstances, cause Windows File
Protection to remove a valid hotfix from a system. The removal of a
hotfix could cause a customer's system to revert to a version of a
Windows 2000 module that contained a security vulnerability.

Windows File Protection will only remove valid hotfixes from a
Windows 2000 system under a very restrictive set of circumstances.
The system administrator would have to have applied multiple hotfixes
in an order other than that in which Microsoft produced and packaged
them. Furthermore, Windows File Protection would only remove hotfixes
from a system if it were run explicitly (by running sfc/scannow for
instance) or triggered by some administrator action (such as
specifying that it be invoked under a group policy).

- ----------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE FOREGOING LIMITATION MAY NOT APPLY.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBOncPX40ZSRQxA/UrAQHpWggApgHJ9yJTncAgNlozveulXNSzCkjg6R2I
1WKqtHRtZ8nY8Kqm6YOmpxsBByQqWUmAQ2Lic/V1tca889b5ngCOZuEmwLRRv14V
ja+lW8qqSQLqihD9MLU0VWFYVy4t6oOmOOdIWkXYrGrGftJMdwG7xPbCWIvRi65D
TBR3iz0J4kChifv1r+EE/ZScn2MS6DSF+xa3F00vvr653ok7Qut6SoAZDiGyytKT
1CwlKyBmYOGTV+jp1ZnQMN+NumKRwklya0N/QqvuhbIp5in+2RZ0yfeQIt+z6YQo
bodyj0e82Vnf9tZAAx044kIL0jUWJRHIKxZmP4hSHXup99Hq3JKOKg==
=iELH
-----END PGP SIGNATURE-----

   *******************************************************************
You have received  this e-mail bulletin as a result  of your registration
to  the   Microsoft  Product  Security  Notification   Service.  You  may
unsubscribe from this e-mail notification  service at any time by sending
an  e-mail  to  MICROSOFT_SECURITY-SIGNOFF-REQUEST () ANNOUNCE MICROSOFT COM
The subject line and message body are not used in processing the request,
and can be anything you like.

To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.

For  more  information on  the  Microsoft  Security Notification  Service
please  visit  http://www.microsoft.com/technet/security/notify.asp.  For
security-related information  about Microsoft products, please  visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.
Previous By Date Next
Previous By Thread Next

Current thread: