Microsoft releases ISA Server, Windows patches
Takeaway: One of the Microsoft patches Exterminator found this week will interest almost everyone: It affects all versions of Windows and could allow an attacker access to your intranet. Also, check out three issues from Novell and a medium-risk virus warning.
Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.
Microsoft Security Bulletin (MS01-021)
Regarding: ISA Server 2000
Date Posted: April 16, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.
According to Microsoft, if a certain type of Web request exceeds a particular length, the ISA Server Web Proxy service won’t be able to process it. The result is an access violation and failure of the Web Proxy service. You’re particularly vulnerable to this bug if you have the Web Publishing feature enabled, but Microsoft recommends that everyone apply the patch.
Microsoft Security Bulletin (MS01-022)
Regarding: Windows 95 and later
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.
This vulnerability allows an attacker to access a user’s intranet and could allow access to Web-based e-mail by exploiting an implementation flaw in the Microsoft Data Access Component Internet Publishing Provider. The flaw prevents differentiation between requests made directly by the user and those made by a script running in the browser.
Novell issues
Regarding: NetWare 4.2, 5.1, and Small Business Suite 5.1
Date Posted: April 16, 2001
Patch URL:Click here to download.
Information URL:Click here for more information.
This download, called TOOLBOX.NLM, provides a number of utilities designed for use at the server console or through NCF files.
Regarding: ZENworks for Desktops
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.
The new scanner files in this patch enable ZENworks for Desktops 3 Inventory to support the scan of Vendor Specific Asset Information from DMI.
Regarding: GroupWise
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.
This patch fixes a problem with GroupWise Enhancement Pack Client and PumaTech software in which the TO, CC, and BCC fields don’t sync properly.
Regarding: GroupWise, Novell Small Business Suite 5, Novell Small Business Suite 5.1
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.
This patch addresses the same issue as the one above but is designed specifically for GroupWise 5.5 Support Pack 3 or Support Pack 4.
Virus updates from Trend Micro
Virus/Worm: ELF_ADORE.A
Posted: April 16, 2001
Risk: Low
Information URL:Click here for more information on this virus.
Virus/Worm: TROJ_EUTH.152
Posted: April 17, 2001
Risk: Low
Information URL:Click here for more information on this virus.
Virus/Worm: TROJ_MATCHER.A
Posted: April 18, 2001
Risk: Medium
Information URL:Click here for more information on this virus.
Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.
Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.
Microsoft Security Bulletin (MS01-021)
Regarding: ISA Server 2000
Date Posted: April 16, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.
According to Microsoft, if a certain type of Web request exceeds a particular length, the ISA Server Web Proxy service won’t be able to process it. The result is an access violation and failure of the Web Proxy service. You’re particularly vulnerable to this bug if you have the Web Publishing feature enabled, but Microsoft recommends that everyone apply the patch.
Microsoft Security Bulletin (MS01-022)
Regarding: Windows 95 and later
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.
This vulnerability allows an attacker to access a user’s intranet and could allow access to Web-based e-mail by exploiting an implementation flaw in the Microsoft Data Access Component Internet Publishing Provider. The flaw prevents differentiation between requests made directly by the user and those made by a script running in the browser.
Novell issues
Regarding: NetWare 4.2, 5.1, and Small Business Suite 5.1
Date Posted: April 16, 2001
Patch URL:Click here to download.
Information URL:Click here for more information.
This download, called TOOLBOX.NLM, provides a number of utilities designed for use at the server console or through NCF files.
Regarding: ZENworks for Desktops
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.
The new scanner files in this patch enable ZENworks for Desktops 3 Inventory to support the scan of Vendor Specific Asset Information from DMI.
Regarding: GroupWise
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.
This patch fixes a problem with GroupWise Enhancement Pack Client and PumaTech software in which the TO, CC, and BCC fields don’t sync properly.
Regarding: GroupWise, Novell Small Business Suite 5, Novell Small Business Suite 5.1
Date Posted: April 18, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.
This patch addresses the same issue as the one above but is designed specifically for GroupWise 5.5 Support Pack 3 or Support Pack 4.
Virus updates from Trend Micro
Virus/Worm: ELF_ADORE.A
Posted: April 16, 2001
Risk: Low
Information URL:Click here for more information on this virus.
Virus/Worm: TROJ_EUTH.152
Posted: April 17, 2001
Risk: Low
Information URL:Click here for more information on this virus.
Virus/Worm: TROJ_MATCHER.A
Posted: April 18, 2001
Risk: Medium
Information URL:Click here for more information on this virus.
Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.
SponsoredWhite Papers, Webcasts, and Downloads
- The Online Shadow Economy: A Billion Dollar Market For Malware Authors MessageLabs
- Not Just Words: Enforce Your Email and Web Acceptable Usage Policies MessageLabs
- Effectively Securing Small Businesses from Online Threats: Minimizing the Risks Associated with Email, Web, and Instant Message Communications MessageLabs
- Spam Spikes: A Real Risk to Your Business MessageLabs
- The Botnet Threat: Targeting Your Business MessageLabs
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
