Microsoft isinvestigating reports of a security issue with Microsoft Windows Internet Name Service (WINS). This security issue affects Microsoft Windows NT Server 4.0, Microsoft Windows NT Server 4.0 Terminal Server Edition, Microsoft Windows 2000 Server, and Microsoft Windows Server 2003. Microsoft Windows 2000 Professional, Microsoft Windows XP, and Microsoft Windows Millennium Edition are not affected by this vulnerability.
By default, WINS is not installed on Windows NT Server 4.0, on Windows NT Server 4.0 Terminal Server Edition, on Windows 2000 Server, or on Windows Server 2003. By default, WINS is installed and running on Microsoft Small Business Server 2000 and on Microsoft Windows Small Business Server 2003. However, by default, on all versions of Microsoft Small Business Server, the WINS component communication ports are blocked from the Internet, and WINS is available only on the local network.
See folowing KB article: How to help protect against a WINS security issue
The Isle of Man government is to use Microsoft Windows as its strategic platform to deliver new and enhanced services to citizens
The Isle of Man government has announced plans to migrate its Unix desktop environment to Microsoft Windows.
The deal follows the government's continued strategic shift away from Unix-based technology to Microsoft, which has already seen the island consolidate its datacentre operation.
The migration will also see the organisation consolidate 200 applications, running on six proprietary operating systems, onto Windows Server 2003.
Full article: Computing
To make it as easy as possible for customers to maintain the security and stability of their Windows 2000 systems, Microsoft will produce an Update Rollup for Windows 2000 Service Pack 4 (SP4), with a planned release in mid-2005.
The Update Rollup will contain all security-related updates produced for Windows 2000 between the time SP4 was released and the time when Microsoft finalizes the contents of the Update Rollup. The Update Rollup will also contain a small number of important non-security updates.
Full article: Windows 2000 Update Rollup Announcement
See also: Frequently Asked Questions About the Windows 2000 Update Rollup Announcement
Jerry Bryant posted this excellent document
with lots of links provided by Microsoft.
Microsoft continues to be committed to building software and services that will help better protect our customers and the industry. Because there is no one solution, our approach to security includes technology innovations to improve the ability to isolate malicious code, improvements in tools and processes for security updates, ongoing work on engineering excellence, and enhancements and improvements for managing user authentication and authorization. This includes improving our tools and training and providing better prescriptive guidance. See Bill. G. executive email
of March 31. Tools
Isolation and Resiliency
Get the Facts:
Guidance and Training
Security Guidance Centers on Microsoft.comRecent Security Guidance Center additions:
Small Business Guidance:
Prescriptive guidance to help provide defence-in-depth security.
- E-Learning Security Training
E-Learning self-paced clinics - 4 Developer and 8 ITPro modules Now available in French, German, Spanish and Japanese
- XP SP2
- Security Guidance Kit CD (now shipping in US and Canada)
CD-ROM with tools, templates, and how-to guides
- Microsoft IT Security Showcase
An insider view into Microsoft's process of deploying, and managing its own enterprise solutions.
- Security Newsletter
Register for our free monthly e-mail newsletter that's packed with security news, guidance, updates, and community resources to help you protect your network.
- Security Program Guide: Events and Training Information
Events, webcasts and training ivailable for both IT Professionals and Developers.
- US Security Summit Keynote and Training Content
- Security Notifications via e-mail
Sign up today to get e-mail alerts when an important security bulletin or virus alert has been released.
- Security Update RSS Feed
- Security Bulletin Search Page
Search on product, technology or KB article
- Security Bulletin Webcast
Join Microsoft experts on the day after bulletin announcements to get the latest information and have the opportunity to ask questions.
- How to Tell If a Microsoft Security-Related Message Is Genuine
- Writing Secure Code, 2nd edition
Best practices for writing secure code and stopping malicious hackers.
- Building and Configuring More Secure Web Sites
Best Practices used at OpenHack.
A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the handling of certain attributes in the <IFRAME>, <FRAME>, and <EMBED> HTML tags. This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in e.g. the "SRC" and "NAME" attributes of the <IFRAME> tag.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been confirmed in the following versions:
- Internet Explorer 6.0 on Windows XP SP1 (fully patched).
- Internet Explorer 6.0 on Windows 2000 (fully patched).
This advisory has been rated "Extremely critical
" as a working exploit has been published on public mailing lists. A variant of the MyDoom
virus is now also exploiting this vulnerability.
The vulnerability does not affect systems running Windows XP with SP2
This issue can occur in the following releases:
- SDK and JRE 1.4.2_05 and earlier, all 1.4.1 and 1.4.0 releases, and 1.3.1_12 and earlier
This issue is addressed in the following releases:
- SDK and JRE 1.4.2_06 and later
Download J2SE v 1.4.2_06 JRE at: Download Java 2 Platform, Standard Edition, v 1.4.2 (J2SE)