|
Internet Security Issues |
It is unaltered.
The Navigator bug, "The Frame-Spoofing Vulnerability", allows a Web
site to view the contents of files in your browser's cache.
To orchestrate this type of attack, the attacker must either:
1. Convince the user to click a link from the attacker's own web site
or
2. Send a decoy email to a JavaScript-enabled mail client, such as
Netscape Messenger, and entice the user to click a hyperlink (presumably
to the targeted site) in that email.
Although a frame-spoofing attack does not require JavaScript to be active to achieve its effects, successful exploitation of this vulnerability does require JavaScript. If JavaScript is not active, a window within the targeted site must already be open on the user's machine when the attacker entices the user to click the hyperlink in the attacking email or on the attacker's web site.
Until Netscape has implemented a fix for this vulnerability in a future version of Navigator, users can protect themselves against its effects by taking the following precautions:
1. Avoid browsing unknown, untrusted sites.
2. Using Communicator 4.5, disable JavaScript in email only through
the following steps:
a. In Communicator, select Preferences from the Edit menu.
b. In the Preferences dialog box, select the Advanced category.
c. Deselect the Enable JavaScript for Mail and News checkbox.
d. Click OK.
Get the details at http://www.netscape.com/products/security/resources/notes.html.
New Browser Bugs More bugs have been discovered in both Microsoft Internet
Explorer 4.01 and Netscape's Navigator. The new IE bug, called "Untrusted
Scripted Paste" or "Cuartango" lets a Web site upload a specific file from
your hard disk (the attacker would have to know the name of the file) if
you submit a form. You can get the patch at:
http://www.microsoft.com/windows/ie/security/paste.asp.
Windows 98 users can also get the fix by visiting the Windows Update
site.
VB6 Installs and Win9x Falls If you install a Visual Basic 6.0 application
and it needs to update system files, it may render your Windows 9x system
unbootable. The problem occurs if you've put your TEMP directory on a different
physical drive from your WINDOWS directory. During the update, Windows
9x deletes the old system files, but is unable to rename the new files
because they aren't on the same physical drive. The solution? Boot into
safe mode (or from a recovery disk) and manually copy the files from your
TEMP drive to the WINDOWS SYSTEM directory.
Note: The following is directly from "Microsoft Security Advisor Program:
Security Bulletin Archives"
at: http://www.microsoft.com/security/bulletins/archive.asp
where you can sign up to recieve these bulletins youself.
It is unaltered.
Anti-virus legend Dr. Vesselin Bontchev confirmed [this] report by showing me an HTML file that exploits the security hole. It's... scary. It's way too easy to exploit, unlike some more obscure security problems you don't have to be a 'rocket scientist' to spread trouble. For that reason, WOW has decided to be quick about warning our readers to get the protective patch before examples of this spread 'in the wild.'
At Microsoft, a team has been working day and night for the last few days to find a fix. Microsoft will be posting that fix in the next few hours.
Let me make this really clear. Every single Office user who also uses Internet Explorer or Outlook 98 or later, MUST INSTALL THIS PATCH. It's only a matter of time before some %$#@! cretin figures out how to exploit this hole. You -- and everyone you know -- needs protection NOW.
There's actually TWO security patches out today. We're particularly concerned with the Word 97 Template patch, but you should get the Forms 2.0 patch as well. More info on both problems below.
Word 97 Template Security Patch:
http://www.microsoft.com/security/bulletins/ms99-002.asp
Microsoft Security Bulletin
http://officeupdate.microsoft.com/downloaddetails/wd97sp.htm
Office Update Download Page
Forms 2.0 Security Patch:
http://officeupdate.microsoft.com/downloaddetails/fm2paste.htm
Office Update Download Page
http://www.microsoft.com/security/bulletins/ms99-001.asp
Microsoft Security Bulletin
Microsoft Security Bulletin (MS99-003)
--------------------------------------
Patch Available for IIS "Malformed FTP List Request" Vulnerability
Originally Posted: February 3, 1999
Summary
=======
Microsoft has released a patch that eliminates a vulnerability in the
Internet Information Server (r) FTP service. This vulnerability could allow
denial of service attacks against the server or, under certain conditions,
could allow arbitrary code to be executed on the server.
A fully supported fix for this problem is available. As detailed below in What Customers Should Do, Microsoft recommends that customers who are at risk from this vulnerability apply the patch.
Issue
=====
The FTP service in IIS has an unchecked buffer in a component that
processes "list" commands. This results in a vulnerability that poses two
threats to safe operation. The first is a denial of service threat; a malformed
"list" request could overflow the buffer causing the server to crash. The
second is more esoteric and would be far more difficult to exploit. A carefully-constructed
"list" request could cause arbitrary code to execute on the server via
a classic buffer overrun technique. Neither variant could be exploited
accidentally.
It is noteworthy that the "list" command is only available to users after they have authenticated to the server. As a result, only users who are authorized to use the server would be able to mount such an attack, and their presence on the server could be logged if the owner of the site chose to do so. However, many sites provide guest accounts, and this could allow a malicious user to attack the server anonymously.
Microsoft has no reports of any customers being affected by this vulnerability.
However, Microsoft is proactively releasing a patch that
corrects the problem.
Affected Software Versions
==========================
The following software versions are affected:
Microsoft Internet Information Server 3.0 and 4.0
What Microsoft is Doing
=======================
On February 3rd, Microsoft released a patch that fixes the problem
identified above. This patch is available for download from the sites listed
below.
Microsoft has sent this security bulletin to customers subscribing to
the Microsoft Product Security Notification Service (see
http://www.microsoft.com/security/services/bulletin.asp
for more information about this free customer service).
Microsoft has published the following Knowledge Base (KB) article on
this issue:
Microsoft Knowledge Base (KB) article Q188348,
Specially-Malformed FTP Requests Can Create Denial of Service
(Note: It might take 24 hours from the original posting of this bulletin
for the KB article to be visible in the Web-based Knowledge Base.)
Microsoft has posted hot fixes to address this problem. Please note
that all
of these patches are designed to be applied atop Windows NT (r) 4.0
SP4.
The URLs below have been word-wrapped for readability.
Fix for X86 version of IIS 3.0:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/ftpls-fix/ftpls3i.exe
- Fix for Alpha version of IIS 3.0:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/ftpls-fix/ftpls3a.exe
- Fix for X86 version of IIS 4.0:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/ftpls-fix/ftpls4i.exe
- Fix for Alpha version of IIS 4.0:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/ftpls-fix/ftpls4a.exe
What customers should do
========================
Microsoft highly recommends that all affected customers download the
patch to protect their computers. The complete URL for each affected software
version is provided above in What Microsoft is Doing.
More Information
================
Please see the following references for more information related to
this issue.
- Microsoft Security Bulletin MS99-003,
Patch Available for IIS "Malformed FTP List Request"
Vulnerability (the Web-posted version of this bulletin),
http://www.microsoft.com/security/bulletins/ms99-003.asp
- Microsoft Knowledge Base (KB) article Q188348,
Specially-Malformed FTP Requests Can Create Denial of
Service,
(Note: It might take 24 hours from the original posting
of this bulletin for the KB article to be visible in the Web-based Knowledge
Base.)
Acknowledgements
================
Microsoft wishes to acknowledge the eEye Digital Security Team for
discovering this vulnerability.
Obtaining Support on this Issue
===============================
This is a supported patch. If you have problems installing this patch
or require technical assistance with this patch, please contact Microsoft
Technical Support. For information on contacting Microsoft Technical Support,
please see
http://support.microsoft.com/support/contact/default.asp
Revisions
=========
- February 3, 1999: Bulletin Created
For additional security-related information about Microsoft products,
please visit http://www.microsoft.com/security
Netscape has recently been alerted to a vulnerability that affects versions of Netscape Navigator on all available platforms that support the use of frames, including versions 2.0 and later. Netscape has verified that this vulnerability does exist, although no customer incidents have been reported to Netscape. Netscape takes all potential security and privacy issues seriously and is currently working on a fix that will be included in a future version of the browser.
A malicious attacker could exploit this vulnerability to make content of the attacker's own creation appear as if it were provided by another web site. In doing so, the attacker could mislead a site visitor into submitting information through a form by leading the user to believe he or she is visiting a trusted web site. The attacker could also make potentially embarrassing information appear on a web site. In doing so, however, the attacker is not actually placing the offending data on the targeted site's server; rather, the attacker makes it appear as if the data is coming from the targeted site.
To orchestrate this type of attack, the attacker must either
Convince the user to click a link from the attacker's own web site or Send a decoy email to a JavaScript-enabled mail client, such as Netscape Messenger, and entice the user to click a hyperlink (presumably to the targeted site) in that email.
Although a frame-spoofing attack does not require JavaScript to be active to achieve its effects, successful exploitation of this vulnerability does require JavaScript. If JavaScript is not active, a window within the targeted site must already be open on the user's machine when the attacker entices the user to click the hyperlink in the attacking email or on the attacker's web site.
Until Netscape has implemented a fix for this vulnerability in a future version of Navigator, users can protect themselves against its effects by taking the following precautions:
1. Avoid browsing unknown, untrusted sites.
2. Using Communicator 4.5, disable JavaScript in email only through
the following steps:
a. In Communicator, select Preferences from the Edit menu.
b. In the Preferences dialog box, select the Advanced category.
c. Deselect the Enable JavaScript for Mail and News checkbox.
d. Click OK.
http://home.netscape.com/products/security/resources/bugs/framespoofing.html
Subject: Microsoft Security Bulletin (MS99-009)
The following is a Security Bulletin from the Microsoft Product Security Notification Service.
Patch Available for "Malformed Bind Request" Vulnerability
Originally Posted: March 16, 1999
Summary
=======
Microsoft has released a patch that eliminates a vulnerability in the
LDAP Bind function for Microsoft (r) Exchange (r) 5.5. The vulnerability
could allow denial of service attacks against an Exchange server or, under
certain conditions, could allow arbitrary code to be run on the server.
A fully supported patch is available, and Microsoft recommends that customers who are at risk from this attack download and install it.
Issue
=====
The Bind function in the Exchange 5.5 Directory Service has an unchecked
buffer that poses two threats to safe operation. The first is a denial
of service threat. A malformed Bind request could overflow the buffer,
causing the Exchange Directory service to crash. The server would not need
to be rebooted, but the Exchange Directory service, and possibly dependent
services as well, would need to be restarted in order to resume messaging
service. The second threat is more esoteric and would be far more difficult
to exploit. A carefully-constructed Bind request could cause arbitrary
code to execute on the server via a classic buffer overrun technique. Neither
attack could occur accidentally.
Customers who are using Exchange but who have turned off LDAP support in the Directory Service are not at risk from this vulnerability. Customers also can reduce their vulnerability to attacks from external sources by filtering incoming packets destined for TCP port 389, the LDAP service port.
Microsoft has no reports of any customers being affected by this vulnerability. However, Microsoft is proactively releasing a patch that corrects the problem.
Affected Software Versions
==========================
Microsoft Exchange Server 5.5
What Microsoft is Doing
=======================
Microsoft has released patches that fix the problem identified. The
patches are available for download from the sites listed below in What
Customers Should Do.
Microsoft also has sent this security bulletin to customers subscribing to the Microsoft Product Security Notification Service. See http://www.microsoft.com/security/services/bulletin.asp for more information about this free customer service.
Microsoft has published the following Knowledge Base (KB) article on
this issue: - Microsoft Knowledge Base (KB) article Q221989, XADM: Buffer
Overrun in Exchange 5.5 LDAP Service, http://support.microsoft.com/support/kb/articles/q221/9/89.asp
(Note: It might take 24 hours from the original posting of this bulletin
for the KB article to be visible in the Web-based Knowledge Base.)
What Customers Should Do
========================
Microsoft highly recommends that customers evaluate the degree of risk
that this vulnerability poses to their systems and determine whether to
download and install the patch. The patch can be found at: - X86-based
Exchange: ftp://ftp.microsoft.com/bussys/exchange/exchange-public/
fixes/Eng
/Exchg5.5/PostSP2/DIR-fix/PSP2DIRI.EXE
- Alpha-based Exchange
ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/
Exchg5.5/PostSP2/DIR-fix/PSP2DIRA.EXE
(Note: The above URLs have been wrapped for readability)
More Information
================
Please see the following references for more information related to
this issue. - Microsoft Security Bulletin MS99-009, Patch Available for
"Malformed Bind Request" Vulnerability (the Web-posted version of this
bulletin), http://www.microsoft.com/security/bulletins/ms99-009.asp.
A WINDOWS Magazine investigation has shown that the recently reported privacy concern with Microsoft's Windows 98 Registration Wizard goes much deeper than previously reported. It's not only possible for any Web site to read information that uniquely identifies you and your PC, but that information can be modified and/or sent to Microsoft without your consent.
Last week, Richard Smith of Phar Lap Software first identified a risk with the Registration Wizard, or RegWiz. (The Phar Lap discussion of this problem is at http://security.pharlap.com/regwiz/index.htm). Windows 98 uses RegWiz to process your product registration form and submit it to a Microsoft server over the Internet. Two identification numbers are generated based on your PC configuration and the data you enter during registration. The first number, called the hardware identification number (HWID), can in most cases uniquely identify the computer. A second number, called the Microsoft ID (MSID), uniquely identifies a user and is placed in a browser cookie for access to services on Microsoft's Web site.
WINDOWS Magazine contributing editor Martin Heller examined the interface to RegWiz and discovered that not only does the control allow the HWID and MSID numbers to be read by any site, it allows them to be changed as well. That means any Web page can alter these identification numbers, and can even do so without your knowledge. A demonstration that uses RegWiz to read and set this information can be found at http://www.winmag.com/web/regwiz.htm.
RegWiz also includes the ability to send a PC's registration information to Microsoft. This can be triggered from any Web page without the user's consent. When this function is used a small window appears that says "Sending the registration information to Microsoft ... Please wait." Other than disconnecting from the Internet, there is no way for a user to stop the transfer once it has started.
In response to the privacy concerns raised by the Registration Wizard, Microsoft has said that they will no longer record the HWID information when a user registers, and will elminate any use of the HWID information that might currently be in their databases. The company also expects to have a utility available within two weeks that deletes the HWID personal registration data from the registry. It is possible to disable RegWiz and remove the information manually by using the Windows 98 registry editor, and we have provided instructions for doing this at http://www.winmag.com/web/regwizoff.htm..
Disabling Microsoft RegWiz
Here's how to protect your privacy by disabling the Windows 98 Registration Wizard and removing your personal information from the registry.
If you've seen the Microsoft RegWiz Privacy Demo you know it's pretty easy for any web site to read or change your private information. This page shows how to disable the Windows 98 Registration Wizard and delete the personal information that RegWiz uses.
NOTE: Some steps of this procedure require you to make modifications to the registry using RegEdit. The registry is vital to the functioning of Windows, so you should exercise care in making changes. If you are not experienced with this tool you should wait for Microsoft's official solution.
Be sure that you save this information so that you can undo your changes in case you encounter problems.
How To Disable RegWiz
Click Start | Run and type in the following command:
regsvr32.exe -u c:\windows\system\regwizc.dll
This will disable the RegWiz control so that it cannot be used. If you later need to re-enable the control, type the same command but substitute -c for -u.
How To Remove Personal Information
If you disable RegWiz as described above, that should be all you need to do. However, you can alternatively leave RegWiz enabled and simply remove or change your personal information in the registry. To do this, click Start | Run and type in RegEdit. Find the following key in the right-hand pane and click on it:
HKEY_LOCAL_MACHINE\Software\Microsoft\User Information
If you have registered this version of Windows, the information you sent to Microsoft (name, address, telephone number) will be shown here. Double-click any item in the right-hand pane to edit its value. According to Microsoft, none of this data is required for Windows 98 to function, so you should be able to change any item here to an empty string.
How To Remove or Change the MSID and HWID
Although the controversial MSID and HWID values are included in the User Information key above, these are not the values that are managed by RegWiz. Instead, it uses the following registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\HWID
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\MSID
If you have RegWiz enabled and use our Microsoft RegWiz Privacy Demo,
you will see these registry values change. As with the User Information,
you can simply set these to empty strings. However, you should record the
original values in case you need to restore the information in the future.
Microsoft has released a patch that eliminates a vulnerability in an ActiveX control that is distributed in Internet Explorer 5 and downloadable for Internet Explorer 4.0. The vulnerability could allow a malicious web site operator to read information that a user had loaded into the control, and it also could allow files with known names to be copied from the user's local hard drive.
A fully supported patch is available to eliminate this vulnerability and Microsoft recommends that affected customers download and install it, if appropriate.
Issue
=====
The DHTML Edit control is an ActiveX control that is distributed with
Internet Explorer 5 and can be downloaded for use in Internet Explorer
4.0. The control enables users to edit HTML text and see a faithful rendition
of how the text would look in the browser. There are two versions of the
control: a more powerful version that cannot be invoked by a web site because
it includes file access and other features, and a "safe for scripting"
version that has restricted functionality and is intended for use by web
sites.
The root cause of the vulnerability lies in the fact that a web site that hosts the "safe for scripting" version of the control is able to upload any data entered into the control. A malicious web site operator could trick a user into entering sensitive data into a DHTML Edit control hosted on a web page from the operator's site, and then upload the data. In addition, if the malicious web site operator knows the name of a file on the user's local drive, it is possible for the operator to programmatically load the file into the control and then upload it.
The patch works by allowing a web site to load data from the control only if it is in the site's domain. While there are no reports of customers being adversely affected by this vulnerability, Microsoft is proactively releasing this patch to allow customers to take appropriate action to protect themselves against it.
Affected Software Versions
==========================
- Microsoft Internet Explorer 5 on Windows 95, Windows 98, and Windows
NT 4.0. Internet Explorer 5 on other platforms is not affected.
- Microsoft Internet Explorer 4.0 on Windows 95, Windows 98 and the x86 version of Windows NT 4.0. Internet Explorer 4.0 on other platforms, including the Alpha version of Windows NT 4.0, is not affected.
Note: The DHTML Edit control is included by default in Internet Explorer 5. It is not included by default in Internet Explorer 4.0, but can be downloaded and installed. Internet Explorer 4.0 customers who are unsure whether they have installed the control should see What Customers Should Do.
What Microsoft is Doing
=======================
Microsoft has released patches that fix the problem identified. The
patches are available for download from the sites listed below in What
Customers Should Do.
Microsoft also has sent this security bulletin to customers subscribing to the Microsoft Product Security Notification Service. See http://www.microsoft.com/security/services/bulletin.asp for more information about this free customer service.
Microsoft has published the following Knowledge Base (KB) article on this issue:
- Microsoft Knowledge Base (KB) article Q226326, Update Available for 'DHTML Edit' Security Issue, http://support.microsoft.com/support/kb/articles/q226/3/26.asp.
(Note: It might take 24 hours from the original posting of this bulletin for the KB article to be visible in the Web-based Knowledge Base.)
What Customers Should Do
========================
Microsoft highly recommends that customers determine whether they are
potentially affected by the vulnerability:
- All copies of Internet Explorer 5 contain the DHTML Edit control, so all Internet Explorer 5 customers are potentially affected by the vulnerability.
- The only Internet Explorer 4.0 users who are potentially affected by the vulnerability are those who have downloaded and installed the DHTML Edit control. If this has been done, the file dhtmled.ocx will be present on the hard drive. By default, this file will be stored in the folder C:\Program Files\Common Files\Microsoft Shared\Triedit\.
Customers who are potentially affected by the vulnerability should evaluate the degree of risk that this vulnerability poses to their systems and determine whether to download and install the patch. The patch can be found at http://www.microsoft.com/windows/ie/security/dhtml_edit.asp.
More Information
================
Please see the following references for more information related to
this issue.
- Microsoft Security Bulletin MS99-011, Patch Available for DHTML Edit
Vulnerability.
(The Web-posted version of this bulletin),
http://www.microsoft.com/security/bulletins/ms99-011.asp.
- Microsoft Knowledge Base (KB) article Q226326,
Update Available for 'DHTML Edit' Security Issue,
http://support.microsoft.com/support/kb/articles/q226/3/26.asp
(Note: It might take 24 hours from the original posting of this bulletin
for the KB article to be visible in the Web-based Knowledge Base.)
(1) QuickTime
QuickTime is the industry standard multimedia architecture used by
software tool vendors and content creators to store, edit, and play synchronized
graphics, sound, video, text, and music.
http://www.updates.com/product_info.asp?ID=851
(2) WinDAC
WinDAC (Digital Audio Copy) is an audio utility that allows you to
copy audio tracks from CDs. This data can be saved as WAV files.
http://www.updates.com/product_info.asp?ID=2081
(3) Internet Explorer 5 "DHTML Edit" Vulnerability Patch
Microsoft has released a patch that eliminates a vulnerability in an
ActiveX control that is distributed in Internet Explorer 5 and downloadable
for Internet Explorer 4.0.
http://www.updates.com/product_info.asp?ID=6043
(4) Internet Explorer 5 MSHTML Update
Microsoft has released an updated version of a component of Internet
Explorer 4.0 and 5. The updated version eliminates three security vulnerabilities.
http://www.updates.com/product_info.asp?ID=6049
*******************************************************************
4. NEWS AND ANNOUNCEMENTS
(1) IMPORTANT! -- Security Patches for Internet Explorer 4 and 5
This week Updates.com features a lot of new security fixes for Internet
Explorer versions 4 and 5. Microsoft has released a patch that eliminates
a vulnerability in an ActiveX control that is distributed in Internet Explorer
5 and downloadable for Internet Explorer 4.0 and an updated version of
a component of Internet Explorer 4 and 5.
http://www.updates.com/news_features.asp?ID=50115
(2) QuickTime 4 Preview Release
QuickTime 4 Preview Release is the latest version of the QuickTime
technology and it is available for Mac and Windows users.
http://www.updates.com/news_features.asp?ID=50117
********************************************************************
5. KYP'S ESSENTIAL DOWNLOADS
1. ICQ 99a Beta v.2.15 Build #1701 (NEW!)
http://www.updates.com/product_info.asp?ID=643
2. WinZip 7.0 SP-1
http://www.updates.com/product_info.asp?ID=4
3. Internet Explorer 5.0
http://www.updates.com/product_info.asp?ID=8
4. WinAmp 2.10
http://www.updates.com/product_info.asp?ID=481
5. Paint Shop Pro 5.01
http://www.updates.com/product_info.asp?ID=163
*******************************************************************
6. TIPS AND TRICKS
Keep Your Registry Clean
When you install, uninstall, and reinstall programs on your computer, registry keys are created, modified, or deleted. Over time, your computer's registry may begin to contain corrupted, unused, and unnecessary registry keys, especially if keys are not removed when you uninstall a program. As a result, you may begin to experience problems when using OLE to embed objects or Automation to control other programs.
The RegClean utility is designed to clean up unnecessary registry entries in your registry. Read the ReadMe.txt file before using RegClean.
http://www.updates.com/product_info.asp?ID=3101
Cross-Frame Security Patch
Microsoft's update patch for Internet Explorer 4.x fixes a problem
in the browser's "cross-frame navigation" feature that could enable a Web
site operator to access your PC files while you browse the Net.
http://www.pcworld.com/r/shw/1%2C2087%2C5485%2C00.html
Microsoft has released a single fix to eliminate two security vulnerabilities in Internet Explorer. The first vulnerability could allow arbitrary code to be run on your computer.
The second vulnerability could allow the local hard drive to be read.
Information on All Available Fixes
See the full list of affected browsers and fixes.
About the "Favorites" Vulnerability
The "Favorites" security update fixes two issues:
Update Available for the "Malformed Favorites Icon" Issue
http://support.microsoft.com/support/kb/articles/q231/4/50.asp
Update Available for "Legacy ActiveX Control" Issue
http://support.microsoft.com/support/kb/articles/q231/4/52.asp
The first issue involves a feature of Internet Explorer 5 that lets you use an icon provided by a web site when you add the site as a Favorite. The vulnerability is that a specially malformed icon could be used to run arbitrary code on your computer, using a security vulnerability called a “buffer overrun”.
The second issue involves an ActiveX control included as part of a previous version of Internet Explorer. This control exists in Internet Explorer 4.0 and Internet Explorer 5, but is not used by either version. The control could be misused to allow a web site to read a local hard drive. This update eliminates the vulnerability by removing the control.
While there are no reports of customers being adversely affected by these vulnerabilities, Microsoft is releasing this fix to allow customers to take appropriate action to protect themselves against them.
Malformed Request
Causes LSA Service to Hang,
http://support.microsoft.com/support/kb/articles/q231/4/57.asp
The patch can be found at:
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40
/hotfixes-postSP5/LSA3-fix/
NOTE: The above URL has been word-wrapped for readability