<?xml version="1.0"?>
<BulletinDatastore DataVersion="1.0.1.159" LastDataUpdate="10/24/2001" SchemaVersion="1.0.0.11" LastSchemaUpdate="6/6/2001" ToolVersion="3.2" RevisionHistory=".159 includes Mac IE bulletin and has been revved for toolversion 3.2  .156 includes Win2K patch for 01-052.  .155 includes 01-052 for NT4 TS only.  Win2K patch not released yet. .153 added Windows XP products   .152  added 01-051 and shell32.dll removed from 01-041 due to conflicts with active desktop on NT4">
	<!--Built for Microsoft by Shavlik Technologies.  On the web at: www.shavlik.com-->
	<Bulletins>
		<Bulletin BulletinID="MS98-001" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-001.asp" Title="Disabling Creation of Local Groups on a Domain by Non-Administrative Users " DatePosted="1998/06/01" DateRevised="1999/03/24" Supported="Yes" Summary="" Issue="The ability for non-administrative users to create aliases on the domain could be abused if they create a large number of local groups in the domain and cause the size of the account database to grow without restrictions. Unlimited local group creation could crash the domain controller and lead to excessive network traffic due to the replication of local group information to backup domain controllers." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q169556"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="CREATALS_x86.exe" PatchLocationID="619" SBID="0" SQNumber="Q169556" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-002" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-002.asp" Title="Error Message Vulnerability Against Secured Internet Servers " DatePosted="1998/06/26" DateRevised="1998/07/06" Supported="Yes" Summary="" Issue="Due to the large number of messages needed, a Web site operator could detect an attack through observations such as abnormal network or CPU utilization." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q148427"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="ssl-fixi.exe" PatchLocationID="529" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<AffectedProduct ProductID="71" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="560"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1178"/>
					</RegChgs>
					<AffectedProduct ProductID="35" FixedInSP="4">
						<AffectedServicePack ServicePackID="57"/>
						<AffectedServicePack ServicePackID="58"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-003" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-003.asp" Title="File Access Issue with Windows NT Internet Information Server " DatePosted="1998/07/02" DateRevised="1998/07/08" Supported="Yes" Summary="" Issue="The issue is a result of the way IIS parses file names. The fix involves IIS supporting NTFS alternate data streams by asking Windows NT to make the file name canonical." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q188806"/>
				<QNumber QNumber="Q105763"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="iis3fixi.exe" PatchLocationID="528" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="71" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="iis4fixi.exe" PatchLocationID="528" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<AffectedProduct ProductID="98" FixedInSP="4"/>
					<FileChgs>
						<FileChg FileChangeID="561"/>
						<FileChg FileChangeID="562"/>
						<FileChg FileChangeID="563"/>
						<FileChg FileChangeID="564"/>
						<FileChg FileChangeID="565"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1179"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-004" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-004.asp" Title="Unauthorized ODBC Data Access with RDS and IIS" DatePosted="1998/07/14" DateRevised="1998/07/17" Supported="Yes" Summary="" Issue="The risk of security vulnerability caused by the DataFactory is even greater if newer OLE DB Providers are installed on the server. &quot;Microsoft DataShape Provider&quot; and &quot;Microsoft JET OLE DB provider&quot; (which ship with MDAC 2.0 in Visual Studio? 98) allow shell commands to be executed. If the DataFactory is enabled on such a server, Internet clients can use these providers to execute shell commands, which can potentially bring down the server or otherwise severely affect its performance." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments>
				<BulletinComment CommentID="27"/>
			</BulletinComments>
			<QNumbers>
				<QNumber QNumber="Q184375"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q184375" PatchLocationID="623" SBID="43" SQNumber="Q184375" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="42"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="71" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-005" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-005.asp" Title="Unwanted Data Issue with Office 98 for the Macintosh " DatePosted="1998/07/17" DateRevised="1998/07/17" Supported="Yes" Summary="" Issue="The Mac OS, like many other Operating System (OS) file systems does not erase files when you delete them, it simply removes a reference to them in the disk's catalog, and marks the space they occupied as free. Office 98 does not clear the disk space when the Mac OS allocates it during a File Save operation. Instead, Office 98 simply writes the file contents to the allocated disk space, overwriting any random data that physically existed on the disk. Since the Mac OS allocates the disk space in set chucks, called clusters, the small amount of unused space at the end of the file's last cluster may contain random data from previously deleted files. The data cannot be viewed when opened as a native Office file. However, an ASCII text editor can be used to view the extraneous data.
The chance that sensitive data will be transferred through this bug is unlikely, since multiple unusual scenarios must occur." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers/>
			<Patches>
				<Patch PatchName="98-005" PatchLocationID="624" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="101" FixedInSP="0">
						<AffectedServicePack ServicePackID="132"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-006" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-006.asp" Title="Potential Denial-of-Service in IIS FTP Server due to Passive Connections " DatePosted="1998/07/23" DateRevised="1998/07/23" Supported="Yes" Summary="" Issue="When multiple passive connections are made to a single FTP server through the PASV FTP command, it is possible to use up all available system threads for servicing clients. Once this happens, requests for additional connections will fail as discussed above, and will continue to fail until a client thread is again available. Further, the FTP and WWW services on a computer share a common thread pool, and exhausting the FTP thread pool will also cause a failure in connection requests for the WWW service." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q189262"/>
				<QNumber QNumber="Q181743"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="ftpfix4i.exe" PatchLocationID="527" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="ftpfix3i.exe " PatchLocationID="601" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="71" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-007" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-007.asp" Title="Potential SMTP and NNTP Denial-of-Service Vulnerabilities" DatePosted="1998/07/24" DateRevised="1998/09/09" Supported="Yes" Summary="" Issue="This issue involves a denial of service vulnerability that can potentially be used by someone with malicious intent to unexpectedly cause multiple components of the Microsoft Exchange Server to stop." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q188341"/>
				<QNumber QNumber="Q188369"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="psp2stri.exe" PatchLocationID="525" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="77" FixedInSP="0">
						<AffectedServicePack ServicePackID="79"/>
						<AffectedServicePack ServicePackID="68"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="555"/>
						<FileChg FileChangeID="556"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="psp2imsi.exe" PatchLocationID="609" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="77" FixedInSP="0">
						<AffectedServicePack ServicePackID="79"/>
						<AffectedServicePack ServicePackID="68"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="553"/>
						<FileChg FileChangeID="554"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="MS98-007" PatchLocationID="636" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="35" FixedInSP="58">
						<AffectedServicePack ServicePackID="57"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-008" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-008.asp" Title="Long file name Security Issue affecting Microsoft Outlook 98 and Microsoft Outlook Express 4.x " DatePosted="1998/07/27" DateRevised="1998/09/25" Supported="Yes" Summary="" Issue="When the email client receives a malicious mail or news message that contains an attachment with a very long filename, it could cause the email client to shut down unexpectedly. These very long filenames do not normally occur in mail or news messages, and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious email message to run arbitrary computer code contained in the long string." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers/>
			<Patches>
				<Patch PatchName="outptch2.exe" PatchLocationID="524" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="26" FixedInSP="0">
						<AffectedServicePack ServicePackID="139"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="oelong" PatchLocationID="625" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="83" FixedInSP="21">
						<AffectedServicePack ServicePackID="38"/>
						<AffectedServicePack ServicePackID="77"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-009" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-009.asp" Title="Windows NT Privilege Elevation Attack" DatePosted="1998/07/27" DateRevised="1998/07/27" Supported="Yes" Summary="" Issue="In this attack, a non-administrative user obtains administrative access to the system by virtue of being able to gain debug-level access on a system process." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q190288"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="privfixi.exe" PatchLocationID="614" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="3" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="557"/>
						<FileChg FileChangeID="558"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1176"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-010" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-010.asp" Title="Information on the Back Orifice Program" DatePosted="1998/08/04" DateRevised="1998/08/12" Supported="Yes" Summary="" Issue="It is unclear from the author's statements what &quot;Back Orifice&quot; is intended to do. In the press release that accompanied its release, &quot;Back Orifice&quot; is alternately described as an administrative tool or as something that demonstrates some security vulnerability in the Windows platform.  Potential threads:
Remotely controlling and monitoring a computer running Windows 
Reading everything that the user types at the keyboard 
Capturing images that are displayed on the monitor 
Uploading and downloading files remotely 
Redirecting information to a remote Internet site" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers/>
			<Patches>
				<Patch PatchName="MS98-010" PatchLocationID="626" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-011" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-011.asp" Title="Window.External JScript Vulnerability in Microsoft Internet Explorer 4.0" DatePosted="1998/08/17" DateRevised="1998/08/17" Supported="Yes" Summary="" Issue="Microsoft Internet Explorer 4.0, 4.01, and 4.01 SP1 use the JScript Scripting Engine version 3.1 to process scripts on a Web page. When Internet Explorer encounters a web page that uses JScript script to invoke the Window.External function with a very long string, Internet Explorer could terminate.
Long strings do not normally occur in scripts and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious script message to run arbitrary computer code contained in the long string." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q191200"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="jscript.asp" PatchLocationID="627" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="21">
						<AffectedServicePack ServicePackID="77"/>
						<AffectedServicePack ServicePackID="38"/>
					</AffectedProduct>
					<AffectedProduct ProductID="50" FixedInSP="21">
						<AffectedServicePack ServicePackID="76"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-013" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-013.asp" Title="Internet Explorer Cross Frame Navigate Vulnerability" DatePosted="1998/09/04" DateRevised="1998/10/04" Supported="Yes" Summary="" Issue="The Cross Frame Navigate issue involves a vulnerability in Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for a malicious Web site operator to read the contents of files on your computer. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q168485"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="xframe.asp" PatchLocationID="628" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="21">
						<AffectedServicePack ServicePackID="77"/>
						<AffectedServicePack ServicePackID="38"/>
					</AffectedProduct>
					<AffectedProduct ProductID="50" FixedInSP="21">
						<AffectedServicePack ServicePackID="76"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-015" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-015.asp" Title="Untrusted Scripted Paste Issue in Microsoft Internet Explorer 4.01" DatePosted="1998/10/16" DateRevised="1998/11/18" Supported="Yes" Summary="" Issue="The &quot;Untrusted Scripted Paste&quot; issue involves a vulnerability in Internet Explorer that could allow a malicious web site operator to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for the operator to read the contents of a file on the user's computer if he knows the exact name and path of the targeted file. This could also be used to view the contents of a file on the user's network, if the user has access to it and the malicious operator knows its direct path name" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q169245"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="paste.asp" PatchLocationID="630" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="21">
						<AffectedServicePack ServicePackID="77"/>
						<AffectedServicePack ServicePackID="38"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-016" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-016.asp" Title="Dotless IP Address Issue in Microsoft Internet Explorer 4" DatePosted="1998/10/23" DateRevised="1998/10/23" Supported="Yes" Summary="" Issue="The &quot;Dotless IP Address&quot; issue involves a vulnerability in Internet Explorer that could allow a malicious hacker to circumvent certain Internet Explorer security safeguards. This vulnerability makes it possible for a malicious web site operator to misrepresent the URL of an Internet web site and make it appear as if the machine is on the user's &quot;Local Intranet Zone&quot;. Internet Explorer has the ability to set security settings differently between different zones. By this means, a malicious site could potentially perform actions that had been disabled in the Internet Zone or Restricted Sites Zone, but is permitted in the Local Intranet Zone" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q168617"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="dotless.asp" PatchLocationID="631" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="21">
						<AffectedServicePack ServicePackID="38"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-019" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-019.asp" Title="IIS GET Vulnerability" DatePosted="1998/12/21" DateRevised="1998/12/21" Supported="Yes" Summary="" Issue="This vulnerability involves the HTTP GET method, which is used to obtain information from an IIS web server. Specially-malformed GET requests can create a denial of service situation that consumes all server resources, causing a server to &quot;hang.&quot; In some cases, the server can be put back into service by stopping and restarting IIS; in others, the server may need to be rebooted." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q192296"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="infget4i.exe" PatchLocationID="521" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="5">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="566"/>
						<FileChg FileChangeID="567"/>
						<FileChg FileChangeID="568"/>
						<FileChg FileChangeID="569"/>
						<FileChg FileChangeID="570"/>
						<FileChg FileChangeID="571"/>
						<FileChg FileChangeID="572"/>
						<FileChg FileChangeID="573"/>
						<FileChg FileChangeID="574"/>
						<FileChg FileChangeID="575"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1180"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="infget3i.exe" PatchLocationID="634" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="71" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-018" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-018.asp" Title="Excel CALL Vulnerability" DatePosted="1998/12/10" DateRevised="1998/12/10" Supported="Yes" Summary="" Issue="Excel generates a warning to the user before running macros, including those containing the CALL function, and allows the user to decide whether or not to run them. However, Excel does not generate a warning before executing worksheet functions, and if used in this manner, CALL could be used to call an external DLL without a warning to the user.
An attacker could exploit this functionality by embedding a CALL function within an Excel spreadsheet and sending it to an unwary user. The attacker would be able to control whether the CALL function fired when the victim opened the spreadsheet or when another event occurred." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q196791"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Xl8p9pkg" PatchLocationID="632" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="70" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
					<AffectedProduct ProductID="45" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-020" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-020.asp" Title="Frame Spoof Vulnerability" DatePosted="1998/12/23" DateRevised="1998/12/23" Supported="Yes" Summary="" Issue="This vulnerability exists because Internet Explorer's cross domain protection does not extend to navigation of frames. This makes it possible for a malicious web site to insert content into a frame within another web site's window. If done properly, the user might not be able to tell that the frame contents were not from the legitimate site, and could be tricked into providing personal data to the malicious site. Non-secure (HTTP) and secure (HTTPS) sites are equally at risk from this vulnerability." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q167614"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="spoof.asp" PatchLocationID="635" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="21">
						<AffectedServicePack ServicePackID="38"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-017" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-017.asp" Title="Named Pipes Over RPC Vulnerability" DatePosted="1998/11/19" DateRevised="1998/11/19" Supported="Yes" Summary="" Issue="The underlying problem is the way that Windows NT 4.0 attempts to shut down invalid named pipe RPC connections. An attacker could exploit this problem to create a denial of service condition by opening multiple named pipe connections and sending random data. When the RPC service attempts to close the invalid connections, the service consumes all CPU resources and memory use grows considerably, which may result in the system hanging. This is a denial of service vulnerability only; there is no risk of compromise or loss of data from the attacked system." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q195733"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="nprpcfxi.exe " PatchLocationID="616" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="559"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1177"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-012" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-012.asp" Title="Updates available for Security Vulnerabilities in Microsoft PPTP" DatePosted="1998/08/18" DateRevised="1998/08/18" Supported="Yes" Summary="" Issue="The Microsoft implementation of PPTP uses MS-CHAP for user authentication and Microsoft Point-to-Point Encryption (MPPE) to protect the confidentiality of user data. Potential vulnerabilities addressed by these updates include:
Dictionary attack against the LAN Manager authentication information
Password theft
PPTP server spoofing
Reuse of MPPE session keys" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q154091"/>
				<QNumber QNumber="Q189594"/>
				<QNumber QNumber="Q189595"/>
				<QNumber QNumber="Q189771"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="dun40.exe" PatchLocationID="551" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="pptpfixi.exe" PatchLocationID="551" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="499"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="rrasfixi.exe" PatchLocationID="569" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="3" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="500"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="msdun13.exe" PatchLocationID="570" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS98-014" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ98-014.asp" Title="RPC Spoofing Denial of Service on Windows NT" DatePosted="1998/09/29" DateRevised="1998/09/29" Supported="Yes" Summary="" Issue="It is possible for a malicious attacker to send spoofed RPC datagrams to UDP destination port 135 so that it appears as if one RPC server sent bad data to another RPC server. The second server returns a REJECT packet and the first server (the spoofed server) replies with another REJECT packet creating a loop that is not broken until a packet is dropped, which could take a few minutes. If this spoofed UDP packet is sent to multiple computers, a loop could possibly be created, consuming processor resources and network bandwidth" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q193233"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="snk-fixi.exe" PatchLocationID="201" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="3" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="4">
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="222"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="850"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Snk-fixi.exe" PatchLocationID="205" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="82">
						<AffectedServicePack ServicePackID="81"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="223"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="861"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-001" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-001.asp" Title="Exposure in Forms 2.0 TextBox Control that allows data to be read from user's Clipboard" DatePosted="1999/01/21" DateRevised="1999/01/21" Supported="Yes" Summary="" Issue="A malicious hacker could use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a web site set up by the malicious hacker or opens a HTML email created by the malicious hacker." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q214757"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="fm2paste.exe" PatchLocationID="520" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="70" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
					<AffectedProduct ProductID="26" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
					<AffectedProduct ProductID="75" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
					<AffectedProduct ProductID="76" FixedInSP="0">
						<AffectedServicePack ServicePackID="121"/>
					</AffectedProduct>
					<AffectedProduct ProductID="39" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
					<AffectedProduct ProductID="45" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
					<AffectedProduct ProductID="46" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-002" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-002.asp" Title="Word 97 Template Vulnerability" DatePosted="1999/01/21" DateRevised="1999/01/21" Supported="Yes" Summary="" Issue="A standard safety feature of Word 97 is that it warns users when a document containing macros is opened; however, if that document does not itself contain macros, but rather is linked to a template that does contains macros, no warning is issued. A malicious hacker could exploit this vulnerability to cause malicious macro code to run without warning if a user opens a Word document attached to an email sent by the malicious hacker, or if the user opens a Word document on a web site controlled by the malicious hacker. This malicious macro could possibly be used to damage or retrieve data on a user's system." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q214652"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Wd97SP.EXE" PatchLocationID="519" SBID="5" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="39" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-003" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-003.asp" Title="IIS Malformed FTP List Request Vulnerability" DatePosted="1999/02/03" DateRevised="1999/02/03" Supported="Yes" Summary="" Issue="It is noteworthy that the &quot;list&quot; command is only available to users after they have authenticated to the server. As a result, only users who are authorized to use the server would be able to mount such an attack, and their presence on the server could be logged if the owner of the site chose to do so. However, many sites provide guest accounts, and this could allow a malicious user to attack the server anonymously." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q188348"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="ftpls3i.exe" PatchLocationID="515" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="71" FixedInSP="5">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="580"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1184"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="ftpls4i.exe" PatchLocationID="517" SBID="0" SQNumber="Q188348" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="5">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="577"/>
						<FileChg FileChangeID="578"/>
						<FileChg FileChangeID="579"/>
						<FileChg FileChangeID="581"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1183"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-007" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-007.asp" Title="Taskpads Scripting Vulnerability" DatePosted="1999/02/22" DateRevised="1999/02/22" Supported="Yes" Summary="" Issue="A vulnerability exists because certain methods provided by Taskpads are incorrectly marked as &quot;safe for scripting&quot; and can be misused by a web site operator to invoke executables on a visiting user's workstation without their knowledge or permission." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q218619"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="tmcpatch.exe" PatchLocationID="512" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="72" FixedInSP="0">
						<AffectedServicePack ServicePackID="117"/>
					</AffectedProduct>
					<AffectedProduct ProductID="74" FixedInSP="0">
						<AffectedServicePack ServicePackID="119"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="itmcpatch.exe" PatchLocationID="513" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="73" FixedInSP="0">
						<AffectedServicePack ServicePackID="118"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-010" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-010.asp" Title="File Access Vulnerability in Personal Web Server" DatePosted="1999/03/26" DateRevised="1999/03/26" Supported="Yes" Summary="" Issue="This vulnerability allows a file request that uses a non-standard URL to bypass the server's normal file access controls. The file must be specifically requested by name, so the requester would need to know the name of the file or correctly guess it. The vulnerability would allow files on the server to be read, but not changed or deleted, and would not allow new files to be written to the server." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q216453 (FP98)"/>
				<QNumber QNumber="Q217765 (FP97)"/>
				<QNumber QNumber="Q217763"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Pwssecup.exe" PatchLocationID="606" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="98" FixedInSP="0">
						<AffectedServicePack ServicePackID="129"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="fppws98.exe" PatchLocationID="604" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="100" FixedInSP="0"/>
				</Patch>
				<Patch PatchName="Q217765" PatchLocationID="607" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="99" FixedInSP="0">
						<AffectedServicePack ServicePackID="130"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-005" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-005.asp" Title="BackOffice Server 4.0 Does Not Delete Installation Setup File" DatePosted="1999/02/12" DateRevised="1999/02/12" Supported="Yes" Summary="" Issue="When a user chooses to install SQL Server, Exchange Server or Microsoft Transaction Server as part of a BackOffice 4.0 installation, the BackOffice installer program requests the name and password for the accounts associated with these services. Specifically, it asks for the account name and password for the SQL Executive Logon account, the Exchange Services Account, and the MTS Remote Administration Account. These values are stored in %systemdrive&gt;\Program Files\Microsoft Backoffice\Reboot.ini, and used to install the associated services. 
BackOffice Server does not erase this file when the installation process is completed. This is true regardless of whether the installation process completes successfully or unsuccessful" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments>
				<BulletinComment CommentID="28"/>
			</BulletinComments>
			<QNumbers>
				<QNumber QNumber="Q217004"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q217004" PatchLocationID="642" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="102" FixedInSP="0"/>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-004" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-004.asp" Title="Authentication Processing Error in Windows NT 4.0 Service Pack 4" DatePosted="1999/02/08" DateRevised="1999/02/08" Supported="Yes" Summary="" Issue="The logic error in Service Pack 4 incorrectly allows a null &quot;NT hash&quot; value to be used for authentication from Windows NT systems. The result is that if a user account's password was last changed from a DOS, Windows 3.1, Windows for Workgroups, OS/2 or Macintosh client, a user can logon into that account from a Windows NT system using a blank password.By far the most likely machines to be affected by this vulnerability would be domain controllers running Windows NT 4.0 SP 4, in networks that contain any of the downlevel clients listed above. However, any server or workstation running Windows NT 4.0 SP 4 that contains a SAM database with active users who communicate from downlevel clients would be vulnerable to this problem." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q214840"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="msv-fixi.exe " PatchLocationID="78" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="2" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="19"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="582"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-006" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-006.asp" Title="Windows NT Known DLLs List Vulnerability" DatePosted="1999/02/19" DateRevised="1999/03/05" Supported="Yes" Summary="" Issue="In Windows NT, core operating system DLLs are kept in virtual memory and shared between the programs running on the system. This is done to avoid having redundant copies of the DLLs in memory, and improves memory usage and system performance. When a program calls a function provided by one of these DLLs, the operating system references a data structure called the KnownDLLs list to determine the location of the DLL in virtual memory. The Windows NT security architecture protects in-memory DLLs against modification, but by default it allows all users to read from and write to the KnownDLLs list. This is the root problem underlying the vulnerability.A user can programmatically load into memory a malicious DLL that has the same name as a system DLL, then change the entry in the KnownDLLs list to point to the malicious copy. From that point forward, programs that request the system DLL will instead be directed to the malicious copy. When called by a program with sufficiently high privileges, it could take any desired action, such as adding the malicious user to the Administrators group.It is important to understand that the user must able to run exploitation code on a machine in order to elevate their privileges. There are two types of machines at risk:Machines that allow non-administrative users to interactively log on. Workstation and terminal servers typically do allow this, but, per standard security practices, most other servers only allow administrators to interactively log on." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q218473"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="Smss-fixi" PatchLocationID="86" SBID="" SQNumber="" NoReboot="0">
					<AffectedProduct ProductID="2" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1185"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="68"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="placeholder" PatchLocationID="706" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0"/>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-008" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-008.asp" Title="Windows NT Screen Saver Vulnerability" DatePosted="1999/03/12" DateRevised="1999/03/12" Supported="No" Summary="" Issue="Windows NT provides a screen saver feature, in which a user-selected screen saver program is run when the machine has been idle for a specified length of time. Windows NT initially launches a screen saver in the local system context, then immediately changes its security context to match that of the user. However, Windows NT does not check whether this context change was successfully made. This is the underlying problem in this vulnerability. If the context change can be made to fail, the screen saver will remain running in a highly-privileged state. The risk is that a malicious user could develop a screen saver program that, for example, uses the elevated privileges to add the author to the Administrators group.It is important to understand that the user must able to run exploitation code on a machine in order to elevate their privileges." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q221991"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="ScrnSav-fix" PatchLocationID="86" SBID="" SQNumber="" NoReboot="0">
					<AffectedProduct ProductID="2" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="5">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="27"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="65"/>
						<FileChg FileChangeID="67"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="placeholder" PatchLocationID="706" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="81"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-009" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-009.asp" Title="Malformed Bind Request Vulnerability" DatePosted="1999/03/16" DateRevised="1999/03/16" Supported="Yes" Summary="" Issue="The Bind function in the Exchange 5.5 Directory Service has an unchecked buffer that poses two threats to safe operation. The first is a denial of service threat. A malformed Bind request could overflow the buffer, causing the Exchange Directory service to crash. The server would not need to be rebooted, but the Exchange Directory service, and possibly dependent services as well, would need to be restarted in order to resume messaging service. The second threat is more esoteric and would be far more difficult to exploit. A carefully-constructed Bind request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither attack could occur accidentally." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q221989"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="PSP2DIRI.EXE" PatchLocationID="510" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="35" FixedInSP="0">
						<AffectedServicePack ServicePackID="59"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="475"/>
						<FileChg FileChangeID="476"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-013" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-013.asp" Title="File Viewers Vulnerability" DatePosted="1999/05/07" DateRevised="1999/05/19" Supported="Yes" Summary="" Issue="Microsoft Site Server and Internet Information Server include tools that allow web site visitors to view selected files on the server. These are installed by default under Site Server, but must be explicitly installed under IIS. These tools are provided to allow users to view the source code of sample files as a learning exercise, and are not intended to be deployed on production web servers. The underlying problem in this vulnerability is that the tools do not restrict which files a web site visitor can view." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q231368"/>
				<QNumber QNumber="Q231656"/>
				<QNumber QNumber="Q232449"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="fix2450i.exe" PatchLocationID="507" SBID="0" SQNumber="Q232449" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1187"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="viewfixi.exe" PatchLocationID="648" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="63" FixedInSP="66">
						<AffectedServicePack ServicePackID="63"/>
						<AffectedServicePack ServicePackID="64"/>
						<AffectedServicePack ServicePackID="65"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-015" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-015.asp" Title="Malformed Help File Vulnerability" DatePosted="1999/05/17" DateRevised="1999/05/17" Supported="Yes" Summary="" Issue="The Windows Help utility parses and displays help information for applications. The help information is contained in files of several types that are generated by the Help Compiler (part of the AppWizard utility), and is stored by default in the WINNT\help folder. By default, users can write to this folder. An unchecked buffer exists in the Help utility, and a help file that has been carefully modified could be used to execute arbitrary code on the local machine via a classic buffer overrun technique. Because the Help Compiler's output files do not generate the specific malformation at issue here, this vulnerability could not be accidentally exploited." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q231605"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="winhlp-i.exe" PatchLocationID="81" SBID="0" SQNumber="Q231605" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="2" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="43"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="15"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-016" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-016.asp" Title="Malformed Phonebook Entry  Vulnerability" DatePosted="1999/05/20" DateRevised="1999/05/20" Supported="Yes" Summary="" Issue="The component of the RAS client that processes phonebook entries has an unchecked buffer. This results in a vulnerability that poses two threats to safe operation. The first is a denial of service threat; a malformed phonebook entry could overflow the buffer, causing the RAS client service to crash. The second is more esoteric and would be far more difficult to exploit. A carefully-constructed phonebook entry could cause arbitrary code to execute on the client via a classic buffer overrun technique. Neither variant could be exploited accidentally.It is important to stress that the vulnerability affects RAS client machines, not RAS servers, and that the user must have permission to add or modify phonebook entries in order to mount the attack. (Permissions can be set via the phonebook's ACL). The machines primarily at risk from this vulnerability are workstations that are configured to dial out to other systems, because servers, including terminal servers, are not typically configured to act as RAS clients. It also is important to note that this vulnerability would affect only the local machine; there is no capability to directly attack a remote machine via this vulnerability." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q230677"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="rasffixi.exe" PatchLocationID="83" SBID="0" SQNumber="Q230677" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="2" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="31"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="834"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-017" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-017.asp" Title="RAS and RRAS Password Vulnerability" DatePosted="1999/05/27" DateRevised="1999/05/27" Supported="Yes" Summary="" Issue="When the client software for Microsoft RAS or RRAS is used to dial into a server, a dialogue requests the user's userid and password for the server. On the same dialogue is a checkbox whose caption reads &quot;;Save password&quot;; and which is intended to provide the user with the option to cache their security credentials if desired. However, the implemented client functionality actually caches the user's credentials regardless of whether the checkbox is selected or de-selected.Cached security credentials, which include the password, are stored and encrypted in the registry and protected by ACLs whose default values authorize only local administrators and the owner of the credentials to access them. Windows NT 4.0 Service Pack 4 also provides the ability to strongly encrypts the password data stored in the registry using the SYSKEY feature" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q230681"/>
				<QNumber QNumber="Q233303"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="raspassword-fix" PatchLocationID="82" SBID="0" SQNumber="Q230681" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="2" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="92"/>
						<FileChg FileChangeID="835"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1188"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="rpwdfixi.exe" PatchLocationID="650" SBID="0" SQNumber="Q233303" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="3" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-020" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-020.asp" Title="Malformed LSA Request Vulnerability" DatePosted="1999/06/23" DateRevised="1999/07/20" Supported="Yes" Summary="" Issue="Windows NT provides the ability to manage user privileges programmatically via the Local Security Authority (LSA) API. The API allows a program to query user names, modify privileges, and change other elements of the security policy, subject to the program's authorizations. Calls to the LSA API can be made from either the local machine or remotely via RPC.Certain API methods do not correctly handle certain types of invalid arguments. The vulnerability is a denial of service threat only, and service can be restored by restarting the machine. There is no capability to use this vulnerability to obtain unauthorized services from LSA." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q231457"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="lsareqi.exe" PatchLocationID="663" SBID="0" SQNumber="Q231457" NoReboot="0">
					<AffectedProduct ProductID="3" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="39"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="87"/>
						<FileChg FileChangeID="129"/>
					</FileChgs>
					<PatchComments/>
				</Patch>
				<Patch PatchName="placeholder" PatchLocationID="706" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-021" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-021.asp" Title="CSRSS Worker Thread Exhaustion Vulnerability" DatePosted="1999/06/23" DateRevised="1999/06/23" Supported="Yes" Summary="" Issue="If all worker threads in CSRSS.EXE are occupied awaiting user input, no other requests can be serviced, effectively causing the server to hang. When user input is provided, processing returns to normal." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q233323"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="csrssfxi.exe" PatchLocationID="505" SBID="0" SQNumber="Q233323" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="1" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="601"/>
						<FileChg FileChangeID="602"/>
						<FileChg FileChangeID="603"/>
						<FileChg FileChangeID="604"/>
						<FileChg FileChangeID="605"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1195"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-023" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-023.asp" Title="Malformed Image Header Vulnerability" DatePosted="1999/06/30" DateRevised="1999/06/30" Supported="Yes" Summary="" Issue="If an executable file with a specially-malformed image header is executed, it will cause a system failure. The affected machine will need to be rebooted in order to place it back in service. Any work that was in progress when the machine crashed could be lost." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q234557"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="krnlifxi.exe" PatchLocationID="666" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="55"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="97"/>
						<FileChg FileChangeID="98"/>
					</FileChgs>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="placeholder" PatchLocationID="706" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="81"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-024" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-024.asp" Title="Unprotected IOCTLs Vulnerability" DatePosted="1999/07/06" DateRevised="1999/07/06" Supported="Yes" Summary="An unprivileged program can disable the local mouse or keyboard on a server or workstation, and disable the console mouse or keyboard on a terminal server." Issue="On a terminal server, such a program could disable the keyboard and mouse on the console." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q236359"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="ioctlfxi.exe" PatchLocationID="74" SBID="0" SQNumber="Q236359" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="59"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="131"/>
						<FileChg FileChangeID="132"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="placeholder" PatchLocationID="706" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="82"/>
					</AffectedProduct>
				</Patch>
			</Patches>
			<BulletinComments/>
		</Bulletin>
		<Bulletin BulletinID="MS99-025" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-025.asp" Title="Unauthorized Access to IIS Servers through ODBC Data Access with RDS" DatePosted="1999/07/17" DateRevised="1999/07/23" Supported="Yes" Summary="" Issue="The RDS DataFactory object, a component of Microsoft Data Access Components (MDAC), exposes unsafe methods. When installed on a system running Internet Information Server 3.0 or 4.0, the DataFactory object may permit an otherwise unauthorized web user to perform privileged actions, including:
Allowing unauthorized users to execute shell commands on the IIS system as a privileged user. 
On a multi-homed Internet-connected IIS system, using MDAC to tunnel SQL and other ODBC data requests through the public connection to a private back-end network. 
Allowing unauthorized accessing to secured, non-published files on the IIS system." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments>
				<BulletinComment CommentID="27"/>
			</BulletinComments>
			<QNumbers>
				<QNumber QNumber="Q184375"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q184375" PatchLocationID="623" SBID="0" SQNumber="Q184375" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="71" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-026" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-026.asp" Title="Malformed Dialer Entry Vulnerability" DatePosted="1999/07/29" DateRevised="1999/07/29" Supported="Yes" Summary="" Issue="Dialer.exe has an unchecked buffer in the portion of the program that processes the dialer.ini file. This vulnerability could be used to run arbitrary code via a classic buffer overrun technique.The circumstances of this vulnerability require a fairly complicated attack scenario that limits its scope. Dialer.exe runs in the security context of the user, so it would not benefit an attacker to simply modify a dialer.ini file and run it, as he or she would not gain additional privileges. Instead, the attacker would need to modify the dialer.ini file of another user who had higher privileges, then wait for that user to run Dialer.Although the unchecked buffer is present in all versions of Windows NT 4.0, the attack scenario would result in workstations that have dial-out capability being chiefly at risk. The FAQ discusses this in greater det" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q237185"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="dialrfxi.exe" PatchLocationID="207" SBID="0" SQNumber="Q237185" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="3" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="894"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="621"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="placeholder" PatchLocationID="706" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="82"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-027" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-027.asp" Title="Encapsulated SMTP Address Vulnerability" DatePosted="1999/08/06" DateRevised="1999/08/06" Supported="Yes" Summary="" Issue="Exchange Server implements features designed to defeat &quot;mail relaying&quot;, a practice in which an attacker causes an e-mail server to forward mail from the attacker, as though the server were the sender of the mail. However, a vulnerability exists in this feature, and could allow an attacker to circumvent the anti-relaying features in an Internet-connected Exchange Server.
The vulnerability lies in the way that site-to-site relaying is performed via SMTP. Encapsulated SMTP addresses could be used to send mail to any desired e-mail address." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q237927"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="psp2imci.zip" PatchLocationID="503" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="35" FixedInSP="0">
						<AffectedServicePack ServicePackID="59"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-028" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-028.asp" Title="Terminal Server Connection Request Flooding Vulnerability" DatePosted="1999/08/09" DateRevised="1999/08/09" Supported="Yes" Summary="" Issue="When a request to open a new terminal connection is received by a Terminal Server, the server undertakes a resource-intensive series of operations to prepare for the connection. It does this before authenticating the request. This would allow an attacker to mount a denial of service attack by levying a large number of bogus connection requests and consuming all memory on the Terminal Server. This vulnerability could be exploited remotely if connection requests are not filtered. In extreme cases, the server could crash in the face of such an attack; in other cases, normal processing would return when the attack ceased. The patch works by causing the server to require authentication before processing the connection request." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q228724"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="tsmemfxi.exe" PatchLocationID="209" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="82"/>
						<AffectedServicePack ServicePackID="83"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="229"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="899"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-029" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-029.asp" Title="Malformed HTTP Request Header Vulnerability" DatePosted="1999/08/11" DateRevised="1999/08/16" Supported="Yes" Summary="" Issue="If multiple HTTP requests containing specially-malformed headers are sent to an affected server, IIS may consume all memory on the server. If this happens, IIS would be unable to service requests until either the clients that issued the requests were closed, or the IIS service were stopped and restarted. Once either of these actions have occurred, normal service would be restored." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q238349"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="vdext4i.exe" PatchLocationID="502" SBID="28" SQNumber="Q238606" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="6">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="583"/>
						<FileChg FileChangeID="584"/>
						<FileChg FileChangeID="585"/>
						<FileChg FileChangeID="586"/>
						<FileChg FileChangeID="761"/>
						<FileChg FileChangeID="762"/>
						<FileChg FileChangeID="763"/>
						<FileChg FileChangeID="764"/>
						<FileChg FileChangeID="765"/>
						<FileChg FileChangeID="766"/>
						<FileChg FileChangeID="767"/>
						<FileChg FileChangeID="768"/>
						<FileChg FileChangeID="769"/>
						<FileChg FileChangeID="770"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1186"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-031" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-031.asp" Title="Virtual Machine Sandbox Vulnerability" DatePosted="1999/08/25" DateRevised="1999/09/08" Supported="Yes" Summary="" Issue="The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.0 and Internet Explorer 5.0 contains a security vulnerability that could allow a Java applet to operate outside the bounds set by the sandbox and take any desired action on the user's computer. If such an applet were hosted on a web site, it could act against the computer of any user who visited the site." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q240346"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="msjavx86.exe" PatchLocationID="342" SBID="0" SQNumber="Q240346" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="12"/>
					</PatchComments>
					<AffectedProduct ProductID="36" FixedInSP="0">
						<AffectedServicePack ServicePackID="100"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
					</AffectedProduct>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
					<AffectedProduct ProductID="50" FixedInSP="0">
						<AffectedServicePack ServicePackID="76"/>
						<AffectedServicePack ServicePackID="38"/>
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="828"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-034" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-034.asp" Title="Fragmented IGMP Packet Vulnerability" DatePosted="1999/09/03" DateRevised="1999/09/09" Supported="Yes" Summary="" Issue="By sending fragmented IGMP packets to a Windows 95, 98 or Windows NT 4.0 machine, it is possible to disrupt the normal operation of the machine. This vulnerability primarily affects Windows 95 and 98 machines. Depending on a variety of factors, sending such packets to a Windows 95 or 98 machine may elicit behavior ranging from slow performance to crashing.Windows NT contains the same vulnerability, but other system mechanisms compensate and make it much more difficult to mount a successful attack." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q238329"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="igmpfixi.exe" PatchLocationID="672" SBID="0" SQNumber="Q238329" NoReboot="0">
					<AffectedProduct ProductID="3" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="67"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="130"/>
					</FileChgs>
					<PatchComments/>
				</Patch>
				<Patch PatchName="Igmpfixi.exe" PatchLocationID="672" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="8">
						<AffectedServicePack ServicePackID="82"/>
						<AffectedServicePack ServicePackID="83"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="622"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1198"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="238453US5.exe" PatchLocationID="674" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="45"/>
					</PatchComments>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="238453US8.EXE" PatchLocationID="675" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="45"/>
					</PatchComments>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-036" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-036.asp" Title="Windows NT 4.0 Does Not Delete Unattended Installation File" DatePosted="1999/09/10" DateRevised="1999/09/10" Supported="Yes" Summary="" Issue="When an unattended installation of Windows NT 4.0 is performed, the installation parameters are included in a file named Unattend.txt. A vulnerability exists because the installation process copies the parameter file to a file in %windir%\system32 ($winnt$.inf for a normal unattended installation, or $nt4pre$.inf if Sysprep was used) but does not delete it when the installation completes. By default, this file can be read by any user who can perform an interactive logon. If sensitive information such as account passwords were provided in the installation parameters file, the information could be compromised" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q155197"/>
				<QNumber QNumber="Q158484"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="MS99-036" PatchLocationID="618" SBID="0" SQNumber="Q155197" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="41"/>
					</PatchComments>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
						<AffectedServicePack ServicePackID="82"/>
						<AffectedServicePack ServicePackID="83"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-038" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-038.asp" Title="Spoofed Route Pointer Vulnerability" DatePosted="1999/09/20" DateRevised="1999/09/20" Supported="Yes" Summary="" Issue="Windows NT 4.0 Service Pack 5 introduced the ability to disable source routing on a multi-homed Windows NT machine that acts as a router. However, even if source routing is disabled, it is possible to bypass it by including a specific type of incorrect information within the route pointer in the data packet. Windows 95 and 98 also provide this capability, and are affected by the same vulnerability. The patch restores correct operation to the anti-source routing feature. In addition, it provides additional functionality that enables source routing to be disabled on single-homed machines and on multi-homed machines that are not used as routers." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q240382"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="ipsrfixi.exe" PatchLocationID="212" SBID="0" SQNumber="Q238453" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="7">
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="230"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="911"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-039" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-039.asp" Title="Domain Resolution and FTP Download Vulnerabilities" DatePosted="1999/09/23" DateRevised="1999/09/30" Supported="Yes" Summary="" Issue="IIS 4.0 provides the ability to restrict access to a web site based on the user's domain. However, if IIS cannot resolve a user's IP address to a domain, it will grant the user's first request for a session. It will correctly deny them thereafter. This vulnerability affects IIS 4.0 only; it does not any other Microsoft product, including MCIS. 
A user who accesses an FTP site via a browser will be able to download files even if they are marked No Access. This vulnerability is due to a regression error that was introduced in hotfixes released after Windows NT 4.0 Service Pack 5; it does not exist in SP5 or in previous versions. This vulnerability affects both IIS 4.0 and MCIS 2.5, but no other Microsoft products." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q241805"/>
				<QNumber QNumber="Q241562"/>
				<QNumber QNumber="Q241407"/>
				<QNumber QNumber="Q242559"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="iprftp4i.exe" PatchLocationID="493" SBID="9" SQNumber="Q241805" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="538"/>
						<FileChg FileChangeID="539"/>
						<FileChg FileChangeID="541"/>
						<FileChg FileChangeID="543"/>
						<FileChg FileChangeID="544"/>
						<FileChg FileChangeID="545"/>
						<FileChg FileChangeID="549"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1175"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q242559.exe" PatchLocationID="494" SBID="9" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="68" FixedInSP="0">
						<AffectedServicePack ServicePackID="113"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-041" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-041.asp" Title="RASMAN Security Descriptor Vulnerability" DatePosted="1999/09/30" DateRevised="1999/09/30" Supported="Yes" Summary="The vulnerability could enable a user to execute arbitrary code on a Windows NT machine under certain conditions." Issue="A malicious user could substitute arbitrary code for the legitimate service, which then would run in a System Context." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q242294"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="fixrasi.exe" PatchLocationID="213" SBID="0" SQNumber="Q242294" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
						<AffectedServicePack ServicePackID="83"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="placeholder" PatchLocationID="706" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
				</Patch>
			</Patches>
			<BulletinComments/>
		</Bulletin>
		<Bulletin BulletinID="MS99-045" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-045.asp" Title="Virtual Machine Verifier Vulnerability" DatePosted="1999/10/21" DateRevised="1999/11/02" Supported="Yes" Summary="" Issue="The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.0 and Internet Explorer 5.0 contains a security vulnerability in the bytecode verifier that could allow a Java applet to operate outside the bounds set by the sandbox. If hosted on a web site, it could cause any action to be taken on the computer of a visiting user that the user himself could take. This could include, for example, creating, deleting or modifying files, sending data to or receiving data from a web site, or reformatting the hard drive." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q244283"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="msjavx86.exe" PatchLocationID="342" SBID="35" SQNumber="Q244283" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="12"/>
					</PatchComments>
					<AffectedProduct ProductID="36" FixedInSP="0">
						<AffectedServicePack ServicePackID="100"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
					</AffectedProduct>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
					<AffectedProduct ProductID="50" FixedInSP="0">
						<AffectedServicePack ServicePackID="76"/>
						<AffectedServicePack ServicePackID="38"/>
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="829"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-046" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-046.asp" Title="Improve TCP Initial Sequence Number Randomness" DatePosted="1999/10/22" DateRevised="1999/12/23" Supported="Yes" Summary="" Issue="The ISNs used in TCP/IP sessions should be as random as possible in order to prevent attacks such as IP address spoofing and session hijacking. This patch improves the randomness of the Windows NT 4.0 TCP/IP ISN generation, providing 15 bits of entropy." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q243835"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="q243835sp5i.exe" PatchLocationID="552" SBID="0" SQNumber="Q243835" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="624"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1200"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q243835i.exe" PatchLocationID="553" SBID="57" SQNumber="Q243835" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1201"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="861"/>
						<FileChg FileChangeID="863"/>
						<FileChg FileChangeID="865"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="Q243835i.EXE" PatchLocationID="683" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="82"/>
						<AffectedServicePack ServicePackID="83"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="623"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1199"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-047" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-047.asp" Title="Malformed Spooler Request Vulnerability" DatePosted="1999/11/04" DateRevised="1999/11/04" Supported="Yes" Summary="" Issue="Certain APIs in the Windows NT 4.0 print spooler subsystem have unchecked buffers. If an affected API were provided with random data as input, it could crash the print spooler service. If it were provided with a specially-malformed argument, it could be used to run arbitrary code on the server via a classic buffer overrun attack. The majority of the affected APIs require the caller to be a member of the Power Users or Administrators group; however, at least one is callable by normal users. None of the calls could be made by anonymous users, but the calls could be made remotely.A second vulnerability exists because incorrect permissions would allow a normal user to specify his or her own code as a print provider. Because print providers run in a local System context, this would allow the user to gain additional privileges on the local machine. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q243649"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="Q243649.exe" PatchLocationID="87" SBID="57" SQNumber="Q243649" NoReboot="0">
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="866"/>
						<FileChg FileChangeID="867"/>
						<FileChg FileChangeID="868"/>
						<FileChg FileChangeID="869"/>
						<FileChg FileChangeID="870"/>
						<FileChg FileChangeID="871"/>
						<FileChg FileChangeID="872"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="75"/>
					</RegChgs>
					<PatchComments/>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-050" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-050.asp" Title="Server-side Page Reference Redirect Vulnerability" DatePosted="1999/12/08" DateRevised="1999/12/08" Supported="Yes" Summary="" Issue="Under favorable timing conditions, it is possible for a web server to create a reference to a client window that the server is permitted to view, then use a server-side redirect to a client-local file, and bypass the security restrictions. The result is that it could be possible for a malicious web site operator to view files on the computer of a visiting user." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q246094"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q246094.exe" PatchLocationID="592" SBID="0" SQNumber="Q246094" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q246094.exe" PatchLocationID="592" SBID="0" SQNumber="Q256094" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-055" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-055" Title="Malformed Resource Enumeration Argument Vulnerability" DatePosted="1999/12/09" DateRevised="1999/12/09" Supported="Yes" Summary="This update fixes a denial of service vulnerability affecting services.exe in NT4.0. The effect is to take out named pipes, which renders the server useless but doesn't crash it. This is also referred to as &quot;RFPoison&quot;. " Issue="The primary effect of the failure is to cause named pipes to fail, which prevents many other system services from operating." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q246045"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="Q246045.EXE" PatchLocationID="214" SBID="57" SQNumber="Q246045" NoReboot="0">
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<PatchComments/>
					<RegChgs>
						<RegChg RegChangeID="1247"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="1050"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-056" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-056.asp" Title="Syskey Keystream Reuse Vulnerability" DatePosted="1999/12/16" DateRevised="1999/12/16" Supported="Yes" Summary="" Issue="Syskey is a utility that strongly encrypts the hashed password information in the SAM database in order to protect it against offline password cracking attacks. However, Syskey reuses the keystream used to perform some of the encryption. This significantly reduces the strength of the protection it provides by enabling a well-known cryptanalytic attack to be used against it." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q248183"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="Q248183.EXE" PatchLocationID="215" SBID="57" SQNumber="Q248183" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="48"/>
					</PatchComments>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="231"/>
						<FileChg FileChangeID="232"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1245"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-057" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-057.asp" Title="Malformed Security Identifier Request Vulnerability" DatePosted="1999/12/16" DateRevised="1999/12/16" Supported="Yes" Summary="" Issue="The Windows NT Local Security Authority (LSA) provides a number of functions for enumerating and manipulating security information. One of these functions, LsaLookupSids(), is used to determine the Security Identifier (SID) associated with a particular user or group name. A flaw in the implementation of this function causes it to incorrectly handle certain types of invalid arguments. If an affected call were made to this function, it would cause the LSA to crash, thereby preventing the machine from performing useful work." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q248185"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q248183.EXE" PatchLocationID="215" SBID="57" SQNumber="Q248183" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="47"/>
					</PatchComments>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="231"/>
						<FileChg FileChangeID="232"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1246"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-001" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-001" Title="Malformed IMAP Request Vulnerability" DatePosted="2000/01/04" DateRevised="2000/01/04" Supported="Yes" Summary="" Issue="The IMAP service included in MCIS Mail has an unchecked buffer. If a malformed request containing random data were passed to the service, it could cause the web publishing, IMAP, SMTP, LDAP and other services to crash. If the malformed request contained specially crafted data, it could also be used to run arbitrary code on the server via a classic buffer overrun attack." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q246731"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q246731engi.EXE" PatchLocationID="468" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="66" FixedInSP="0">
						<AffectedServicePack ServicePackID="114"/>
					</AffectedProduct>
					<AffectedProduct ProductID="68" FixedInSP="0">
						<AffectedServicePack ServicePackID="113"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-002" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-002.asp" Title="Malformed Conversion Data Vulnerability" DatePosted="2000/01/20" DateRevised="2000/01/20" Supported="Yes" Summary="" Issue="Microsoft Office includes a conversion utility that converts older Word documents to more recent formats. The conversion utility for Word 5 documents in East Asian languages (Japanese, Korean, Simplified Chinese and Traditional Chinese) has an unchecked buffer. By using a hexadecimal editor to insert specially malformed information into a document, a malicious user could cause Word to run code of his or her choice when the document was opened using an affected version of the converter." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q249881"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="WW5Pkg.exe" PatchLocationID="457" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="64" FixedInSP="0">
						<AffectedServicePack ServicePackID="95"/>
					</AffectedProduct>
					<AffectedProduct ProductID="78" FixedInSP="0">
						<AffectedServicePack ServicePackID="96"/>
					</AffectedProduct>
					<AffectedProduct ProductID="39" FixedInSP="0">
						<AffectedServicePack ServicePackID="137"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="WW5pkg.exe" PatchLocationID="597" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="38" FixedInSP="0">
						<AffectedServicePack ServicePackID="140"/>
					</AffectedProduct>
					<AffectedProduct ProductID="13" FixedInSP="0">
						<AffectedServicePack ServicePackID="141"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-003" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-003.asp" Title="Spoofed LPC Port Request Vulnerability" DatePosted="2000/01/12" DateRevised="2000/01/12" Supported="Yes" Summary="" Issue="The primary risk from this vulnerability is that a malicious user could exploit this vulnerability to gain additional privileges on the local machine. However, it also could be used to cause audit logs to indicate that certain actions were taken by another user. A malicious user would require the ability to log onto the target machine interactively and run arbitrary programs in order to exploit this vulnerability, and as a result, workstations and terminal servers would be at greatest risk." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q247869"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q247869i.EXE" PatchLocationID="454" SBID="56" SQNumber="Q247869" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1244"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-004" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-004.asp" Title="RDISK Registry Enumeration File Vulnerability" DatePosted="2000/01/21" DateRevised="2000/02/04" Supported="Yes" Summary="On January 21, 2000, Microsoft released the original version of this bulletin, discussing a security vulnerability in a Microsoft® Windows NT 4.0 administrative utility. The original version of the bulletin discussed the vulnerability within the context of Windows NT 4.0 Server, Terminal Server Edition. However, we have since learned of scenarios under which the vulnerability could also affect Windows NT 4.0 servers and workstations, and have revised the bulletin accordingly.The utility creates a temporary file during execution that can contain security-sensitive information, but does not appropriately restrict access to it. Under certain conditions, it could be possible for a malicious user to read the file as it was being cre" Issue="The RDISK utility is used to create an Emergency Repair Disk (ERD) in order to record machine state information as a contingency against system failure. During execution, RDISK creates a temporary file containing an enumeration of the registry. The ACLs on the file allow global read permission, and as a result, a malicious user who knew that the administrator was running RDISK could open the file and read the registry enumeration information as it was being created. RDISK erases the file upon successful completion, so under normal conditions there would be no lasting vulnerability.By default, the file is not shared and therefore could not be read by other network user" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q249108"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="Q249108i.exe" PatchLocationID="181" SBID="57" SQNumber="Q249108" NoReboot="0">
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="82"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="97"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="76"/>
					</FileChgs>
					<PatchComments/>
				</Patch>
				<Patch PatchName="q249108i.EXE" PatchLocationID="185" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="747"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="220"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-005" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-005.asp" Title="Malformed RTF Control Word Vulnerability" DatePosted="2000/01/17" DateRevised="2000/01/17" Supported="Yes" Summary="The vulnerability could be used to cause email programs to crash." Issue="The default RTF reader that ships as part of many Windows platforms has an unchecked buffer in the portion of the reader that parses control words. If an RTF file contains a specially-malformed control word, it could cause the application to crash." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q249973"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="Q249973i.EXE" PatchLocationID="178" SBID="57" SQNumber="Q249973" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="96"/>
						<FileChg FileChangeID="77"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="759"/>
					</RegChgs>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="249973USA5.exe" PatchLocationID="612" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="80"/>
						<AffectedServicePack ServicePackID="51"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="249973USA8.exe" PatchLocationID="613" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-006" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-006" Title="Malformed Hit-Highlighting Argument Vulnerability" DatePosted="2000/01/26" DateRevised="2000/03/31" Supported="Yes" Summary="Microsoft has released a patch that eliminates two security vulnerabilities in Microsoft Index Server. The first vulnerability could allow a malicious user to view -- but not to change, add or delete -- files on a web server. The second vulnerability could reveal where web directories are physically located on the server. " Issue="The first vulnerability is the &quot;Malformed Hit-Highlighting Argument&quot; vulnerability. The ISAPI filter that implements the hit-highlighting (also known as &quot;WebHits&quot;) functionality does not adequately constrain what files can be requested. By providing a deliberately-malformed argument in a request to hit-highlight a document, it is possible to escape the virtual directory. This would allow any file residing on the server itself, and on the same logical drive as the web root directory, to be retrieved regardless of permissions.  This variant could allow the source of server-side files such as .ASP files to be read. The new variant affects only Index Server 2.0, and Windows 2000 customers who applied the original patch were never at risk from it. The second vulnerability involves the error message that is returned when a user requests a non-existent Internet Data Query file. The error message provides the physical path to the web directory that was contained in the request. Although this vulnerability would not allow a malicious user to alter or view any data, it could be a valuable reconnaissance tool for mapping the file structure of a web server. This variant could allow a malicious user to read files. The variant was eliminated by the original patch, and customers who applied the original version of the patch were never at risk from it. Indexing Services in Windows 2000 is affected only by the &quot;Malformed Hit-Highlighting&quot; vulnerability - it is not affected by the second vulnerability." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q251170"/>
				<QNumber QNumber="Q252463"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q251170_W2K_SP1_X86_en.EXE" PatchLocationID="188" SBID="0" SQNumber="Q251170" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="18" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="214"/>
						<FileChg FileChangeID="215"/>
						<FileChg FileChangeID="221"/>
					</FileChgs>
					<AffectedProduct ProductID="17" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1203"/>
					</RegChgs>
					<AffectedProduct ProductID="5" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q252463i.EXE" PatchLocationID="689" SBID="60" SQNumber="Q252463" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="106" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="627"/>
						<FileChg FileChangeID="628"/>
						<FileChg FileChangeID="629"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1202"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-007" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-007.asp" Title="Recycle Bin Creation Vulnerability" DatePosted="2000/02/01" DateRevised="2000/02/01" Supported="Yes" Summary="A malicious user could create, delete or modify files in the Recycle Bin of another user who shared the machine. In most cases, the vulnerability would not allow the malicious user to read the files unless they already had read permission to do so." Issue="The Windows NT Recycle Bin for a given user maps to a folder, whose name is based on the owner's SID. The folder is created the first time the user deletes a file, and the owner is given sole permissions to it. However, if a malicious user could create the folder before the bona fide one were created, he or she could assign any desired permissions to it. This would allow him or her to create, modify or delete files in the Recycle Bin" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q248399"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q248399i.exe" PatchLocationID="219" SBID="57" SQNumber="Q248399" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="49"/>
					</PatchComments>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1204"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="118"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-008" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-008.asp" Title="Registry Permissions Vulnerability" DatePosted="2000/03/09" DateRevised="2000/04/14" Supported="Yes" Summary="" Issue="This vulnerability involves three sets of registry keys whose default permissions are too permissive. These permissions could allow a malicious user who could interactively log onto a target machine (or,in one case, access an affected machine from the network) to: 
. Cause code to run in a local system context. 
. Cause code to run the next time another user logged onto the same machine. 
. Disable the security protection for a previously-reported vulnerability." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q103861"/>
				<QNumber QNumber="Q185590"/>
				<QNumber QNumber="Q184375"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q259496i.exe" PatchLocationID="452" SBID="44" SQNumber="Q259496" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
						<PatchComment CommentID="50"/>
					</PatchComments>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-011" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-011" Title="VM File Reading Vulnerability" DatePosted="2000/02/18" DateRevised="2000/02/18" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in the Microsoft® virtual machine (Microsoft VM). The vulnerability could enable a malicious web site operator to read files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet. " Issue="The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.x and Internet Explorer 5.x contains a security vulnerability that could allow a Java applet to operate outside the bounds set by the sandbox. A malicious user could write a Java applet that could read - but not change, delete or add - files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q253562"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="msjavx86.exe" PatchLocationID="342" SBID="36" SQNumber="Q253562" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="12"/>
					</PatchComments>
					<AffectedProduct ProductID="36" FixedInSP="0">
						<AffectedServicePack ServicePackID="100"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q287030_W2K_SP2_x86_en.EXE" PatchLocationID="343" SBID="38" SQNumber="Q287030" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="13"/>
					</PatchComments>
					<AffectedProduct ProductID="36" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-021" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-021" Title="Malformed TCP/IP Print Request Vulnerability" DatePosted="2000/03/30" DateRevised="2000/03/30" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in the TCP/IP Printing Services for Microsoft Windows NT 4.0 and Windows 2000. If this service is installed, the vulnerability could allow a malicious user to disrupt printing services. " Issue="A specially-malformed print request could cause TCPSVC.EXE to crash, which would not only prevent the server from providing printing services, but also would stop several other services, most importantly DHCP." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q257870"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="Q257870i.EXE" PatchLocationID="216" SBID="57" SQNumber="Q257870" NoReboot="0">
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="107"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="1208"/>
					</FileChgs>
					<PatchComments/>
				</Patch>
				<Patch PatchName="Q257870_W2K_SP1_x86_en.EXE" PatchLocationID="694" SBID="0" SQNumber="Q257870" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="7" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="631"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1206"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-020" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-020" Title="Desktop Separation Vulnerability" DatePosted="2000/06/15" DateRevised="2000/06/15" Supported="Yes" Summary="This update eliminates the &quot;Desktop Separation&quot; vulnerability found in Windows 2000. Installing this update will prevent malicious users from gaining additional privileges on your computer when they log on at your keyboard. " Issue="By design, processes are constrained to run within a windows station, and the threads in the process run in one or more desktops. A process in one windows station should not be able to access desktops belonging to another windows station. However, due to an implementation error, this could happen under very specific circumstances. This could allow a process belonging to a low-privilege user to view inputs or output that belong to another desktop within the same session, and potentially obtain information such as passwords" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q260197"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="q260197_w2k_sp1_x86_en.exe" PatchLocationID="692" SBID="0" SQNumber="Q260197" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="6" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1205"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="773"/>
						<FileChg FileChangeID="774"/>
						<FileChg FileChangeID="775"/>
						<FileChg FileChangeID="776"/>
						<FileChg FileChangeID="777"/>
						<FileChg FileChangeID="778"/>
						<FileChg FileChangeID="779"/>
					</FileChgs>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-026" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-026.asp" Title="Mixed Object Access Vulnerability" DatePosted="2000/04/20" DateRevised="2000/04/20" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Windows® 2000 that could, under very specific conditions, allow a malicious user to change information in the Active Directory that he should not be able to change." Issue="Active Directory allows for access control of directory objects on a per-attribute basis. However, the vulnerability at issue here could allow a malicious user to modify object attributes that he does not have permission to modify, as long as he combined the operation in a particular way with ones involving attributes that he does have permission to modify.The vulnerability does not afford the malicious user an opportunity to modify all objects in a class ? only the specific class objects for which he has permission to modify at least one attribute. Further, the vulnerability provides no capability to bypass normal authentication or Windows 2000 auditing, so administrators could determine if this vulnerability were being exploited, and by wh" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q259401"/>
			</QNumbers>
			<BulletinComments>
				<BulletinComment CommentID="1"/>
			</BulletinComments>
			<Patches>
				<Patch PatchName="q259401_w2k_sp1_x86_en.exe" PatchLocationID="218" SBID="31" SQNumber="Q259401" NoReboot="0">
					<AffectedProduct ProductID="6" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1207"/>
					</RegChgs>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="632"/>
						<FileChg FileChangeID="633"/>
					</FileChgs>
					<PatchComments/>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-027" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-027.asp" Title="Malformed Environment Variable Vulnerability" DatePosted="2000/04/20" DateRevised="2000/04/20" Supported="Yes" Summary="The vulnerability could allow a malicious user to make some or all of the memory on an affected server unavailable, potentially slowing or stopping an affected server's response time." Issue="CMD.EXE, the command processor for Windows NT 4.0 and Windows 2000, has an unchecked buffer in part of the code that handles environment strings.  It could be used to mount denial of service attacks in certain cases. If a server provides batch or other script files, a malicious user could potentially provide arguments that would create an extremely large environment string and overflow the buffer. This would cause the process to fail, and the memory allocated to the process would not be made available again until a dialogue had been cleared on the operator's console. By repeatedly running the batch file, the malicious user could potentially make some or all of the memory on the server temporarily unavailabl" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q259622"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="q259622i.exe" PatchLocationID="697" SBID="57" SQNumber="Q259622" NoReboot="0">
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1209"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="875"/>
					</FileChgs>
					<PatchComments/>
				</Patch>
				<Patch PatchName="q259622_w2k_sp1_x86_en.exe" PatchLocationID="698" SBID="0" SQNumber="Q296441" NoReboot="0">
					<AffectedProduct ProductID="5" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1208"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="781"/>
					</FileChgs>
					<PatchComments/>
				</Patch>
				<Patch PatchName="placeholder" PatchLocationID="706" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-029" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-029" Title="IP Fragment Reassembly Vulnerability" DatePosted="2000/05/19" DateRevised="2000/05/19" Supported="Yes" Summary="This update resolves the &quot;IP Fragment Reassembly&quot; security vulnerability in Windows 2000. Installing this update will minimize the negative effects that fragmented Internet Protocol (IP) datagrams could have on your computer's central processing unit (CPU)." Issue="The affected systems contain a flaw in the code that performs IP fragment reassembly. If a continuous stream of fragmented IP datagrams with a particular malformation were sent to an affected machine, it could be made to devote most or all of its CPU availability to processing them. The data rate needed to completely deny service varies depending on the machine and network conditions, but in most cases even relatively moderate rates would suffice.The vulnerability would not allow a malicious user to compromise data on the machine or usurp administrative control over it. Although it has been reported that the attack in some cases will cause an affected machine to crash, affected machines in all Microsoft testing returned to normal service shortly after the fragments stopped arriving. Machines protected by a proxy server or a firewall that drops fragmented packets would not be affected by this vulnerability. The machines most likely to be affected by this vulnerability would be machines located on the edge of a network such as web servers or proxy servers" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q259728"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="Q259728i.EXE " PatchLocationID="182" SBID="57" SQNumber="Q259728" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="123"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="1049"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="Q259728_W2K_SP1_x86_en.EXE" PatchLocationID="183" SBID="0" SQNumber="Q259728" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="113"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1210"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q259728i.EXE" PatchLocationID="184" SBID="" SQNumber="" NoReboot="0">
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="259728USA5.EXE" PatchLocationID="701" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="259728USA8.EXE" PatchLocationID="702" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-032" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-032" Title="Protected Store Key Length Vulnerability" DatePosted="2000/06/01" DateRevised="2000/07/16" Supported="Yes" Summary="Microsoft has released a patch and a tool that eliminate a security vulnerability in Microsoft Windows 2000. The vulnerability could make it easier for a malicious user who had complete control over a Windows 2000 machine to compromise users' sensitive information." Issue="By design, the Protected Store should always encrypt the information using the strongest cryptography available on the machine.  An attacker would need to gain complete administrative control over the machine that houses the Protected Store in order to gain access to it, and even then would still need to mount a brute-force cryptographic attack against it." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments>
				<BulletinComment CommentID="1"/>
			</BulletinComments>
			<QNumbers>
				<QNumber QNumber="Q260219"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q260219_w2k_sp1_x86_en.exe" PatchLocationID="191" SBID="" SQNumber="Q260219" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="52"/>
					</PatchComments>
					<AffectedProduct ProductID="6" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="801"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1171"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-036" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-036" Title="ResetBrowser Frame and Host Announcement Frame Vulnerabilities" DatePosted="2000/05/25" DateRevised="2000/05/25" Supported="Yes" Summary="This update resolves the &quot;ResetBrowser Frame&quot; and &quot;HostAnnouncement Flooding&quot; security vulnerabilities in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-036. Download now to prevent a malicious user from denying network users the ability to locate services or other computers on the network. " Issue="The two vulnerabilities are:The &quot;ResetBrowser Frame&quot; vulnerability, which affects both Windows NT 4.0 and Windows 2000. Like most implementations, the Windows implementation provides the ability for a Master Browser to shut down other browsers via the ResetBrowser frame. However, there is no capability to configure a browser to ignore ResetBrowser frames. This could allow a malicious user to shut down browsers on his subnet as a denial of service attack against the browser service, or, in the worst case, to shut down all browsers and declare his machine the new Master Browser.The &quot;HostAnnouncement Flooding&quot; vulnerability, which does not affect Windows 2000. Because there is no means of limiting the size of the browse table in Windows NT 4.0, a malicious user could send a huge number of bogus HostAnnouncement frames to a Master Browser. The resulting replication traffic could consume The &quot;ResetBrowser Frame&quot; vulnerability, which affects both Windows NT 4.0 and Windows 2000. Like most implementations, the Windows implementation provides the ability for a Master Browser to shut down other browsers via the ResetBrowser frame. However, there is no capability to configure a browser to ignore ResetBrowser frames. This could allow a malicious user to shut down browsers on his subnet as a denial of service attack against the browser service, or, in the worst case, to shut down all browsers and declare his machine the new Master Browser. 
The &quot;HostAnnouncement Flooding&quot; vulnerability, which does not affect Windows 2000. Because there is no means of limiting the size of the browse table in Windows NT 4.0, a malicious user could send a huge number of bogus HostAnnouncement frames to a Master Browser. The resulting replication traffic could consume most or all of the network bandwidth and cause other problems in processing the table as well." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q262694"/>
				<QNumber QNumber="Q263307"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q262694i.EXE" PatchLocationID="530" SBID="57" SQNumber="Q262694" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="524"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1237"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q262694_W2K_SP2_x86_en.EXE" PatchLocationID="531" SBID="0" SQNumber="Q262694" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="525"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1135"/>
					</RegChgs>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-040" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-040.asp" Title="Remote Registry Access Authentication Vulnerability" DatePosted="2000/06/08" DateRevised="2000/06/08" Supported="Yes" Summary="" Issue="Before a request to access the registry from a remote machine can be processed, it must first be authenticated by the Remote Registry server. If the request is malformed in a specific fashion, it could be misinterpreted by the remote registry server, causing it to fail. Because the Remote Registry server is contained within the winlogon.exe system process on Windows NT 4.0, a failure in that process would cause the entire system to fail.Only an authenticated user could levy such a request." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<QNumbers>
				<QNumber QNumber="Q264684"/>
			</QNumbers>
			<BulletinComments/>
			<Patches>
				<Patch PatchName="Q264684i.EXE" PatchLocationID="174" SBID="57" SQNumber="Q264684" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="734"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="504"/>
						<FileChg FileChangeID="505"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-047" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-047" Title="NetBIOS Name Server Protocol Spoofing Vulnerability " DatePosted="2000/07/27" DateRevised="2000/07/27" Supported="Yes" Summary="This update resolves the &quot;NetBIOS Name Server Protocol Spoofing&quot; security vulnerability in some Windows-based networks and is discussed in Microsoft Security Bulletin MS00-047. Download now to prevent a malicious user from misusing the Name Conflict and Name Release mechanisms that are part of Windows Internet Name Service (WINS). " Issue="By design, NBNS allows network peers to assist in managing name conflicts. Also by design, it is an unauthenticated protocol and therefore subject to spoofing. A malicious user could misuse the Name Conflict and Name Release mechanisms to cause another machine to conclude that its name was in conflict. Depending on the scenario, the machine would as a result either be unable to register a name on the network, or would relinquish a name it already had registered. The result in either case would be the same - the machine would not respond requests sent to the conflicted name anymore.  This will reduce but not eliminate the threat of spoofing. Customers needing additional protection may wish to consider using IPSec in Windows 2000 to authenticate all sessions on ports 137-139" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q269239"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q269239i.exe" PatchLocationID="165" SBID="57" SQNumber="Q269239" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="206"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="978"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q269239_W2K_SP2_x86_en.EXE" PatchLocationID="172" SBID="0" SQNumber="Q269239" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="208"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1166"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q269239i.exe" PatchLocationID="220" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="233"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="964"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-052" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-052" Title="Relative Shell Path Vulnerability" DatePosted="2000/07/28" DateRevised="2000/07/28" Supported="Yes" Summary="This update resolves the &quot;Relative Shell Path&quot; security vulnerability in Windows NT 4.0 and Windows 2000 and is discussed in Microsoft Security Bulletin MS00-052. Download now to prevent a malicious user from altering the functionality of your desktop. " Issue="Because of the circumstances in place at system startup time, the normal search order would cause any file named Explorer.exe in the %Systemdrive%\ directory to be loaded in place of the bona fide version. This could provide an opportunity for a malicious user to cause code of his choice to run when another user subsequently logged onto the same machine." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q269049"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q269049i.EXE" PatchLocationID="154" SBID="57" SQNumber="Q269049" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="199"/>
						<FileChg FileChangeID="200"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="693"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q269049i.exe" PatchLocationID="157" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="201"/>
						<FileChg FileChangeID="202"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="693"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q269049_w2k_sp2_x86_en.exe" PatchLocationID="159" SBID="0" SQNumber="Q269049" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="203"/>
						<FileChg FileChangeID="204"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1137"/>
					</RegChgs>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-053" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-053" Title="Service Control Manager Named Pipe Impersonation Vulnerability" DatePosted="2000/08/02" DateRevised="2000/08/02" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows 2000. The vulnerability could allow a user logged onto a Windows 2000 machine from the keyboard to become an administrator on the machine." Issue="The Service Control Manager (services.exe) is an administrative tool provided in Windows 2000 that allows system services (Server, Workstation, Alerter, ClipBook, etc.) to be created or modified. The SCM creates a named pipe for each service as it starts, however, should a malicious program predict and create the named pipe for a specific service before the service starts, the program could impersonate the privileges of the service. This could allow the malicious program to run in the context of the given service, with either specific user or LocalSystem privileges. 
The primary risk from this vulnerability is that a malicious user could exploit this vulnerability to gain additional privileges on the local machine. A malicious user would require the ability to log onto the target machine interactively and run arbitrary programs in order to exploit this vulnerability, and as a result, workstations and terminal servers would be at greatest risk." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q269523"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q269523_W2K_SP2_x86_en.EXE" PatchLocationID="150" SBID="0" SQNumber="Q269523" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="197"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1138"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-057" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-057" Title="File Permission Canonicalization Vulnerability " DatePosted="2000/08/10" DateRevised="2000/08/10" Supported="Yes" Summary="This update resolves the &quot;Web Server Folder Traversal&quot; security vulnerability in Internet Information Server (IIS) and is discussed in Microsoft Security Bulletin MS00-057.  Download now to prevent a malicious user from executing operating system commands on a Web server. " Issue="A canonicalization error can, under certain conditions, cause IIS 4.0 or 5.0 to apply incorrect permissions to certain types of files. If an affected file residing in a folder with restrictive permissions were requested via a particular type of malformed URL, the permissions actually used would be those of a folder in the file's parentage chain, but not those of the folder the file actually resides in. If the ancestor folder's permissions were more permissive than those of the correct folder, the malicious user would gain additional privileges to the affected file." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q269862"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="prmcan4i.exe" PatchLocationID="383" SBID="20" SQNumber="Q269862" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="352"/>
						<FileChg FileChangeID="353"/>
						<FileChg FileChangeID="354"/>
						<FileChg FileChangeID="355"/>
						<FileChg FileChangeID="356"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1118"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q269862_W2K_SP2_x86_en.EXE" PatchLocationID="385" SBID="11" SQNumber="Q269862" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="501"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1119"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-059" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-059" Title="Java VM Applet Vulnerability " DatePosted="2000/08/21" DateRevised="2001/01/26" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in the Microsoft virtual machine (Microsoft VM). If a malicious web site operator were able to coax a user into visiting his site, the vulnerability could allow him to masquerade as the user, visit other sites using his identity, and relay the information back to his site. " Issue="This vulnerability would allow an applet to bypass this restriction. If a user visited a web site operated by a malicious user, the site could start an applet that would be able to establish a connection with another web site and forward any information from the web session to the malicious user?s site." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q271752"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="msjavx86.exe" PatchLocationID="342" SBID="37" SQNumber="Q271752" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="12"/>
					</PatchComments>
					<AffectedProduct ProductID="36" FixedInSP="0">
						<AffectedServicePack ServicePackID="100"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
					</AffectedProduct>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q287030_W2K_SP2_x86_en.EXE" PatchLocationID="379" SBID="39" SQNumber="Q287030" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="13"/>
					</PatchComments>
					<AffectedProduct ProductID="36" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-060" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-060" Title="IIS Cross-Site Scripting Vulnerabilities " DatePosted="2000/08/25" DateRevised="2000/11/02" Supported="Yes" Summary="This update resolves the &quot;IIS Cross-Site Scripting&quot; security vulnerability in Internet Information Services (IIS). Download now to prevent a malicious user from introducing code on your Web server and returning that code as a Web page (hosted by your server) to visiting browsers. " Issue="If a malicious web site operator were able to lure a user to his site, and had identified a third-party web site that was vulnerable to CSS, he could potentially use the vulnerability to &quot;inject&quot; script into a web page created by the other web site, which would then be delivered to the user. The net effect would be to cause the malicious user's script to run on the user's machine using the trust afforded the other site. 
The vulnerability can affect any software that runs on a web server, accepts user input, and blindly uses it to generate web pages." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q260347"/>
				<QNumber QNumber="Q275657"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="crsscri.exe" PatchLocationID="375" SBID="19" SQNumber="Q260347" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="333"/>
						<FileChg FileChangeID="334"/>
						<FileChg FileChangeID="335"/>
						<FileChg FileChangeID="336"/>
						<FileChg FileChangeID="337"/>
						<FileChg FileChangeID="338"/>
						<FileChg FileChangeID="339"/>
						<FileChg FileChangeID="340"/>
						<FileChg FileChangeID="341"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1114"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q275657_W2K_SP2_x86_en.EXE" PatchLocationID="376" SBID="8" SQNumber="Q275657" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="342"/>
						<FileChg FileChangeID="343"/>
						<FileChg FileChangeID="344"/>
						<FileChg FileChangeID="346"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1115"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-062" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-062" Title="Local Security Policy Corruption Vulnerability" DatePosted="2000/08/28" DateRevised="2000/08/28" Supported="Yes" Summary="This update resolves the &quot;Local Security Policy Corruption&quot; security vulnerability in Windows 2000. Download now to prevent a malicious user from corrupting parts of your computer's local security policy and disabling your network access. " Issue="This vulnerability could allow a malicious user to corrupt parts of a Windows 2000 system's local security policy, with the effect of disrupting domain membership and trust relationship information. If a workstation or member server were attacked via this vulnerability, it would effectively remove the machine from the domain; if a domain controller were attacked, it could no longer process domain logon requests." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q269609"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q269609_W2K_SP1_x86_en.EXE" PatchLocationID="147" SBID="31" SQNumber="Q269609" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="195"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1139"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-063" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-063.asp" Title="Invalid URL Vulnerability" DatePosted="2000/09/05" DateRevised="2000/09/05" Supported="Yes" Summary="" Issue="If an affected web server received a particular type of invalid URL, it could, under certain conditions, start a chain of events that would culminate in an invalid memory request that would cause the IIS service to fail. This would prevent the server from providing web services. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q271652"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q271652i.EXE" PatchLocationID="372" SBID="57" SQNumber="Q271652" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs/>
					<RegChgs>
						<RegChg RegChangeID="1113"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q271652I.EXE" PatchLocationID="372" SBID="9" SQNumber="Q271652" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs/>
					<RegChgs>
						<RegChg RegChangeID="1113"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-065" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-065" Title="Still Image Service Privilege Escalation Vulnerability" DatePosted="2000/09/06" DateRevised="2000/09/06" Supported="Yes" Summary="This update resolves the &quot;Still Image Service Privilege Escalation&quot; security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-065. Download now to prevent a malicious user from logging on to a Windows 2000 computer interactively and running a program that could enable the malicious user to obtain administrative privileges on the host computer. " Issue="An unchecked buffer exists in the 'Still Image Service' on Windows 2000 hosts. A locally logged-on user can execute malicious code that will use the still image service to escalate their permissions equal to that of the Still Image Service, namely, LocalSystem." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q272736"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q272736_w2k_sp2_x86_en.exe" PatchLocationID="144" SBID="0" SQNumber="Q272736" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="194"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1140"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-066" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-066" Title="Malformed RPC Packet Vulnerability " DatePosted="2000/09/11" DateRevised="2000/09/11" Supported="Yes" Summary="This update resolves the &quot;Malformed RPC Packet&quot; security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-066. Download now to prevent a malicious user from launching a Denial of Service attack via the Remote Procedure Call (RPC) client. " Issue="A denial of service can occur when a malicious client sends a particular malformed RPC (Remote Procedure Call) packet to the server, causing the RPC service to fail.  A server behind a firewall that blocks ports 135-139 and 445 will not be affected by this vulnerability from the Internet." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q272303"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q272303_w2k_sp2_x86_en.exe" PatchLocationID="141" SBID="0" SQNumber="Q272303" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="192"/>
						<FileChg FileChangeID="193"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1141"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-067" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-067" Title="Windows 2000 Telnet Client NTLM Authentication Vulnerability" DatePosted="2000/09/14" DateRevised="2000/09/21" Supported="Yes" Summary="This update resolves the &quot;Windows 2000 Telnet Client NTLM Authentication&quot; security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-067. Download now to prevent a malicious user from acquiring your authentication credentials. " Issue="A vulnerability exists because the client will, by default, perform NTLM authentication when connecting to the remote telnet server. This could allow a malicious user to obtain another user's NTLM authentication credentials without the user's knowledge. A malicious user could exploit this behavior by creating a carefully-crafted HTML document that, when opened, could attempt to initiate a Telnet session to a rogue telnet server - automatically passing NTLM authentication credentials to the malicious server's owner. The malicious user could then use an offline brute force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q272743"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q272743_w2k_sp2_x86_en.exe" PatchLocationID="177" SBID="0" SQNumber="Q272743" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="217"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1142"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-068" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-068.asp" Title="OCX Attachment Vulnerability" DatePosted="2000/09/26" DateRevised="2000/09/26" Supported="Yes" Summary="" Issue="OCX controls are containers that can hold multiple ActiveX controls. A particular OCX control, associated with Windows Media Player, could be used in a denial of service attack against RTF-enabled e-mail clients such as Microsoft® Outlook and Outlook Express. If the affected control were programmatically embedded into an RTF mail and then sent to another user, the user?s mail client would fail when he closed the mail." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments>
				<BulletinComment CommentID="30"/>
			</BulletinComments>
			<QNumbers>
				<QNumber QNumber="Q274303"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="WMSU28412.EXE" PatchLocationID="370" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="20" FixedInSP="0">
						<AffectedServicePack ServicePackID="94"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="331"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1221"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-069" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-069" Title="Simplified Chinese IME State Recognition Vulnerability" DatePosted="2000/09/29" DateRevised="2000/09/29" Supported="Yes" Summary="This update resolves the &quot;Simplified Chinese IME State Recognition&quot; security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-069. Download now to prevent a malicious user from exploiting the logon screen for Simplified Chinese IME to run code, add users to the computer, install or remove system components, add or remove software and compromise data. " Issue="Input Method Editors (IMEs) enable character-based languages such as Chinese to be entered via a standard 101-key keyboard. When an IME is installed as part of the system setup, it is available by default as part of the logon screen. In such a case, the IME should recognize that it is running in the context of the LocalSystem and not in the context of a user, and restrict certain functions.  This vulnerability only affects the Simplified Chinese version of Windows 2000 by default - customers using any other version of Windows 2000 are not affected. Even if the Simplified Chinese IMEs were installed after setup as part of a language pack, it would not be present as part of the logon screen and therefore would not pose a security threat. The vulnerability allows only the local machine to be compromised, but does not grant any domain privileges (unless, of course, the local machine happens to be a domain controller). Because the vulnerability is exposed as part of the logon screen, it could only be exploited by a user who had physical access to a keyboard, or who could start a terminal server session on an affected machine." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments>
				<BulletinComment CommentID="31"/>
			</BulletinComments>
			<QNumbers>
				<QNumber QNumber="Q270676"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q270676_w2k_sp2_x86_en.exe" PatchLocationID="138" SBID="0" SQNumber="Q270676" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="187"/>
						<FileChg FileChangeID="188"/>
						<FileChg FileChangeID="189"/>
						<FileChg FileChangeID="191"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1143"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-070" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-070" Title="Multiple LPC and LPC Ports Vulnerabilities" DatePosted="2000/10/03" DateRevised="2000/10/03" Supported="Yes" Summary="This update resolves the &quot;Multiple LPC and LPC Ports&quot; security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletins MS00-070 and MS00-003. Download now to prevent a malicious user from causing your computer to fail, impersonating your privileges, or causing the client or server to fail by posing as the client or server and sending random data. " Issue="The &quot;Invalid LPC Request&quot; vulnerability, which affects only Windows NT 4.0. By levying an invalid LPC request, it would be possible to make the affected system fail. The &quot;LPC Memory Exhaustion&quot; vulnerability, which affects both Windows NT 4.0 and Windows 2000. By levying spurious LPC requests, it could be possible to increase the number of queued LPC messages to the point where kernel memory was depleted. The &quot;Predictable LPC Message Identifier&quot; vulnerability, which affects both Windows NT 4.0 and Windows 2000. Any process that knows the identifier of an LPC message can access it; however, the identifiers can be predicted. In the simplest case, a malicious user could access other process' LPC ports and feed them random data as a denial of service attack. In the worst case, it could be possible under certain conditions to send bogus requests to a privileged process in order to gain additional local privileges.  A new variant of the previously-reported &quot;Spoofed LPC Port Request&quot; vulnerability. This vulnerability affects Windows NT 4.0 and Windows 2000, and could, under a very restricted set of conditions, allow a malicious user to create a process that would run under the security context of an already-running process, potentially including System processes. Because LPC can only be used on the local machine, none of these vulnerabilities could be exploited remotely. Instead, a malicious user could only exploit them on machines that he could log onto interactively. Typically, workstations and terminal servers would be chiefly at risk, because, if normal security practices have been followed, normal users will not be allowed to log onto critical servers interactively. This also means that, even in the worst case, the vulnerability would only confer additional local - not domain - privileges on the malicious user" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q266433"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q266433i.exe" PatchLocationID="133" SBID="57" SQNumber="Q266433" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="184"/>
						<FileChg FileChangeID="185"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="621"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q266433_w2k_sp2_x86_en.exe" PatchLocationID="137" SBID="0" SQNumber="Q266433" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="186"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1144"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-072" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-072.asp" Title="Share Level Password Vulnerability " DatePosted="2000/10/10" DateRevised="2001/02/16" Supported="Yes" Summary="" Issue="Due to the way the password feature is currently implemented, a file share could be compromised, by a malicious user who used a special client utility, without that user knowing the entire password required to access that share." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q273991"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="273991usam.exe" PatchLocationID="243" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="273991USA8.EXE" PatchLocationID="366" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="1"/>
					</PatchComments>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="273991USA5.EXE" PatchLocationID="367" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="9" FixedInSP="0"/>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-073" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-073.asp" Title="Malformed IPX NMPI Packet Vulnerability" DatePosted="2000/10/11" DateRevised="2001/04/13" Supported="Yes" Summary="" Issue="The Microsoft IPX/SPX protocol implementation (NWLink) includes an NMPI (Name Management Protocol on IPX) listener that will reply to any requesting network address. The NMPI listener software does not filter the requesting computer's network address correctly, and will therefore reply to a network broadcast address. Such a reply would in turn cause other IPX NMPI listener programs to also reply. This sequence of broadcast replies could generate a large amount of unnecessary network traffic." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q273727"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="273727USAM.EXE" PatchLocationID="238" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="273727USA8.EXE" PatchLocationID="363" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="1"/>
					</PatchComments>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="273727USA5.EXE " PatchLocationID="715" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-074" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-074.asp" Title="WebTV for Windows Denial of Service Vulnerability " DatePosted="2000/10/11" DateRevised="2000/10/11" Supported="Yes" Summary="" Issue="There is a denial of service vulnerability in WebTV for Windows that may allow a malicious user to remotely crash either the WebTV for Windows application and/or the computer system running WebTV for Windows. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q274113"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="274113usam.exe" PatchLocationID="234" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="274113USA8.EXE" PatchLocationID="362" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="1"/>
					</PatchComments>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-076" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-076" Title="Cached Web Credentials Vulnerability " DatePosted="2000/10/12" DateRevised="2000/10/12" Supported="Yes" Summary="This update resolves the &quot;Cached Web Credentials&quot; security vulnerability in Internet Explorer. Download now to prevent a malicious user from learning the credentials of another user and then using them to log onto a Web site as the other user. This vulnerability does not give a malicious user the ability to add, change, or delete files on your computer. " Issue="When a user authenticates to a secured web page via Basic Authentication, IE caches the userid and password that were used, in order to minimize the number of times the user must authenticate to the same site. By design, IE should only send the cached credentials to secured pages on the site. However, it will actually send them to non-secure pages on the site as well. If a malicious user had complete control of another user?s network communications, he could wait until another user logged onto a secured site, then spoof a request for a non-secured page in order to collect the credentials." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q273868"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q273868.exe" PatchLocationID="358" SBID="0" SQNumber="Q273868" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="12"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="842"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1249"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-077" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-077" Title="NetMeeting Desktop Sharing Vulnerability" DatePosted="2000/10/13" DateRevised="2001/06/20" Supported="Yes" Summary="This update resolves the &quot;NetMeeting Desktop Sharing&quot; security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS00-077. Download now to prevent a malicious user from denying or interrupting NetMeeting services. " Issue="The denial of service can occur when a malicious client sends a particular malformed string to a port which the NetMeeting service is listening on and with Remote Desktop Sharing enabled." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q273854"/>
				<QNumber QNumber="Q299796"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="NM30.EXE" PatchLocationID="354" SBID="" SQNumber="Q273854" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="37" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="491"/>
						<FileChg FileChangeID="492"/>
						<FileChg FileChangeID="493"/>
						<FileChg FileChangeID="494"/>
						<FileChg FileChangeID="495"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="Q299796_W2k_SP3_x86_en.exe" PatchLocationID="788" SBID="0" SQNumber="Q299796" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="890"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1263"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-078" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-078" Title="Web Server Folder Traversal Vulnerability" DatePosted="2000/10/17" DateRevised="2000/10/17" Supported="Yes" Summary="This update resolves the &quot;Web Server Folder Traversal&quot; security vulnerability in Internet Information Server (IIS) and is discussed in Microsoft Security Bulletin MS00-078.  Download now to prevent a malicious user from executing operating system commands on a Web server. " Issue="Due to a canonicalization error in IIS 4.0 and 5.0, a particular type of malformed URL could be used to access files and folders that lie anywhere on the logical drive that contains the web folders. This would potentially enable a malicious user who visited the web site to gain additional privileges on the machine ? specifically, it could be used to gain privileges commensurate with those of a locally logged-on user. Gaining these permissions would enable the malicious user to add, change or delete data, run code already on the server, or upload new code to the server and run it. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q276489"/>
				<QNumber QNumber="Q269862"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="prmcan4i.exe" PatchLocationID="350" SBID="18" SQNumber="Q269862" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="318"/>
						<FileChg FileChangeID="319"/>
						<FileChg FileChangeID="320"/>
						<FileChg FileChangeID="321"/>
						<FileChg FileChangeID="322"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1109"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q269862_W2K_SP2_x86_en.EXE" PatchLocationID="352" SBID="10" SQNumber="Q269862" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="496"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1159"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-079" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-079" Title="HyperTerminal Buffer Overflow Vulnerability " DatePosted="2000/10/18" DateRevised="2000/10/18" Supported="Yes" Summary="This update resolves the &quot;HyperTerminal Buffer Overflow&quot; security vulnerability in Windows 2000. If you receive and open an HTML e-mail message that contains a particularly malformed Web address (URL), the URL can be used to exploit this vulnerability and run arbitrary code on your computer." Issue="The HyperTerminal application contains an unchecked buffer in a section of the code that processes Telnet URLs. If a user opened an HTML mail that contained a particularly malformed Telnet URL, it would result in a buffer overrun that could enable the creator of the mail to cause arbitrary code to run on the user?s system." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q274548"/>
				<QNumber QNumber="Q276471"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="274548usam.exe" PatchLocationID="227" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="274548USA8.EXE" PatchLocationID="349" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q276471_W2K_SP3_x86_en.EXE" PatchLocationID="757" SBID="0" SQNumber="Q276471" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="2"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="803"/>
						<FileChg FileChangeID="805"/>
						<FileChg FileChangeID="807"/>
						<FileChg FileChangeID="809"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-080" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-080" Title="Session ID Cookie Marking Vulnerability" DatePosted="2000/10/23" DateRevised="2000/11/20" Supported="Yes" Summary="This update resolves the &quot;Session ID Cookie Marking&quot; security vulnerability in Internet Information Services (IIS) and is discussed in Microsoft Security Bulletin MS00-080. Download now to prevent a malicious user from connecting to the Web page you are viewing, assuming your identity, and placing orders or viewing your personal information. " Issue="If a user initiated a session with a secure web page, a Session ID cookie would be generated and sent to the user, protected by SSL. But if the user subsequently visited a non-secure page on the same site, the same Session ID cookie would be exchanged, this time in plaintext. If a malicious user had complete control over the communications channel, he could read the plaintext Session ID cookie and use it to connect to the user?s session with the secure page. At that point, he could take any action on the secure page that the user could take." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q274149"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="secsesi.exe" PatchLocationID="345" SBID="17" SQNumber="Q274149" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="14"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="307"/>
						<FileChg FileChangeID="308"/>
						<FileChg FileChangeID="309"/>
						<FileChg FileChangeID="310"/>
						<FileChg FileChangeID="311"/>
						<FileChg FileChangeID="312"/>
						<FileChg FileChangeID="313"/>
						<FileChg FileChangeID="314"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1107"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q274149_W2K_SP2_x86_en.EXE" PatchLocationID="347" SBID="8" SQNumber="Q274149" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="315"/>
						<FileChg FileChangeID="316"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1108"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-081" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-081" Title="New Variant of VM File Reading Vulnerability" DatePosted="2000/10/25" DateRevised="2001/01/26" Supported="Yes" Summary="This update resolves the &quot;VM File Reading&quot; security vulnerability in the Microsoft virtual machine (Microsoft VM) and is discussed in Microsoft Security Bulletin MS00-081. Download now to prevent a malicious Web site operator from reading - but not changing, adding, or deleting - the files on your computer or viewing the Web content on your intranet. " Issue="The version of the Microsoft VM that ships with Microsoft Internet Explorer 4.x and Internet Explorer 5.x contains a security vulnerability that could allow a Java applet to operate outside the bounds set by the sandbox. A malicious user could write a Java applet that could read ? but not change, delete or add ? files from the computer of a person who visited his site or read web content from inside an intranet if the malicious site is visited by a computer from within that intranet." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q277014"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q287030_W2K_SP2_x86_en.EXE" PatchLocationID="343" SBID="0" SQNumber="Q287030" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="13"/>
					</PatchComments>
					<AffectedProduct ProductID="36" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="303"/>
						<FileChg FileChangeID="840"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1106"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="msjavx86.exe" PatchLocationID="342" SBID="0" SQNumber="Q277014" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="12"/>
					</PatchComments>
					<AffectedProduct ProductID="36" FixedInSP="0">
						<AffectedServicePack ServicePackID="100"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
					</AffectedProduct>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="814"/>
						<FileChg FileChangeID="815"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-082" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-082.asp" Title="Malformed MIME Header Vulnerability " DatePosted="2000/10/31" DateRevised="2000/10/31" Supported="Yes" Summary="" Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q275714"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q248838engI.EXE" PatchLocationID="341" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="35" FixedInSP="0">
						<AffectedServicePack ServicePackID="16"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="294"/>
						<FileChg FileChangeID="295"/>
						<FileChg FileChangeID="296"/>
						<FileChg FileChangeID="297"/>
						<FileChg FileChangeID="298"/>
						<FileChg FileChangeID="299"/>
						<FileChg FileChangeID="300"/>
						<FileChg FileChangeID="301"/>
						<FileChg FileChangeID="302"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-083" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-083.asp" Title="Netmon Protocol Parsing Vulnerability" DatePosted="2000/11/01" DateRevised="2000/11/01" Supported="Yes" Summary="" Issue="Several parsers of Netmon have unchecked buffers. If a malicious user delivered a specially-malformed frame to a server that was monitoring network traffic, and the administrator parsed it using an affected parser, it would have the effect of either causing Netmon to fail or causing code of the malicious user's choice to run on the machine." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q274835"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q274835i.EXE" PatchLocationID="125" SBID="57" SQNumber="Q274835" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="170"/>
						<FileChg FileChangeID="171"/>
						<FileChg FileChangeID="173"/>
						<FileChg FileChangeID="174"/>
						<FileChg FileChangeID="175"/>
						<FileChg FileChangeID="176"/>
						<FileChg FileChangeID="178"/>
						<FileChg FileChangeID="179"/>
						<FileChg FileChangeID="180"/>
						<FileChg FileChangeID="181"/>
						<FileChg FileChangeID="182"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="795"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q274835_W2K_SP2_x86_en.EXE" PatchLocationID="564" SBID="0" SQNumber="Q274835" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="490"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1157"/>
					</RegChgs>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q273476c.EXE" PatchLocationID="564" SBID="0" SQNumber="Q273476" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="81" FixedInSP="0">
						<AffectedServicePack ServicePackID="44"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q273476c.exe" PatchLocationID="564" SBID="0" SQNumber="Q273476" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="62" FixedInSP="0">
						<AffectedServicePack ServicePackID="45"/>
						<AffectedServicePack ServicePackID="46"/>
						<AffectedServicePack ServicePackID="47"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-084" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-084" Title="Indexing Services Cross Site Scripting Vulnerability" DatePosted="2000/11/02" DateRevised="2000/11/02" Supported="Yes" Summary="This update resolves the &quot;Indexing Services Cross Site Scripting&quot; vulnerability in Indexing Services for Windows 2000 and is discussed in Microsoft Security Bulletin MS00-084. Download now to prevent a malicious user from introducing code on your Web server and returning it as a Web page to a visiting browser. " Issue="The Cross-Site Scripting (CSS) vulnerability results when web applications don?t properly validate inputs before using them in dynamic web pages. If a malicious web site operator were able to lure a user to his site, and had identified a third-party web site that was vulnerable to CSS, he could potentially use the vulnerability to ?inject? script into a web page created by the other web site, which would then be delivered to the user. The net effect would be to cause the malicious user?s script to run on the user?s machine using the trust afforded the other site. The vulnerability can affect any software that runs on a web server, accepts user input, and uses it to generate web pages without sufficient validation. Microsoft has identified an Indexing Service component (CiWebHitsFile) that, when called from a specially crafted URL, is vulnerable to this scenario." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="q278499"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q278499_W2K_SP2_x86_en.EXE" PatchLocationID="122" SBID="30" SQNumber="Q278499" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="218"/>
					</FileChgs>
					<AffectedProduct ProductID="17" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="18" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1236"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-085" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-085" Title="ActiveX Parameter Validation Vulnerability " DatePosted="2000/11/02" DateRevised="2000/11/02" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability affecting customers using Microsoft Windows 2000. The vulnerability could allow enable a malicious user to potentially run code on another user?s machine. " Issue="An ActiveX control that ships as part of Windows 2000 contains an unchecked buffer. If the control was called from a web page or HTML mail using a specially-malformed parameter, it would be possible to cause code to execute on the machine via a buffer overrun. This could potentially enable a malicious user to take any desired action on the user's machine, limited only by the permissions of the user." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q278511"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q278511_W2K_SP2_x86_en.EXE" PatchLocationID="119" SBID="0" SQNumber="Q278511" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1145"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="219"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-086" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-086" Title="Web Server File Request Parsing Vulnerability" DatePosted="2000/11/06" DateRevised="2000/11/30" Supported="Yes" Summary="This update resolves the &quot;Web Server File Request Parsing&quot; security vulnerability in Internet Information Services (IIS) and is discussed in Microsoft Security Bulletin MS00-086. Download now to prevent a malicious user from modifying Web pages, adding, changing, or deleting files by sending malformed file requests. " Issue="The ability to execute operating system commands on the web server would enable a malicious user to take virtually any action that an interactively-logged on user could take.  He could, for instance, add, delete or change files on the server, run code that was already on the server, or upload code of his choice and run it." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q277873"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="arbexei.exe" PatchLocationID="337" SBID="9" SQNumber="Q277873" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="639"/>
						<FileChg FileChangeID="640"/>
						<FileChg FileChangeID="641"/>
						<FileChg FileChangeID="642"/>
						<FileChg FileChangeID="643"/>
						<FileChg FileChangeID="644"/>
						<FileChg FileChangeID="645"/>
						<FileChg FileChangeID="646"/>
						<FileChg FileChangeID="647"/>
						<FileChg FileChangeID="648"/>
						<FileChg FileChangeID="649"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1104"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q277873_W2K_SP2_x86_en.EXE" PatchLocationID="339" SBID="8" SQNumber="Q277873" NoReboot="0">
					<PatchComments/>
					<FileChgs>
						<FileChg FileChangeID="291"/>
						<FileChg FileChangeID="293"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1105"/>
					</RegChgs>
					<AffectedProduct ProductID="17" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-087" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-087.asp" Title="Terminal Server Login Buffer Overflow Vulnerability " DatePosted="2000/11/08" DateRevised="2000/11/08" Supported="Yes" Summary="" Issue="An unchecked buffer in the Terminal Server login prompt could allow a malicious user to cause the Terminal Server to execute arbitrary code. The ability to execute arbitrary code would enable the malicious user to add, change, or delete data, run code already on the server, or upload new code to the server and run it. The malicious user would not need to successfully login to the Terminal Server in order to initiate this attack. This vulnerability could be exploited remotely if connection requests are not filtered. By default, Terminal Server listens on tcp port 3389. This port should be blocked at the firewall and/or router if Terminal Server access from the Internet is not required" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q277910"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q277910i.exe" PatchLocationID="115" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="168"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-088" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-088.asp" Title="Exchange User Account Vulnerability" DatePosted="2000/11/16" DateRevised="2000/11/16" Supported="Yes" Summary="" Issue="If Exchange 2000 were installed on a Domain Controller, the account would also have Domain user privileges, and could thus gain access to other resources in the affected Domain." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q278523"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q278523ENGI.EXE" PatchLocationID="336" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="33" FixedInSP="0">
						<AffectedServicePack ServicePackID="43"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="281"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1158"/>
					</RegChgs>
					<AffectedProduct ProductID="34" FixedInSP="0">
						<AffectedServicePack ServicePackID="43"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-089" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-089.asp" Title="Domain Account Lockout Vulnerability" DatePosted="2000/11/21" DateRevised="2000/12/21" Supported="Yes" Summary="" Issue="A flaw in the way that NTLM authentication operates in Windows 2000 could allow a domain account lockout policy to be bypassed on a local Windows 2000 machine, even if the domain administrator had set such a policy. The ability of a malicious user to avoid the domain account lockout policy could increase the threat from a brute force password-guessing attack. This vulnerability only affects Windows 2000 machines that are members of non-Windows 2000 domains. In addition, the vulnerability only affects domain user accounts that have previously logged into the target machine and already have cached credentials established on that machine. If a domain account lockout policy is in place and an attacker attempts a brute force password-guessing attack, the domain user account will be locked out as expected at the domain controller. However, if the attacker is able find the correct password, the local Windows 2000 machine will log the attacker on using cached credentials in violation of the account lockout policy." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q274372"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q274372_w2k_sp2_x86_en.exe" PatchLocationID="112" SBID="0" SQNumber="Q274372" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="167"/>
						<FileChg FileChangeID="789"/>
						<FileChg FileChangeID="790"/>
						<FileChg FileChangeID="791"/>
						<FileChg FileChangeID="792"/>
						<FileChg FileChangeID="793"/>
						<FileChg FileChangeID="794"/>
						<FileChg FileChangeID="795"/>
						<FileChg FileChangeID="796"/>
						<FileChg FileChangeID="797"/>
						<FileChg FileChangeID="798"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1146"/>
					</RegChgs>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-090" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-090.asp" Title=".ASX Buffer Overrun and .WMS Script Execution Vulnerabilities " DatePosted="2000/11/22" DateRevised="2000/11/23" Supported="Yes" Summary="Microsoft has released a patch that eliminates two security vulnerabilities in Microsoft® Windows Media? Player. These vulnerabilities could potentially enable a malicious user to cause a program of his choice to run on another user?s computer. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q280419"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="wmsu34419.EXE" PatchLocationID="334" SBID="4" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="10"/>
					</PatchComments>
					<AffectedProduct ProductID="20" FixedInSP="0">
						<AffectedServicePack ServicePackID="94"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="487"/>
						<FileChg FileChangeID="488"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="wmsu33995.exe" PatchLocationID="335" SBID="3" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="11"/>
					</PatchComments>
					<AffectedProduct ProductID="79" FixedInSP="0">
						<AffectedServicePack ServicePackID="122"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="483"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-091" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-091" Title="Incomplete TCP/IP Packet Vulnerability " DatePosted="2000/11/30" DateRevised="2000/11/30" Supported="Yes" Summary="This update resolves the &quot;Incomplete TCP/IP Packet&quot; security vulnerability in Windows NT 4.0. If a malicious user sends a large number of specifically malformed data packets to a Windows NT 4.0 computer on a network that uses the NetBIOS over TCP/IP (NBT) protocol, the affected computer temporarily stops responding to all network requests. This occurs because Windows NT 4.0 cannot process these data packets correctly using the NBT protocol. In rare cases, an attack can cause the affected computer to remain unresponsive until it is rebooted. Download now to ensure your Windows NT 4.0 computer is able to process invalid TCP/IP packets correctly." Issue="There is a denial of service vulnerability that affects Windows NT 4.0 Windows 95, 98, 98 Second Edition and Windows Me. By sending a flood of specially malformed TCP/IP packets to a victim?s machine a malicious user could cause either of two effects. In the most likely case, the flood would temporarily prevent any networking resources on an affected computer from responding to client requests; as soon as the packets stopped arriving, the machine would resume normal operation. In a less likely case, the system could hang, and remain unresponsive until it was rebooted. This vulnerability could only be exploited if TCP port 139 was open on the target machine. If the server service or File/Print sharing were disabled on a computer it would not be susceptible to this vulnerability" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q275567"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q275567i.exe" PatchLocationID="109" SBID="57" SQNumber="Q275567" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="166"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="550"/>
					</RegChgs>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-092" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-092.asp" Title="Extended Stored Procedure Parameter Parsing Vulnerability" DatePosted="2000/12/01" DateRevised="2000/12/01" Supported="Yes" Summary="" Issue="This vulnerability would be most useful to a malicious user who had already compromised a web server and become a valid SQL Server user on the back-end server." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q280380"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="s70918i.exe" PatchLocationID="333" SBID="0" SQNumber="Q280380" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="29" FixedInSP="56">
						<AffectedServicePack ServicePackID="23"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="s80233i.exe" PatchLocationID="333" SBID="0" SQNumber="Q280380" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="30" FixedInSP="144">
						<AffectedServicePack ServicePackID="98"/>
					</AffectedProduct>
					<AffectedProduct ProductID="32" FixedInSP="151">
						<AffectedServicePack ServicePackID="99"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-093" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-093" Title="Browser Print Template and File Upload via Form Vulnerabilities " DatePosted="2000/12/01" DateRevised="2000/12/01" Supported="Yes" Summary="This update resolves the &quot;Browser Print Template,&quot; &quot;File Upload via Form,&quot; and &quot;Frame Domain Verification&quot; security vulnerabilities in Internet Explorer. Under certain conditions, a malicious Web site operator can use Print Templates or Web forms to run code or view files on a visiting user's computer. Download now to prevent a malicious Web site operator from reading files or taking other unauthorized action on your computer. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q279328"/>
				<QNumber QNumber="Q279329"/>
				<QNumber QNumber="Q279881"/>
				<QNumber QNumber="Q279330"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q279328.exe" PatchLocationID="332" SBID="49" SQNumber="Q279328" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="12"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="843"/>
						<FileChg FileChangeID="844"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1250"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q279328.exe" PatchLocationID="332" SBID="0" SQNumber="Q279328" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="80" FixedInSP="0">
						<AffectedServicePack ServicePackID="73"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="845"/>
						<FileChg FileChangeID="846"/>
						<FileChg FileChangeID="847"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1251"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q279328.Exe" PatchLocationID="332" SBID="0" SQNumber="Q279328" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="80" FixedInSP="85">
						<AffectedServicePack ServicePackID="13"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="830"/>
						<FileChg FileChangeID="832"/>
						<FileChg FileChangeID="833"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1248"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-094" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-094.asp" Title="Phone Book Service Buffer Overflow Vulnerability " DatePosted="2000/12/04" DateRevised="2000/12/04" Supported="Yes" Summary="" Issue="Due to an unchecked buffer in the Phone Book Service, a particular type of malformed URL could be used to execute arbitrary code on an IIS 4 or IIS 5 web server running the Phone Book Service. This would potentially enable a malicious user to gain privileges on the machine commensurate with those of the IUSR_machinename account (IIS 4) or the IWAM_machinename account (IIS 5). The IUSR account and the IWAM account are members of the Everyone group. In some instances, members of the Everyone group, including the accounts above, are able to execute operating system commands on the web server." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q276575"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q276575_W2K_SP2_x86_en.EXE" PatchLocationID="104" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<FileChgs>
						<FileChg FileChangeID="489"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1147"/>
					</RegChgs>
					<AffectedProduct ProductID="108" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="q276575i.exe" PatchLocationID="107" SBID="57" SQNumber="" NoReboot="0">
					<PatchComments/>
					<FileChgs>
						<FileChg FileChangeID="234"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1002"/>
					</RegChgs>
					<AffectedProduct ProductID="108" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-095" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-095.asp" Title="Registry Permissions Vulnerability " DatePosted="2000/12/06" DateRevised="2001/03/27" Supported="Yes" Summary="" Issue="Three registry keys have default permissions that are inappropriately loose. The keys, and the risk they pose, are as follows: The SNMP Parameters key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters, provides the SNMP community name and SNMP management station identifiers, if they exist. SNMP community strings may allow either read or read-write access to the SNMP service. If no read-write access strings exist, the user could only use this vulnerability to read information through SNMP that is normally available to local users. If read-write access strings do exist, a malicious user could use this vulnerability to make changes to any system using the same community string for read-write access. It is important to remember that SNMP v1.0 has no security by design, and any user who could monitor network traffic could also obtain the SNMP community strings. SNMP is not installed on Windows NT 4.0 machines by default. The RAS Administration key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAS, provides a way to install third-party RAS products that work with the Windows NT native RAS service. By changing one of the values in this key, it would be possible for a malicious user to specify code of her choice as a third-party management tool. The code would then run in the LocalSystem security context. Although it might be possible to make the needed registry changes remotely, the malicious user?s code would need to reside on the affected machine itself. RAS is not installed on Windows NT 4.0 machines by default.  The MTS Package Administration key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Transaction Server\Packages, includes information about which users are allowed to install and change MTS packages. By adding herself as an MTS manager, a malicious user could gain the ability to add, delete or change MTS packages. Although it might be possible in some cases to make the needed registry changes remotely, the malicious user would still need the ability to log onto the affected machine interactively in order to exercise her new privileges" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q265714"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q265714i.EXE" PatchLocationID="703" SBID="57" SQNumber="Q265714" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="163"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1014"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q265714i.exe" PatchLocationID="703" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="634"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1211"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-096" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-096" Title="SNMP Parameters Vulnerability " DatePosted="2000/12/06" DateRevised="2000/12/06" Supported="Yes" Summary="This update eliminates the &quot;SNMP Parameters&quot; vulnerability in Windows 2000. Download now to correct the permission values for SNMP registry keys. " Issue="This vulnerability is virtually identical to the SNMP Parameters vulnerability affecting Windows NT 4.0 systems and discussed in Microsoft Security Bulletin MS00-095. The SNMP Parameters key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters, provides the SNMP community name and SNMP management station identifiers, if they exist. SNMP community strings may allow either read or read-write access to the SNMP service. If no read-write access strings exist, the user could only use this vulnerability to read information through SNMP that is normally available to local users. If read-write access strings do exist, a malicious user could use this vulnerability to make changes to any system using the same community string for read-write access. It is important to remember that SNMP v1.0 has no security by design, and any user who could monitor network traffic could also obtain the SNMP community strings. SNMP is not installed on Windows NT 4.0 machines by default. It should be noted that the information revealed by this vulnerability is normally transmitted in plaintext across SNMP-managed networks. As a result, even in the absence of incorrect registry permissions, a malicious user could carry out the same attack if she could monitor network communication" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q266794"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q266794_W2K_SP2_x86_en.EXE" PatchLocationID="96" SBID="0" SQNumber="Q266794" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="162"/>
						<FileChg FileChangeID="780"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1148"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-097" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-097.asp" Title="Severed Windows Media Server Connection Vulnerability" DatePosted="2000/12/15" DateRevised="2000/12/15" Supported="Yes" Summary="" Issue="By repeatedly making and then severing connections in this manner, a malicious user could exhaust the resources on a server, thereby preventing it from providing streaming media services." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q281256"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="WMSU35924.EXE" PatchLocationID="331" SBID="0" SQNumber="Q281256" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="15" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="14" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-098" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-098" Title="Indexing Service File Enumeration Vulnerability" DatePosted="2000/12/19" DateRevised="2000/12/19" Supported="Yes" Summary="This update resolves the &quot;Indexing Service File Enumeration&quot; vulnerability in Indexing Service 3.0 and is discussed in Microsoft Security Bulletin MS00-098. Download now to prevent a malicious Web site operator from gathering information about your files and folders." Issue="An ActiveX control that ships as part of Indexing Service is incorrectly marked as safe for scripting, thereby enabling it to be executed by web site applications. The control at issue here could be used to enumerate files and folders, and to view their properties. It would not be necessary for Indexing Service to be running in order for the vulnerability to be exploited; however, if it were running, the control also could be used to search for files containing specific words. The vulnerability could not be used to read files, except via a fairly unlikely scenario discussed in detail in the FAQ. It could not be used under any conditions to change, add or delete information on the user?s computer." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q280838"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q280838_W2K_SP2_x86_en.EXE" PatchLocationID="93" SBID="0" SQNumber="Q280838" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="156"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1149"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-099" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-099.asp" Title="Directory Service Restore Mode Password Vulnerability" DatePosted="2000/12/20" DateRevised="2001/01/31" Supported="Yes" Summary="" Issue="If the Configure Your Server tool was used when the machine was originally promoted to domain controller, that password would be blank. This could enable a malicious user to log onto the machine in Directory Service Restore Mode. Once logged on, the malicious user could alter system components or install bogus ones that would execute when a bona fide administrator subsequently logged onto the machine. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q271641"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q271641_W2K_SP2_x86_en.EXE" PatchLocationID="329" SBID="0" SQNumber="Q271641" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="265"/>
						<FileChg FileChangeID="266"/>
						<FileChg FileChangeID="267"/>
						<FileChg FileChangeID="268"/>
						<FileChg FileChangeID="269"/>
						<FileChg FileChangeID="270"/>
						<FileChg FileChangeID="272"/>
						<FileChg FileChangeID="273"/>
						<FileChg FileChangeID="274"/>
						<FileChg FileChangeID="275"/>
						<FileChg FileChangeID="276"/>
						<FileChg FileChangeID="277"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1103"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-100" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-100" Title="Malformed Web Form Submission Vulnerability" DatePosted="2000/12/22" DateRevised="2000/12/22" Supported="Yes" Summary="This update resolves the &quot;Malformed Web Form Submission&quot; security vulnerability in FrontPage Server Extensions (FPSE) that ship as part of Internet Information Services (IIS) and is discussed in Microsoft Security Bulletin MS00-100. Download now to prevent a malicious user from disrupting the operation of your Web server." Issue="The FrontPage Server Extensions (FPSE) ship with and are installed by default as part of IIS 4.0 and 5.0. The most familiar FPSE functions allow web site and content management; however, FPSE also provides browse-time support functions. Among the functions included in the latter category are ones that help process web forms that have been submitted by a user. A vulnerability exists in one of these functions. If a malicious user levied a specially-malformed form submission to an affected server, it would cause the IIS service to fail. The vulnerability does not provide the opportunity to misuse any of the FPSE administrative or content management functions." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q280322"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q280322_W2K_SP2_x86_en.EXE" PatchLocationID="325" SBID="8" SQNumber="Q280322" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="638"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1150"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q280322i.EXE" PatchLocationID="327" SBID="9" SQNumber="Q280322" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="637"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1102"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-001" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-001" Title="Web Client Will Perform NTLM Authentication Regardless of Security Settings" DatePosted="2001/01/11" DateRevised="2001/01/15" Supported="Yes" Summary="This update resolves the &quot;Web Client NTLM Authentication&quot; security vulnerability in Windows 2000 and Office 2000 and is discussed in Microsoft Security Bulletin MS01-001. Download now to ensure that your Web Extender Client (WEC) components are set to the recommended Internet Explorer security levels, to prevent a malicious Web site operator from capturing your logon credentials. " Issue="The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and publish files via web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user?s web site ? either by browsing to the site or by opening an HTML mail that initiated a session with it an application on the site could capture the user?s NTLM credentials. The malicious user could then use an offline brute force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources. The vulnerability would only provide the malicious user with the cryptographically protected NTLM authentication credentials of another user. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments>
				<BulletinComment CommentID="51"/>
			</BulletinComments>
			<QNumbers>
				<QNumber QNumber="Q282132"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="282132usam.exe" PatchLocationID="230" SBID="0" SQNumber="Q282132" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q282132_W2K_SP2_x86_en" PatchLocationID="296" SBID="0" SQNumber="Q282132" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="2"/>
					</PatchComments>
					<FileChgs>
						<FileChg FileChangeID="785"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1090"/>
					</RegChgs>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="fpwec" PatchLocationID="297" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="3"/>
					</PatchComments>
					<AffectedProduct ProductID="42" FixedInSP="0">
						<AffectedServicePack ServicePackID="11"/>
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="143"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-002" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-002" Title="PowerPoint 2000 File Parser Contains Unchecked Buffer" DatePosted="2001/01/22" DateRevised="2001/01/25" Supported="Yes" Summary="The Microsoft PowerPoint 2000 SR-1 Extended Parsing Vulnerability Update protects you from a vulnerability in PowerPoint that could allow arbitrary code to be executed on your computer. Malicious hackers could lure users into opening a PowerPoint file that causes undesired and possibly damaging effects on a user's hard disk drive. This update replaces the Powerpoint.exe file and prevents unauthorized code from being executed." Issue="If an attacker inserted specially chosen data into a PowerPoint file and could entice another user into opening the file on his machine, the data would overrun the buffer, causing either of two effects." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q285978"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="ppt2ksec.exe" PatchLocationID="323" SBID="0" SQNumber="Q285978" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="13" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
						<AffectedServicePack ServicePackID="143"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-003" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-003" Title="Weak Permissions on Winsock Mutex Can Allow Service Failure" DatePosted="2001/01/24" DateRevised="2001/01/24" Supported="Yes" Summary="This update resolves the &quot;Winsock Mutex&quot; security vulnerability in Windows NT 4.0, and is discussed in Microsoft Security Bulletin MS01-003. Download now to prevent a malicious user from running a special program to disable your network functionality." Issue="This could enable an attacker who had the ability to run code on a local machine to monopolize the mutex, thereby preventing any other processes from using the resource that it controlled. This would have the effect of preventing the machine from participating in the network. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q279336"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q279336i.EXE" PatchLocationID="320" SBID="57" SQNumber="Q279336" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="262"/>
						<FileChg FileChangeID="263"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1100"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q279336i.exe" PatchLocationID="322" SBID="0" SQNumber="Q279336" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="497"/>
						<FileChg FileChangeID="498"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1160"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-004" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-004" Title="Malformed .HTR Request Allows Reading of File Fragments" DatePosted="2001/01/29" DateRevised="2001/01/29" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in the Microsoft Internet Information Service. The vulnerability could allow enable an attacker, under very unusual conditions, to read fragments of files from a web server. " Issue="This one could enable an attacker to request a file in a way that would cause it to be processed by the .HTR ISAPI extension. The result of doing this is that fragments of server-side files like .ASP files could potentially be sent to the attacker." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q285985"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="frgvuli.exe" PatchLocationID="313" SBID="9" SQNumber="Q285985" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="7"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="259"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1097"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q285985_W2K_SP3_x86_en.EXE" PatchLocationID="315" SBID="8" SQNumber="Q285985" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="3">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="480"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1156"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-005" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-005" Title="Packaging Anomaly Could Cause Hotfixes to be Removed" DatePosted="2001/01/30" DateRevised="2001/01/30" Supported="Yes" Summary="Microsoft has released a tool and patch that allow customers to diagnose and eliminate the effects of anomalies in the packaging of hotfixes for English language versions of Microsoft Windows 2000. Under certain circumstances, these anomalies could cause the removal of some hotfixes, which could include some security patches, from a Windows 2000 system. " Issue="Microsoft packages all Windows 2000 hotfixes (including security patches) with a catalog file that lists all of the valid hotfixes that have been issued to date. The catalog is digitally signed to ensure its integrity, and Windows File Protection uses the signed catalog to determine which hotfixes are valid. An error in the production of the catalog files for English language Windows 2000 Post Service Pack 1 hotfixes made available through December 18, 2000 could, under very unlikely circumstances, cause Windows File Protection to remove a valid hotfix from a system. The removal of a hotfix could cause a customer?s system to revert to a version of a Windows 2000 module that contained a security vulnerability. Windows File Protection will only remove valid hotfixes from a Windows 2000 system under a very restrictive set of circumstances" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q281767"/>
				<QNumber QNumber="Q282784"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q281767_W2K_SP2_x86_en.EXE" PatchLocationID="285" SBID="0" SQNumber="Q281767" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1151"/>
					</RegChgs>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q285083_W2K_SP2_x86_en.EXE" PatchLocationID="302" SBID="0" SQNumber="Q285083" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="4"/>
					</PatchComments>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1091"/>
					</RegChgs>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-006" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-006" Title="Invalid RDP Data Can Cause Terminal Server Failure" DatePosted="2001/01/31" DateRevised="2001/01/31" Supported="Yes" Summary="This update resolves the &quot;Invalid RDP Data&quot; security vulnerability in Windows 2000 terminal servers, and is discussed in Microsoft Security Bulletin MS01-006. Download now to prevent a malicious user from sending a specific series of data packets to your server, causing it to fail." Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q286132"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q286132_W2K_SP2_x86_en.EXE" PatchLocationID="305" SBID="0" SQNumber="Q286132" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="786"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1093"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-007" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-007" Title="Network DDE Agent Requests Can Enable Code to Run in System Context" DatePosted="2001/02/05" DateRevised="2001/02/09" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows 2000. The vulnerability could, under certain conditions, allow an attacker to gain complete control over an affected machine. " Issue="A vulnerability exists because, in Windows 2000, the Network DDE Agent runs using the Local System security context and processes all requests using this context, rather than that of the user. This would give an attacker an opportunity to cause the Network DDE Agent to run code of her choice in Local System context, as a means of gaining complete control over the local machine. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q285851"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q285851_W2K_SP3_x86_en.EXE" PatchLocationID="310" SBID="0" SQNumber="Q285851" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="3">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="3">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="3">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="3">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1095"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="891"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-008" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-008" Title="Malformed NTLMSSP Request Can Enable Code to Run with System Privileges" DatePosted="2001/02/07" DateRevised="2001/02/07" Supported="Yes" Summary="This update resolves the &quot;NTLMSSP Privilege Elevation&quot; security vulnerability present in Windows NT 4.0, and is discussed in Microsoft Security Bulletin MS01-008. Download now to prevent a malicious user from gaining administrative access to your computer." Issue="A flaw in the NTLM Security Support Provider (NTLMSSP) service could potentially allow a non-administrative user to gain administrative control over the system. In order to perform this attack the user would need a valid login account and the ability to execute arbitrary code on the system. 
This vulnerability could only be exploited by an attacker who could log onto the affected machine interactively. However, best practices strongly suggest that unprivileged users not be allowed to interactively log onto business-critical servers like domain controllers, ERP servers, print and file servers, database servers, and others. If this recommendation has been followed, machines such as these would not be at risk from this vulnerability and, as a result, the machines most likely to be affected would be workstations and terminal servers." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments>
				<BulletinComment CommentID="5"/>
			</BulletinComments>
			<QNumbers>
				<QNumber QNumber="Q280119"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q280119i.EXE" PatchLocationID="289" SBID="57" SQNumber="Q280119" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1181"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q280119i.exe" PatchLocationID="309" SBID="0" SQNumber="Q280119" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="256"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1182"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-009" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-009" Title="Image Source Redirect Vulnerability" DatePosted="2000/02/16" DateRevised="2000/02/16" Supported="Yes" Summary="Installing this security update will eliminate the &quot;Image Source Redirect&quot; vulnerability found in Internet Explorer. Without this update, a malicious Web site operator could read (but not add, change, or delete) certain types of files on your computer. " Issue="When a web server navigates a window from one domain into another one, the IE security model checks the server's permissions on the new page. However, it is possible for a web server to open a browser window to a client-local file, then navigate the window to a page that is in the web site's domain in such a way that the data in the client-local file is accessible to the new window. The data would only be accessible to the new window for a very brief period, but the result is that it could be possible for a malicious web site operator to view files on the computer of a visiting user." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q251109"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q251109.exe" PatchLocationID="590" SBID="0" SQNumber="Q251109" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="q251109.exe" PatchLocationID="590" SBID="0" SQNumber="Q251109" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="52" FixedInSP="12">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="881"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1261"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-009" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-009" Title="Malformed PPTP Packet Stream Can Cause Kernel Exhaustion" DatePosted="2001/02/13" DateRevised="2001/02/20" Supported="Yes" Summary="This update resolves the &quot;Malformed PPTP Packet Stream&quot; security vulnerability in Windows NT 4.0, and is discussed in Microsoft Security Bulletin MS01-009. Download now to prevent a malicious user from causing your server to stop responding or fail. " Issue="The PPTP service in Windows NT 4.0 has a flaw in a part of the code that handles a particular type of data packet, which results in a leak of kernel memory resulting in a denial of service vulnerability." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q283001"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q283001i.exe" PatchLocationID="318" SBID="57" SQNumber="Q283001" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="261"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1099"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-010" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-010" Title="Windows Media Player Skins Files Can Enable Java Code to Execute" DatePosted="2001/02/14" DateRevised="2001/02/14" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows Media Player 7. This vulnerability could potentially enable a malicious user to cause a program of his choice to run on another user?s computer. " Issue="If a Windows Media Player skin (.WMZ) file were downloaded from a malicious web site, it could potentially cause the deployment of zipped Java code to a known location on the visiting user?s machine. Since the Java code would reside in a known location on the machine, script hosted on a hostile web site or embedded in a hostile HTML mail message could potentially invoke the script in the local computer security zone to take arbitrary action on the user?s machine." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q287045"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="wmsu38041" PatchLocationID="293" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<FileChgs>
						<FileChg FileChangeID="250"/>
					</FileChgs>
					<AffectedProduct ProductID="20" FixedInSP="0">
						<AffectedServicePack ServicePackID="94"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-011" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-011" Title="Malformed Request to Domain Controller Can Cause CPU Exhaustion" DatePosted="2001/02/20" DateRevised="2001/02/20" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows 2000. By sending a continuous stream of specially malformed packets to a domain controller, an attacker could consume most or all of the machine?s resources, potentially preventing it from authenticating users. " Issue="A core service running on all Windows 2000 domain controllers (but not on any other machines) contains a flaw affecting how it processes a certain type of invalid service request. Specifically, the service should handle the request at issue here by determining that it is invalid and simply dropping it; in fact, the service performs some resource-intensive processing and then sends a response. 
If an attacker sent a continuous stream of such requests to an affected machine, it could consume most or all of the machine?s CPU availability. This could cause the domain controller to process requests for service slowly or not at all, and could limit the number of new logons the machine could process and the number of Kerberos tickets that could be issued. 
" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q287397"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q299687_W2K_SP3_x86_en.EXE" PatchLocationID="770" SBID="42" SQNumber="Q299687" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="2"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="2"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="2"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="817"/>
						<FileChg FileChangeID="818"/>
						<FileChg FileChangeID="819"/>
						<FileChg FileChangeID="820"/>
						<FileChg FileChangeID="821"/>
						<FileChg FileChangeID="822"/>
						<FileChg FileChangeID="823"/>
						<FileChg FileChangeID="825"/>
						<FileChg FileChangeID="826"/>
						<FileChg FileChangeID="827"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1243"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-075" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-075" Title="Microsoft VM ActiveX Component Vulnerability" DatePosted="2000/10/12" DateRevised="2001/01/26" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in Microsoft virtual machine (Microsoft VM). If a malicious web site operator were able to coax a user into visiting his site, the vulnerability could allow him to take any desired action on a visiting user?s machine. " Issue="If a user visited a malicious web site that exploited this vulnerability, a Java applet on one of the web pages could run any desired ActiveX control, even ones that are marked as unsafe for scripting. This would enable the malicious web site operator to take any desired action on the user?s machine." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q275609"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="msjavx86.exe" PatchLocationID="342" SBID="35" SQNumber="Q275609" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="12"/>
					</PatchComments>
					<AffectedProduct ProductID="36" FixedInSP="0">
						<AffectedServicePack ServicePackID="100"/>
					</AffectedProduct>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
					</AffectedProduct>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q287030_W2K_SP2_x86_en.EXE" PatchLocationID="359" SBID="32" SQNumber="Q287030" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="13"/>
					</PatchComments>
					<AffectedProduct ProductID="36" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-071" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-071.asp" Title="Word Mail Merge Vulnerability " DatePosted="2000/10/05" DateRevised="2000/10/05" Supported="Yes" Summary="" Issue="If an Access database is specified as a data source via DDE in a Word mail merge document, macro code can run without the user's approval when the user opens that document. 
If a user could be enticed into opening a specially constructed mail merge Word document, which was provided either as an e-mail attachment or as a link hosted on a hostile web site, it would be possible to cause arbitrary code to run on the user's machine." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q274226 (Word 2000)"/>
				<QNumber QNumber="Q272749 (Word 97)"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="wrdacc.exe" PatchLocationID="368" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="15"/>
					</PatchComments>
					<AffectedProduct ProductID="38" FixedInSP="0">
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="wdac97.exe" PatchLocationID="369" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="16"/>
					</PatchComments>
					<AffectedProduct ProductID="39" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-044" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-044" Title="Absent Directory Browser Argument Vulnerability" DatePosted="2000/07/14" DateRevised="2001/01/20" Supported="Yes" Summary="This update resolves two security vulnerabilities in Internet Information Services (IIS), the &quot;Absent Directory Browser Argument&quot; vulnerability and the &quot;File Fragment Reading via .HTR&quot; vulnerability. Install this update to prevent a malicious user from exploiting these vulnerabilities to slow performance on an affected Web server or, under very specific conditions, obtain the source code of certain types of files on a Web server. " Issue="The vulnerabilities could allow a malicious user to stop the web server from providing useful service, or to extract certain types of information from it." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q267559"/>
				<QNumber QNumber="Q267560"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="htrdos4i.exe" PatchLocationID="576" SBID="20" SQNumber="Q267559" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="34"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="514"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1164"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q267559_W2K_SP2_x86_en.EXE" PatchLocationID="578" SBID="16" SQNumber="Q267559" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="34"/>
					</PatchComments>
					<AffectedProduct ProductID="17" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="515"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1165"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-045" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-045" Title="Persistent Mail-Browser Link Vulnerability" DatePosted="2000/07/20" DateRevised="2000/07/20" Supported="Yes" Summary="This update resolves the &quot;Persistent Mail Browser Link,&quot; &quot;Cache Bypass,&quot; and &quot;Malformed E-mail Header&quot; security vulnerabilities in Outlook Express. Download now to prevent a malicious user from reading e-mails and files on your computer, or using your computer to send damaging e-mails to others. These vulnerabilities do not give a malicious user the ability to add, change, or delete files on your computer.  " Issue="This could allow the browser window to retrieve the text of mails subsequently displayed in the preview pane, and relay it to the malicious user." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q261255"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q261255.exe" PatchLocationID="574" SBID="0" SQNumber="Q261255" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="32"/>
					</PatchComments>
					<AffectedProduct ProductID="52" FixedInSP="0">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<AffectedProduct ProductID="82" FixedInSP="0">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="507"/>
						<FileChg FileChangeID="508"/>
						<FileChg FileChangeID="509"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="Q261255.exe" PatchLocationID="574" SBID="0" SQNumber="Q261255" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="33"/>
					</PatchComments>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
					<AffectedProduct ProductID="83" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="510"/>
						<FileChg FileChangeID="511"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-046" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-046" Title="Cache Bypass Vulnerability " DatePosted="2000/07/20" DateRevised="2000/07/20" Supported="Yes" Summary="This update resolves the &quot;Persistent Mail Browser Link,&quot; &quot;Cache Bypass,&quot; and &quot;Malformed E-mail Header&quot; security vulnerabilities in Outlook Express. Download now to prevent a malicious user from reading e-mails and files on your computer, or using your computer to send damaging e-mails to others. These vulnerabilities do not give a malicious user the ability to add, change, or delete files on your computer.  " Issue="If an HTML mail created an HTML file outside the cache, it would run in the Local Computer Zone when opened. This could allow it to open a file on the user's computer and send it a malicious user's web site. The vulnerability also could be used as a way of placing an executable file on the user's machine, which the malicious user would then seek to launch via some other means." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q247638"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q261255.exe" PatchLocationID="574" SBID="0" SQNumber="Q261255" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="32"/>
					</PatchComments>
					<AffectedProduct ProductID="52" FixedInSP="0">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<AffectedProduct ProductID="82" FixedInSP="0">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="507"/>
						<FileChg FileChangeID="508"/>
						<FileChg FileChangeID="509"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="Q261255.exe" PatchLocationID="574" SBID="0" SQNumber="Q261255" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="33"/>
					</PatchComments>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
					<AffectedProduct ProductID="83" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="510"/>
						<FileChg FileChangeID="511"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-048" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-048.asp" Title="Stored Procedure Permissions Vulnerability" DatePosted="2000/07/07" DateRevised="2000/07/07" Supported="Yes" Summary="" Issue="Execute permission checks on stored procedures may be bypassed when a stored procedure is referenced from a temporary stored procedure. This omission would allow a malicious user to run a stored procedure that, by design, he should not be able to access." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q266766"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="s70918i.exe" PatchLocationID="399" SBID="0" SQNumber="Q266766" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="29" FixedInSP="56">
						<AffectedServicePack ServicePackID="15"/>
						<AffectedServicePack ServicePackID="23"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="368"/>
						<FileChg FileChangeID="369"/>
						<FileChg FileChangeID="370"/>
					</FileChgs>
					<AffectedProduct ProductID="31" FixedInSP="56">
						<AffectedServicePack ServicePackID="15"/>
						<AffectedServicePack ServicePackID="23"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-051" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-051.asp" Title="Excel REGISTER.ID Function Vulnerability" DatePosted="2000/07/26" DateRevised="2000/07/26" Supported="Yes" Summary="" Issue="A vulnerability has been discovered in REGISTER.ID, a worksheet function. When REGISTER.ID is invoked from an Excel worksheet, it can reference any DLL on the system. If the referenced DLL contains malicious code, harmful effects can occur. By design, there is no warning given to the user when REGISTER.ID calls a DLL from a worksheet." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q269252 (Excel 2000)"/>
				<QNumber QNumber="Q269263 (Excel 97)"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="xl9p3pkg.exe" PatchLocationID="391" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="19"/>
					</PatchComments>
					<AffectedProduct ProductID="44" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
					<AffectedProduct ProductID="42" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="xl8p10pkg.exe" PatchLocationID="392" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="20"/>
					</PatchComments>
					<AffectedProduct ProductID="45" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
					<AffectedProduct ProductID="70" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-054" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-054.asp" Title="Malformed IPX Ping Packet Vulnerability" DatePosted="2000/08/03" DateRevised="2000/08/03" Supported="Yes" Summary="" Issue="A malicious user could launch an attack by broadcasting a single ping request - each affected machine that received the ping would respond to it, potentially resulting in a broadcast storm. In a large network, this could temporarily swamp the network's bandwidth. In addition, upon seeing its own response, each affected machine would attempt to process it, triggering a scenario that would culminate in the machine's failure." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q265334"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="265334US5.EXE" PatchLocationID="389" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="18"/>
					</PatchComments>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="265334USA8.EXE" PatchLocationID="390" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="1"/>
					</PatchComments>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-056" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-056.asp" Title="Microsoft Office HTML Object Tag Vulnerability" DatePosted="2000/08/09" DateRevised="2000/08/10" Supported="Yes" Summary="" Issue="Microsoft Office 2000 applications are capable of reading HTML files saved as Office documents. A malformed data object tag embedded in one of these documents could cause the Office application to crash and allow arbitrary code to be executed." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q269880"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Of9data.exe" PatchLocationID="387" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="42" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
					<AffectedProduct ProductID="13" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
					<AffectedProduct ProductID="38" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
					<AffectedProduct ProductID="44" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-058" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-058" Title="Specialized Header Vulnerability" DatePosted="2000/08/14" DateRevised="2000/08/14" Supported="Yes" Summary="This update resolves the &quot;Specialized Header&quot; vulnerability in Internet Information Services (IIS) 5.0, which ships with Windows 2000. Download now to prevent a malicious user from exploiting this vulnerability and causing your Web server to send the source code of .asp or .htr files to a visiting browser. " Issue="If an IIS server receives a file request that contains a specialized header as well as one of several particular characters at the end, the expected ISAPI extension processing may not occur. The result is that the source code of the file would be sent to the browser." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q256888"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q256888_W2K_SP1_x86_en.EXE" PatchLocationID="381" SBID="12" SQNumber="Q256888" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="350"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1117"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-061" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-061.asp" Title="Money Password Vulnerability" DatePosted="2000/08/25" DateRevised="2000/08/25" Supported="Yes" Summary="" Issue="Microsoft Money provides a password protection feature that prevents unauthorized access to your Money file. However, due to the way the password is currently handled, the password may be written in plaintext under certain conditions. 
The vulnerability only affects Money data stored on the user's local computer - it does not affect the security of Money's online services in any way." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q272232"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Update Internet Information" PatchLocationID="374" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="17"/>
					</PatchComments>
					<AffectedProduct ProductID="41" FixedInSP="0">
						<AffectedServicePack ServicePackID="103"/>
					</AffectedProduct>
					<AffectedProduct ProductID="40" FixedInSP="0">
						<AffectedServicePack ServicePackID="102"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-042" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-042" Title="Active Setup Download Vulnerability" DatePosted="2000/06/29" DateRevised="2000/08/09" Supported="Yes" Summary="This update resolves the &quot;Active Setup Download&quot; security vulnerability in an ActiveX control that ships as part of Internet Explorer. Download now to prevent a malicious Web site operator from overwriting files on your computer.  " Issue="The flaws in downloading .cab file would allow a malicious web site operator to download a Microsoft-signed .cab file as a means of overwriting a file on the user's machine. By overwriting system files, this could allow the malicious user to render the machine unusable." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q265258"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q269368.Exe" PatchLocationID="588" SBID="50" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="80" FixedInSP="0">
						<AffectedServicePack ServicePackID="73"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="q265258.exe" PatchLocationID="589" SBID="0" SQNumber="Q265258" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q265258.exe" PatchLocationID="589" SBID="0" SQNumber="Q265258" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="851"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1253"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q265258.Exe" PatchLocationID="589" SBID="0" SQNumber="Q265258" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="12"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="850"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1252"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-043" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-043" Title="Malformed E-mail Header Vulnerability" DatePosted="2000/07/18" DateRevised="2000/07/23" Supported="Yes" Summary="This update resolves the &quot;Persistent Mail Browser Link,&quot; &quot;Cache Bypass,&quot; and &quot;Malformed E-mail Header&quot; security vulnerabilities in Outlook Express. Download now to prevent a malicious user from reading e-mails and files on your computer, or using your computer to send damaging e-mails to others. These vulnerabilities do not give a malicious user the ability to add, change, or delete files on your computer.  " Issue="Under certain conditions, the vulnerability could allow a malicious user to cause code of his choice to execute on another user's computer." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q267884"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q261255.exe" PatchLocationID="574" SBID="0" SQNumber="Q261255" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="32"/>
					</PatchComments>
					<AffectedProduct ProductID="52" FixedInSP="0">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<AffectedProduct ProductID="82" FixedInSP="0">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="507"/>
						<FileChg FileChangeID="508"/>
						<FileChg FileChangeID="509"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="Q261255.exe" PatchLocationID="574" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="33"/>
					</PatchComments>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
					<AffectedProduct ProductID="83" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="510"/>
						<FileChg FileChangeID="511"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-064" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-064.asp" Title="Unicast Service Race Condition Vulnerability " DatePosted="2000/09/06" DateRevised="2000/09/06" Supported="Yes" Summary="" Issue="If a client sends a particular type of malformed request to a Windows Media server, it could induce a race condition. Once the server has been put into such a state, subsequent requests - even ones that would normally be legitimate - could cause the Windows Media Unicast Service to fail. If this happened, any ongoing sessions would be lost, and the server would stop providing unicast streaming media services." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q273014"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="WMSU27678.EXE" PatchLocationID="371" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="14" FixedInSP="0">
						<AffectedServicePack ServicePackID="90"/>
					</AffectedProduct>
					<AffectedProduct ProductID="15" FixedInSP="0">
						<AffectedServicePack ServicePackID="91"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-033" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-033.asp" Title="Frame Domain Verification, Unauthorized Cookie Access, and Malformed Component Attribute Vulnerabilities" DatePosted="2000/05/17" DateRevised="2000/08/09" Supported="Yes" Summary="" Issue="The &quot;Frame Domain Verification&quot; vulnerability, which could allow a malicious web site operator to read, but not change or add, files on the computer of a visiting user. 
The &quot;Unauthorized Cookie Access&quot; vulnerability, which could allow a malicious web site operator to access &quot;cookies&quot; belonging to a visiting user. 
The &quot;Malformed Component Attribute&quot; vulnerability, which could allow a malicious web site operator to run code of his choice on the computer of a visiting user." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q262509"/>
				<QNumber QNumber="Q251108"/>
				<QNumber QNumber="Q255676"/>
				<QNumber QNumber="Q258430"/>
				<QNumber QNumber="Q261257"/>
				<QNumber QNumber="Q247333"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q269368.exe" PatchLocationID="588" SBID="55" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q269368.exe" PatchLocationID="588" SBID="54" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="854"/>
						<FileChg FileChangeID="855"/>
						<FileChg FileChangeID="856"/>
						<FileChg FileChangeID="857"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1255"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-039" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-039.asp" Title="SSL Certificate Validation Vulnerabilities" DatePosted="2000/06/05" DateRevised="2000/08/09" Supported="Yes" Summary="" Issue="The vulnerabilities involve how IE handles digital certificates; under a very daunting set of circumstances, they could allow a malicious web site operator to pose as a trusted web site." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q254902"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q269368.exe" PatchLocationID="588" SBID="55" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q269368.exe" PatchLocationID="588" SBID="54" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="854"/>
						<FileChg FileChangeID="855"/>
						<FileChg FileChangeID="856"/>
						<FileChg FileChangeID="857"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1255"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-041" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-041.asp" Title="DTS Password Vulnerability" DatePosted="2000/06/13" DateRevised="2000/07/11" Supported="Yes" Summary="" Issue="Data Transformation Service (DTS) packages in SQL Server 7.0 allow database administrators to create a package that will perform a particular database action at regular intervals. As part of the creation of a DTS package, the administrator provides the account name and password under which the action should be taken. However, the password can be retrieved by programmatically interrogating the package's Properties dialogue." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q264880"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="s70918i.exe" PatchLocationID="399" SBID="0" SQNumber="Q264880" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="29" FixedInSP="56">
						<AffectedServicePack ServicePackID="15"/>
						<AffectedServicePack ServicePackID="23"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="381"/>
						<FileChg FileChangeID="382"/>
						<FileChg FileChangeID="383"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-049" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-049.asp" Title="Office HTML Script and IE Script Vulnerabilities" DatePosted="2000/07/13" DateRevised="2000/08/09" Supported="Yes" Summary="" Issue="A malicious web site operator to cause code of his choice to run on the computer of a visiting user." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q268365 (Excel 2000)"/>
				<QNumber QNumber="Q268457 (PowerPoint 2000)"/>
				<QNumber QNumber="Q268477 (PowerPoint 97)"/>
				<QNumber QNumber="Q269368 (IE Script)"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Addinsec.exe" PatchLocationID="393" SBID="0" SQNumber="Q268365" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="21"/>
					</PatchComments>
					<AffectedProduct ProductID="44" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
					<AffectedProduct ProductID="13" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
					<AffectedProduct ProductID="42" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="ppt97sec.EXE" PatchLocationID="394" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="22"/>
					</PatchComments>
					<AffectedProduct ProductID="46" FixedInSP="0">
						<AffectedServicePack ServicePackID="142"/>
					</AffectedProduct>
					<AffectedProduct ProductID="70" FixedInSP="0">
						<AffectedServicePack ServicePackID="61"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="q269368.exe" PatchLocationID="588" SBID="55" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q269368.exe" PatchLocationID="588" SBID="54" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="854"/>
						<FileChg FileChangeID="855"/>
						<FileChg FileChangeID="856"/>
						<FileChg FileChangeID="857"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1255"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q269368.Exe" PatchLocationID="588" SBID="52" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="12"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="852"/>
						<FileChg FileChangeID="853"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1254"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q269368.Exe" PatchLocationID="588" SBID="53" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="80" FixedInSP="13">
						<AffectedServicePack ServicePackID="73"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="858"/>
						<FileChg FileChangeID="859"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1256"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-050" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-050" Title="Telnet Server Flooding Vulnerability " DatePosted="2000/07/24" DateRevised="2000/07/24" Supported="Yes" Summary="This update resolves the &quot;Telnet Server Flooding&quot; security vulnerability in Microsoft Windows 2000. Download now to prevent a malicious user from sending invalid input information to your Telnet Server. " Issue="The denial of service can occur when a malicious client sends a particular malformed string to the server through the Telnet service provided as part of Windows 2000 products." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments>
				<BulletinComment CommentID="1"/>
			</BulletinComments>
			<QNumbers>
				<QNumber QNumber="Q267843"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q267843_w2k_sp2_x86_en.exe" PatchLocationID="162" SBID="33" SQNumber="Q267843" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="205"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1161"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-055" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-055.asp" Title="Scriptlet Rendering Vulnerability" DatePosted="2000/08/09" DateRevised="2000/08/09" Supported="Yes" Summary="" Issue="The Scriptlet Rendering vulnerability: the ActiveX control that is used to invoked scriptlets is essentially a rendering engine for HTML. This opens the door to a scenario in which a malicious web site operator could provide bogus information consisting of script, solely for the purpose of introducing it into an IE system file with a known name, then use the Scriptlet control to render the file. The net effect would be to make the script run in the Local Computer Zone, at which point it could access files on the user?s local file system. 
A new variant of the Frame Domain Verification vulnerability: two functions do not enforce proper separation of frames in the same window that reside in different domains. The new variant involves an additional function with the same flaw. The net effect of the vulnerability would be to enable a malicious web site operator to open two frames, one in his domain and another on the user?s local file system, and enable the latter to pass information to the former." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q269368"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q269368.exe" PatchLocationID="588" SBID="0" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q269368.exe" PatchLocationID="588" SBID="0" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="854"/>
						<FileChg FileChangeID="855"/>
						<FileChg FileChangeID="856"/>
						<FileChg FileChangeID="857"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1255"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q269368.Exe" PatchLocationID="588" SBID="0" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="12"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="852"/>
						<FileChg FileChangeID="853"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1254"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q269368.Exe" PatchLocationID="588" SBID="0" SQNumber="Q269368" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="37"/>
					</PatchComments>
					<AffectedProduct ProductID="80" FixedInSP="13">
						<AffectedServicePack ServicePackID="73"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="858"/>
						<FileChg FileChangeID="859"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1256"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-034" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-034.asp" Title="Office 2000 UA Control Vulnerability" DatePosted="2000/05/12" DateRevised="2000/05/12" Supported="Yes" Summary="" Issue="An ActiveX control that ships as part of Office 2000 is incorrectly marked as &quot;safe for scripting&quot;. This control, the Office 2000 UA Control, is used by the &quot;Show Me&quot; function in Office Help, and allows Office functions to be scripted. A malicious web site operator could use the control to carry out Office functions on the machine of a user who visited his site." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q262767"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Uactlsec.exe" PatchLocationID="411" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="42" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
					<AffectedProduct ProductID="13" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
					<AffectedProduct ProductID="25" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
					<AffectedProduct ProductID="38" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
					<AffectedProduct ProductID="44" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
					<AffectedProduct ProductID="87" FixedInSP="0">
						<AffectedServicePack ServicePackID="116"/>
					</AffectedProduct>
					<AffectedProduct ProductID="60" FixedInSP="0">
						<AffectedServicePack ServicePackID="108"/>
						<AffectedServicePack ServicePackID="111"/>
					</AffectedProduct>
					<AffectedProduct ProductID="86" FixedInSP="0">
						<AffectedServicePack ServicePackID="115"/>
					</AffectedProduct>
					<AffectedProduct ProductID="85" FixedInSP="0">
						<AffectedServicePack ServicePackID="124"/>
					</AffectedProduct>
					<AffectedProduct ProductID="84" FixedInSP="0">
						<AffectedServicePack ServicePackID="123"/>
					</AffectedProduct>
					<AffectedProduct ProductID="56" FixedInSP="0">
						<AffectedServicePack ServicePackID="107"/>
					</AffectedProduct>
					<AffectedProduct ProductID="88" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-035" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-035.asp" Title="SQL Server 7.0 Service Pack Password Vulnerability" DatePosted="2000/05/30" DateRevised="2000/06/15" Supported="Yes" Summary="" Issue="When SQL Server 7.0 Service Packs 1 or 2 are installed on a machine that is configured to perform authentication using Mixed Mode, the password for the SQL Server standard security System Administrator (sa) account is recorded in plaintext in the files %TEMP%\sqlsp.log and %WINNT%\setup.iss. The default permissions on the files would allow any user to read them who could log onto the server interactively." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q263968"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="sqlsp.exe" PatchLocationID="410" SBID="0" SQNumber="Q263968" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="29" FixedInSP="56">
						<AffectedServicePack ServicePackID="15"/>
						<AffectedServicePack ServicePackID="23"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-037" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-037" Title="HTML Help File Code Execution Vulnerability" DatePosted="2000/06/02" DateRevised="2000/06/02" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in the HTML Help facility that ships with Microsoft(r) Internet Explorer. Under certain conditions, the vulnerability could allow a malicious web site to take inappropriate action on the computer of a visiting user. " Issue="The HTML Help facility provides the ability to launch code via shortcuts included in HTML Help files. If a compiled HTML Help (.chm) file were referenced by a malicious web site, it could potentially be used to launch code on a visiting user's computer without the user's approval. Such code could take any actions that the user could take, including adding, changing or deleting data, or communicating with a remote web site." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q259166"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="hhupd.exe" PatchLocationID="407" SBID="0" SQNumber="Q259166" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="77"/>
					</AffectedProduct>
					<AffectedProduct ProductID="50" FixedInSP="0">
						<AffectedServicePack ServicePackID="76"/>
					</AffectedProduct>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q259166_W2K_SP1_x86_en.EXE" PatchLocationID="408" SBID="0" SQNumber="Q259166" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="38"/>
					</PatchComments>
					<AffectedProduct ProductID="52" FixedInSP="12">
						<AffectedServicePack ServicePackID="71"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="388"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1121"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-038" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-038.asp" Title="Malformed Windows Media Encoder Request Vulnerability" DatePosted="2000/05/30" DateRevised="2000/06/20" Supported="Yes" Summary="" Issue="This vulnerability would primarily affect streaming media providers that supply real-time broadcasts of streaming media - it would not prevent a Windows Media Server from distributing already-encoded data. The vulnerability cannot be used to cause a machine to crash, nor can it be used to usurp any administrative privileges. Simply locating the server could be a challenge, because the IP address of the Windows Media Encoder would typically not be advertised." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q264133"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="WMSU20935a.EXE" PatchLocationID="406" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="48" FixedInSP="0">
						<AffectedServicePack ServicePackID="92"/>
					</AffectedProduct>
					<AffectedProduct ProductID="49" FixedInSP="0">
						<AffectedServicePack ServicePackID="93"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-010" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-010.asp" Title="Site Wizard Input Validation Vulnerability" DatePosted="2000/02/18" DateRevised="2000/02/18" Supported="Yes" Summary="" Issue="Two sample web sites provided as part of Site Server 3.0, Commerce Edition do not follow security best practices; the code generated by one of the wizards is affected by the same problem. The code requests an identification number as one of the inputs, but does not validate it before using it in a database query. As a result, a malicious user could, instead of entering an appropriate input, provide SQL commands. If this were done, the SQL commands would be executed as part of the query, and could be used to create, modify, delete or read data in the database." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q252614"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q252614.zip" PatchLocationID="450" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="63" FixedInSP="0">
						<AffectedServicePack ServicePackID="63"/>
						<AffectedServicePack ServicePackID="64"/>
						<AffectedServicePack ServicePackID="65"/>
						<AffectedServicePack ServicePackID="66"/>
						<AffectedServicePack ServicePackID="67"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-012" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-012.asp" Title="Remote Agent Permissions Vulnerability" DatePosted="2000/02/22" DateRevised="2000/02/22" Supported="Yes" Summary="" Issue="If a malicious user replaced the client code with code of his or her choosing, it would run automatically in a system context the next time he or she rebooted the machine and logged on." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q249847"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q249847i.EXE" PatchLocationID="444" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="62" FixedInSP="0">
						<AffectedServicePack ServicePackID="45"/>
						<AffectedServicePack ServicePackID="46"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-013" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-013.asp" Title="Misordered Windows Media Services Handshake Vulnerability" DatePosted="2000/02/23" DateRevised="2000/02/23" Supported="Yes" Summary="" Issue="The handshake sequence between a Windows Media server and a Windows Media Player is asynchronous, because certain resource requests are dependent on the successful completion of previous ones. If the client-side handshake packets are sent in a particular misordered sequence, with certain timing constraints, the server will attempt to use a resource before it has been initialized and will fail catastrophically, causing the Windows Media Unicast Service to crash." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q253943"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="WMSU4954_NT4.EXE" PatchLocationID="442" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="14" FixedInSP="0">
						<AffectedServicePack ServicePackID="90"/>
					</AffectedProduct>
					<AffectedProduct ProductID="15" FixedInSP="0">
						<AffectedServicePack ServicePackID="91"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="WMSU4954_Win2000.EXE" PatchLocationID="443" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="15" FixedInSP="0">
						<AffectedServicePack ServicePackID="91"/>
					</AffectedProduct>
					<AffectedProduct ProductID="14" FixedInSP="0">
						<AffectedServicePack ServicePackID="90"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-014" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-014.asp" Title="SQL Query Abuse Vulnerability" DatePosted="2000/03/08" DateRevised="2000/03/08" Supported="Yes" Summary="" Issue="The vulnerability could allow the remote author of a malicious SQL query to take unauthorized actions on a SQL Server or MSDE database or on the underlying system that was hosting the SQL Server or MSDE database." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q256052"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="s70780i.exe" PatchLocationID="441" SBID="0" SQNumber="Q256052" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="29" FixedInSP="23">
						<AffectedServicePack ServicePackID="15"/>
						<AffectedServicePack ServicePackID="55"/>
					</AffectedProduct>
					<AffectedProduct ProductID="31" FixedInSP="23">
						<AffectedServicePack ServicePackID="55"/>
						<AffectedServicePack ServicePackID="15"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-015" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-015.asp" Title="Clip Art Buffer Overrun Vulnerability" DatePosted="2000/03/06" DateRevised="2000/03/06" Supported="Yes" Summary="" Issue="One of the features of the Clip Art Gallery allows the user to download additional clips from the Microsoft Clip Gallery Live web site, and then install that clip art on their computer. To do this, Clip Art Gallery and Clip Gallery Live use a file format called the CIL format to contain the newly downloaded clips. Under certain circumstances, a very long field embedded in a clip art CIL file could cause a buffer overrun in the Clip Art Gallery software. The buffer overrun could cause the software to crash or, under certain circumstances, could cause the execution of hostile code on the computer where the Clip Art Gallery software was executing.
The risk from this vulnerability results from the facts that any web site can host a CIL file and that clip art will normally be processed without prompting the user for confirmation as would be the case with an executable file format." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q256167"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="cilupdt.exe" PatchLocationID="440" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="42" FixedInSP="0">
						<AffectedServicePack ServicePackID="54"/>
					</AffectedProduct>
					<AffectedProduct ProductID="56" FixedInSP="0">
						<AffectedServicePack ServicePackID="107"/>
					</AffectedProduct>
					<AffectedProduct ProductID="57" FixedInSP="0">
						<AffectedServicePack ServicePackID="108"/>
					</AffectedProduct>
					<AffectedProduct ProductID="58" FixedInSP="0">
						<AffectedServicePack ServicePackID="109"/>
					</AffectedProduct>
					<AffectedProduct ProductID="59" FixedInSP="0">
						<AffectedServicePack ServicePackID="110"/>
					</AffectedProduct>
					<AffectedProduct ProductID="60" FixedInSP="0">
						<AffectedServicePack ServicePackID="111"/>
					</AffectedProduct>
					<AffectedProduct ProductID="61" FixedInSP="0">
						<AffectedServicePack ServicePackID="112"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-016" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-016.asp" Title="Malformed Media License Request Vulnerability" DatePosted="2000/03/17" DateRevised="2000/03/17" Supported="Yes" Summary="" Issue="The vulnerability could allow a malicious user to temporarily prevent the license server from issuing further licenses to customers for protected digital content (music and video)." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q257200"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="WMRMU8912_NT4.EXE" PatchLocationID="439" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="55" FixedInSP="0">
						<AffectedServicePack ServicePackID="106"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="407"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-017" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-017.asp" Title="DOS Device in Path Name Vulnerability" DatePosted="2000/03/16" DateRevised="2000/03/16" Supported="Yes" Summary="" Issue="Because it is not possible to create files or folders that contain DOS device names, it would be unusual for a user to try to access one under normal circumstances. The chief threat posed by this vulnerability is that a malicious user could attempt to entice a user to attempt such an access. For instance, if a web site operator hosted a hyperlink that referenced such a path, clicking the link would result in the user?s machine crashing. Likewise, a web page or HTML mail that specified a local file as the source of rendering information could cause the user?s machine to crash when it was displayed." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q256015"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="256015USA5.EXE" PatchLocationID="437" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="256015USA8.EXE" PatchLocationID="438" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-018" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-018.asp" Title="Chunked Encoding Post Vulnerability " DatePosted="2000/03/20" DateRevised="2000/03/20" Supported="Yes" Summary="" Issue="IIS 4.0 supports chunked encoding transfers, but does not limit the size of the buffer that can be reserved. This would allow a malicious user to request an extremely large buffer for a POST or PUT operation, but never actually send data, thereby blocking memory on the server that had been allocated to the session. If sufficient memory on the server were blocked in this fashion, it could prevent the server from performing useful work." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q252693"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="chkenc4i.exe" PatchLocationID="434" SBID="25" SQNumber="Q252693" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="587"/>
						<FileChg FileChangeID="588"/>
						<FileChg FileChangeID="589"/>
						<FileChg FileChangeID="590"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1189"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-019" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-019" Title="Virtualized UNC Share Vulnerability" DatePosted="2000/03/30" DateRevised="2000/03/30" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Internet Information Server and products based on it. Under certain fairly unusual conditions, the vulnerability could cause a web server to send the source code of .ASP and other files to a visiting user." Issue="Under certain fairly unusual conditions, the vulnerability could cause a web server to send the source code of .ASP and other files to a visiting user." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q249599"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="uncsec4i.exe" PatchLocationID="429" SBID="26" SQNumber="Q249599" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<RegChgs>
						<RegChg RegChangeID="1126"/>
					</RegChgs>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="526"/>
						<FileChg FileChangeID="527"/>
						<FileChg FileChangeID="528"/>
						<FileChg FileChangeID="529"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="Q249599_W2K_SP1_X86_en.EXE" PatchLocationID="432" SBID="8" SQNumber="Q249599" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="401"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1127"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-022" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-022.asp" Title="XLM Text Macro Vulnerability" DatePosted="2000/04/03" DateRevised="2000/04/03" Supported="Yes" Summary="" Issue="When an Excel user starts a macro that resides outside of the current spreadsheet (for example, in another spreadsheet), Excel by design will generate a warning dialogue. However, this dialogue is not generated if the macro consists of Excel 4.0 Macro Language (XLM) commands in an external text file." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q255605"/>
				<QNumber QNumber="Q255606"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="xl8p9pkg.exe" PatchLocationID="427" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="45" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
					<AffectedProduct ProductID="70" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-023" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-023" Title="Myriad Escaped Characters Vulnerability" DatePosted="2000/04/12" DateRevised="2000/04/12" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Internet Information Server. The vulnerability could allow a malicious user to slow a web server's response or prevent it from providing service altogether for a period of time. " Issue="Special characters can be embedded in URLs by use of so-called escaped character sequences. By providing a specially-malformed URL with an extremely large number of escaped characters, a malicious user could arbitrarily increase the work factor associated with parsing the escaped characters, thereby consuming much or all of the CPU availability on the server and preventing useful work from being done." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q254142"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="escseq4i.exe" PatchLocationID="424" SBID="24" SQNumber="Q254142" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="591"/>
						<FileChg FileChangeID="592"/>
						<FileChg FileChangeID="593"/>
						<FileChg FileChangeID="594"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1190"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q254142_W2K_SP1_x86_en.EXE" PatchLocationID="425" SBID="16" SQNumber="Q254142" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="395"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1125"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-024" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-024.asp" Title="OffloadModExpo Registry Permissions Vulnerability" DatePosted="2000/04/12" DateRevised="2000/04/12" Supported="Yes" Summary="" Issue="This vulnerability involves a registry key used by the CryptoAPI Base CSPs to specify the driver DLL for a hardware accelerator. By design, such a DLL would have access to users' public and private keys. Although only administrators should have permission to add such a DLL, the permissions on the key actually would allow any user who could interactively log onto the machine to do so. By writing a bogus DLL and installing it, a malicious user could compromise the keys of other users who subsequently used the machine." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q259496"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q259496i.exe" PatchLocationID="422" SBID="45" SQNumber="Q259496" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-025" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-025.asp" Title="Link View Server-Side Component Vulnerability" DatePosted="2000/04/14" DateRevised="2000/04/17" Supported="Yes" Summary="" Issue="Dvwssr.dll is a server-side component used to support the Link View feature in Visual Interdev 1.0. However, it contains an unchecked buffer. If overrun with random data, it could be used to cause an affected server to crash, or could allow arbitrary code to run on the server in a System context." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q259799"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q259799" PatchLocationID="608" SBID="0" SQNumber="Q259799" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="40"/>
					</PatchComments>
					<AffectedProduct ProductID="97" FixedInSP="0">
						<AffectedServicePack ServicePackID="128"/>
					</AffectedProduct>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="98" FixedInSP="0">
						<AffectedServicePack ServicePackID="129"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-028" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-028.asp" Title="Server-Side Image Map Components Vulnerability" DatePosted="2000/04/21" DateRevised="2000/04/21" Supported="Yes" Summary="" Issue="The vulnerability could potentially allow a malicious web site visitor to perform actions that the system permissions authorize him to perform, but which he previously may have had no means of actually carrying out." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q260267"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q260267" PatchLocationID="602" SBID="0" SQNumber="Q260267" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="40"/>
					</PatchComments>
					<AffectedProduct ProductID="96" FixedInSP="0">
						<AffectedServicePack ServicePackID="127"/>
					</AffectedProduct>
					<AffectedProduct ProductID="97" FixedInSP="0">
						<AffectedServicePack ServicePackID="128"/>
					</AffectedProduct>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="98" FixedInSP="0">
						<AffectedServicePack ServicePackID="129"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-030" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-030" Title="Malformed Extension Data in URL Vulnerability" DatePosted="2000/05/11" DateRevised="2000/05/11" Supported="Yes" Summary="This update resolves the &quot;Malformed Extension Data in URL&quot; security vulnerability in Internet Information Server (IIS) 5.0 and IIS 4.0. Installing this update will prevent a malicious user from slowing or temporarily stopping performance on your Web server. " Issue="In compliance with RFC 2396, the algorithm in IIS that processes URLs has flexibility built in to allow it to process any arbitrary sequence of file extensions or subresource identifiers (referred to in the RFC as path_segments). By providing an URL that contains specially-malformed file extension information, a malicious user could misuse this flexibility in order to arbitrarily increase the work factor associated with parsing the URL. This could consume much or all of the CPU availability on the server and prevent useful work from being done." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q260205"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="myrdot4i.exe" PatchLocationID="417" SBID="23" SQNumber="Q260205" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="516"/>
						<FileChg FileChangeID="517"/>
						<FileChg FileChangeID="518"/>
						<FileChg FileChangeID="519"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1167"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q260205_W2K_SP1_x86_en.EXE" PatchLocationID="418" SBID="15" SQNumber="Q260205" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1168"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="520"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS00-031" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ00-031" Title="Undelimited .HTR Request and File Fragment Reading via .HTR Vulnerabilities" DatePosted="2000/05/10" DateRevised="2000/07/17" Supported="Yes" Summary="This update resolves two security vulnerabilities in Internet Information Services (IIS), the &quot;Absent Directory Browser Argument&quot; vulnerability and the &quot;File Fragment Reading via .HTR&quot; vulnerability. Install this update to prevent a malicious user from exploiting these vulnerabilities to slow performance on an affected Web server or, under very specific conditions, obtain the source code of certain types of files on a Web server. " Issue="The vulnerabilities could, respectively, be used to slow an affected web server's response or to obtain the source code of certain types of files under very restricted conditions." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q267559"/>
				<QNumber QNumber="Q260838"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q267559_w2k_sp2_x86_en.exe" PatchLocationID="656" SBID="34" SQNumber="Q267559" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="43"/>
					</PatchComments>
					<FileChgs>
						<FileChg FileChangeID="596"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1192"/>
					</RegChgs>
					<AffectedProduct ProductID="17" FixedInSP="1">
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="ismpst4i.exe" PatchLocationID="658" SBID="21" SQNumber="Q260838" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="597"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1193"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-053" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-053.asp" Title="Windows Multithreaded SSL ISAPI Filter Vulnerability" DatePosted="1999/12/02" DateRevised="1999/12/02" Supported="Yes" Summary="" Issue="The SSL ISAPI filter provided as part of IIS supports concurrent use. When used in this mode, a synchronization problem could induce a race condition and cause a single buffer of plaintext to be leaked. The conditions under which this could happen are very rare, and could only occur when a single user's session was multi-threaded and traffic volumes were extremely high." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q244613"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="sslune4i.exe" PatchLocationID="480" SBID="9" SQNumber="Q244613" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="437"/>
						<FileChg FileChangeID="438"/>
						<FileChg FileChangeID="439"/>
						<FileChg FileChangeID="441"/>
						<FileChg FileChangeID="442"/>
						<FileChg FileChangeID="443"/>
						<FileChg FileChangeID="444"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1174"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-054" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-054.asp" Title="WPAD Spoofing Vulnerability" DatePosted="1999/12/01" DateRevised="1999/12/01" Supported="Yes" Summary="" Issue="The IE 5 Web Proxy Auto-Discovery (WPAD) feature enables web clients to automatically detect proxy settings without user intervention. The algorithm used by WPAD prepends the hostname &quot;wpad&quot; to the fully-qualified domain name and progressively removes subdomains until it either finds a WPAD server answering the domain name or reaches the third-level domain. For instance, web clients in the domain a.b.microsoft.com would query wpad.a.b.microsoft, wpad.b.microsoft.com, then wpad.microsoft.com. A vulnerability arises because in international usage, the third-level domain may not be trusted. A malicious user could set up a WPAD server and serve proxy configuration commands of his or her choice." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q247333"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q247333" PatchLocationID="687" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-058" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-058.asp" Title="Virtual Directory Naming Vulnerability" DatePosted="1999/12/21" DateRevised="1999/12/21" Supported="Yes" Summary="" Issue="This vulnerability would be most likely to occur due to administrator error, or if a product generated an affected virtual directory name by default. (Front Page Server Extensions is one such product). Recommended security practices militate against including sensitive information in .ASP and other files that require server-side processing, and if this recommendation is observed, there would be no sensitive information divulged even if this vulnerability occurred. In any event, an affected virtual directory could be identified during routine testing of the server." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q238606"/>
				<QNumber QNumber="Q186803"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="vrdcon4i.exe" PatchLocationID="476" SBID="27" SQNumber="Q238606" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="4"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="431"/>
						<FileChg FileChangeID="432"/>
						<FileChg FileChangeID="434"/>
						<FileChg FileChangeID="435"/>
						<FileChg FileChangeID="436"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1173"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-059" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-059.asp" Title="Malformed TDS Packet Header Vulnerability" DatePosted="1999/12/20" DateRevised="1999/12/20" Supported="Yes" Summary="" Issue="If a specially-malformed TDS packet is sent to a SQL server, it can cause the server to crash.  This vulnerability could only be remotely exploited if port 1433 were open at the firewall." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q248749"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="S70761i.exe" PatchLocationID="473" SBID="0" SQNumber="Q248749" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="29" FixedInSP="23">
						<AffectedServicePack ServicePackID="15"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="421"/>
						<FileChg FileChangeID="422"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-060" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-060.asp" Title="HTML Mail Attachment Vulnerability" DatePosted="1999/12/22" DateRevised="1999/12/22" Supported="Yes" Summary="" Issue="It eliminates a security vulnerability in the Microsoft® Outlook Express mail client for Macintosh systems. The vulnerability could allow attachments to HTML mails to be automatically downloaded onto the user's computer. 
It provides replacements for several digital certificates that are included in Internet Explorer for Macintosh, and will expire on December 31, 1999." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q249082"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="MacFiles" PatchLocationID="591" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="90" FixedInSP="0">
						<AffectedServicePack ServicePackID="126"/>
					</AffectedProduct>
					<AffectedProduct ProductID="89" FixedInSP="0">
						<AffectedServicePack ServicePackID="125"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-061" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-061.asp" Title="Escape Character Parsing Vulnerability" DatePosted="1999/12/21" DateRevised="1999/12/21" Supported="Yes" Summary="" Issue="RFC 1738 specifies that web servers must allow hexadecimal digits to be input in URLs by preceding them with the so-called &quot;escape&quot; character, a percent sign. IIS complies with this specification, but also accepts characters after the percent sign that are not hexadecimal digits. Some of these translate to printable ASCII characters, and this could provide an alternate means of specifying files in URLs." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q246401"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="unschx4i.exe" PatchLocationID="470" SBID="17" SQNumber="Q246401" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="531"/>
						<FileChg FileChangeID="532"/>
						<FileChg FileChangeID="533"/>
						<FileChg FileChangeID="534"/>
						<FileChg FileChangeID="535"/>
						<FileChg FileChangeID="536"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1172"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-052" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-052.asp" Title="Legacy Credential Caching Vulnerability" DatePosted="1999/11/29" DateRevised="1999/11/29" Supported="Yes" Summary="" Issue="Windows for Workgroups provided a RAM-based caching mechanism that cached the user's plaintext network credentials for use by real-mode command-line networking utilities. Part of this mechanism was carried forward into the Windows 95 and 98 designs, even though it is not used by either. A malicious user could query this mechanism to obtain the network credentials of the last person to use the machine for network access, as long as they had physical access to the machine and it had not been rebooted since the last networking session." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q168115"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="168115us5.exe" PatchLocationID="483" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="168115us8.exe" PatchLocationID="484" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-051" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-051.asp" Title="IE Task Scheduler Vulnerability" DatePosted="1999/11/29" DateRevised="1999/11/29" Supported="Yes" Summary="" Issue="The IE 5 Task Scheduler controls who can create and submit &quot;AT jobs.&quot; The utility that is used to create AT jobs can only be run by an administrator, and the Task Scheduler will only execute AT jobs that are owned by administrators. However, if a malicious user had change access to an existing file owned by an administrator (it would not need to be an AT job), he or she could modify it to be a valid AT job and place in the appropriate folder for execution. This would bypass the control mechanism and allow the job to be executed." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q246972"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q246972" PatchLocationID="594" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="39"/>
					</PatchComments>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-049" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-049.asp" Title="File Access URL Vulnerability" DatePosted="1999/11/12" DateRevised="1999/11/12" Supported="Yes" Summary="" Issue="There is a buffer overflow in the Windows 95 and Windows 98 networking software that processes file name strings. If the networking software were provided with a very long random string as input, it could crash the machine. If provided with a specially-malformed argument, it could be used to run arbitrary code on the machine via a classic buffer overrun attack.
The vulnerability could be exploited remotely in cases where a file:// URL or a Universal Naming Convention (UNC) string on a remote web site included a long file name or where a long file name was included in an e-mail message." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q245729"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="245729us5.exe" PatchLocationID="485" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="245729us8.exe" PatchLocationID="486" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-048" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-048.asp" Title="Active Setup Control Vulnerability" DatePosted="1999/11/11" DateRevised="1999/11/11" Supported="Yes" Summary="" Issue="A particular ActiveX control allows cabinet files to be launched and executed. This could allow an HTML mail to contain a malicious cabinet file, disguised as a file of an innocuous type. If a user attempted to open this file, the operation would fail but could, depending on the mail package, leave a copy of the file in a known location. The ActiveX control could then be used via a script embedded in the mail to launch the copy, thereby executing the malicious code." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q244540"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q244540.exe" PatchLocationID="487" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q244540.exe" PatchLocationID="487" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-044" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-044.asp" Title="Excel SYLK Vulnerability" DatePosted="1999/10/20" DateRevised="1999/10/20" Supported="Yes" Summary="" Issue="The primary vulnerability addressed by this patch is the &quot;Excel SYLK&quot; vulnerability. Symbolic Link (SYLK) files can contain macros; if such a file were opened in Excel 97 or 2000, the macro would run without asking for the user's permission. These macros could take any action on the computer that the user could take." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q241900 (XL97)"/>
				<QNumber QNumber="Q241901 (XL2000)"/>
				<QNumber QNumber="Q241902 (XL97)"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="xl8p9pkg.exe" PatchLocationID="488" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="45" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
					<AffectedProduct ProductID="70" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="xl9p2pkg.exe" PatchLocationID="489" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="44" FixedInSP="10">
						<AffectedServicePack ServicePackID="54"/>
					</AffectedProduct>
					<AffectedProduct ProductID="42" FixedInSP="10">
						<AffectedServicePack ServicePackID="54"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-043" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-043.asp" Title="Javascript Redirect Vulnerability" DatePosted="1999/10/18" DateRevised="1999/11/17" Supported="Yes" Summary="" Issue="Client-local data that is displayed in the browser window can be made available to the server by using a redirect to a Javascript applet running in the same window. This in effect bypasses cross-domain security and makes the data available to the applet, which could then send the data to a hostile server. This could allow a malicious web site operator to read the contents of files on visiting users' computers, if he or she knew the name of the file and the folder in which it resided. The vulnerability would not allow the malicious user to list the contents of folders, create, modify or delete files, or to usurp any administrative control over the machine." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q244356 (IE 4.01)"/>
				<QNumber QNumber="Q244357 (IE 5)"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q244356.exe" PatchLocationID="490" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="q244357.exe" PatchLocationID="491" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-042" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-042.asp" Title="IFRAME ExecCommand Vulnerability" DatePosted="1999/10/11" DateRevised="1999/11/04" Supported="Yes" Summary="" Issue="The Internet Explorer security model normally restricts the Document.ExecCommand() method to prevent it from taking inappropriate action on a user's computer. However, at least one of these restrictions is not present if the method is invoked on an IFRAME. This could allow a malicious web site operator to read the contents of files on visiting users' computers, if he or she knew the name of the file and the folder in which it resided. The vulnerability would not allow the malicious user to list the contents of folders, create, modify or delete files, or to usurp any administrative control over the machine." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q243638"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q243638.exe" PatchLocationID="595" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-040" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-040.asp" Title="Download Behavior Vulnerability" DatePosted="1999/09/28" DateRevised="1999/10/12" Supported="Yes" Summary="" Issue="IE 5 includes a feature called &quot;download behavior&quot; that allows web page authors to download files for use in client-side script. By design, a web site should only be able to download files that reside in its domain; this prevents client-side code from exposing files on the user's machine or local intranet to the web site. However, a server-side redirect can be used to bypass this restriction, thereby enabling a malicious web site operator to read files on the user's machine or the user's local intranet. This vulnerability would chiefly affect workstations that are connected to the Internet." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q242542"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q243638.exe" PatchLocationID="595" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-037" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-037.asp" Title="ImportExportFavorites Vulnerability" DatePosted="1999/09/10" DateRevised="1999/12/08" Supported="Yes" Summary="" Issue="IE 5 includes a feature that allows users to export a list of their favorite web sites to a file, or to import a file containing a list of favorite sites. The method that is used to perform this function, ImportExportFavorites(), should only allow particular types of files to be written, and only to specific locations on the drive. However, it is possible for a web site to invoke this method, bypass this restriction and write files that could be used to execute system commands. The net result is that a malicious web site operator potentially could take any action on the computer that the user would be capable of taking." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q241361"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q241361.exe" PatchLocationID="676" SBID="51" SQNumber="Q241361" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q241361.exe" PatchLocationID="676" SBID="0" SQNumber="Q241361" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-035" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-035.asp" Title="Set Cookie Header Caching Vulnerability" DatePosted="1999/09/10" DateRevised="1999/09/10" Supported="Yes" Summary="" Issue="When certain versions of Site Server or MCIS send a web page that contains a Set Cookie Header, they do not flag the page with an expiration header. As a result, such pages may be cached by a web proxy. Multiple customers accessing the same site via a web proxy might be served the same page, containing the same Set Cookie Header. If the cookie information includes a GUID that is used as an index for the server's database, one customer's personal data might be viewable by the others." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q238647"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q238647x86eng.exe" PatchLocationID="495" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="67" FixedInSP="0">
						<AffectedServicePack ServicePackID="63"/>
						<AffectedServicePack ServicePackID="64"/>
						<AffectedServicePack ServicePackID="65"/>
					</AffectedProduct>
					<AffectedProduct ProductID="63" FixedInSP="0">
						<AffectedServicePack ServicePackID="63"/>
						<AffectedServicePack ServicePackID="64"/>
						<AffectedServicePack ServicePackID="65"/>
					</AffectedProduct>
					<AffectedProduct ProductID="66" FixedInSP="0">
						<AffectedServicePack ServicePackID="114"/>
					</AffectedProduct>
					<AffectedProduct ProductID="68" FixedInSP="0">
						<AffectedServicePack ServicePackID="113"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-033" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-033.asp" Title="Malformed Telnet Argument Vulnerability" DatePosted="1999/09/09" DateRevised="1999/09/09" Supported="Yes" Summary="" Issue="The Telnet client that ships as part of Windows 95 and 98 has an unchecked buffer. A specially-malformed argument could be passed to the client via a web page in order to cause arbitrary code to execute on the computer via a classic buffer overrun technique." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers/>
			<Patches>
				<Patch PatchName="telnet95.exe" PatchLocationID="496" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="TelnetUp.EXE" PatchLocationID="497" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-032" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-032.asp" Title="scriptlet.typelib/Eyedog Vulnerability" DatePosted="1999/08/31" DateRevised="1999/10/12" Supported="Yes" Summary="" Issue="scriptlet.typelib is a control used by developers to generate Type Libraries for Windows Script Components. It is marked as &quot;safe for scripting&quot;, but should not be because it allows local files to be created or modified. The patch removes the &quot;safe for scripting&quot; marking, thereby causing IE to request confirmation from the user before loading the control.
Eyedog is a control used by diagnostic software in Windows. It is marked as &quot;safe for scripting&quot;, but should not be because it allows registry information to be queried and machine characteristics to be gathered. In addition, one of the control's methods is vulnerable to a buffer overrun attack. The patch sets the so-called &quot;kill bit&quot;, which prevents it from loading within IE." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q240308"/>
				<QNumber QNumber="Q240797"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q240308.exe" PatchLocationID="498" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="21"/>
						<AffectedServicePack ServicePackID="77"/>
						<AffectedServicePack ServicePackID="38"/>
					</AffectedProduct>
					<AffectedProduct ProductID="50" FixedInSP="0">
						<AffectedServicePack ServicePackID="76"/>
					</AffectedProduct>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
					<AffectedProduct ProductID="83" FixedInSP="0">
						<AffectedServicePack ServicePackID="77"/>
						<AffectedServicePack ServicePackID="38"/>
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-030" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-030.asp" Title="Office ODBC Vulnerabilities" DatePosted="1999/08/20" DateRevised="1999/10/08" Supported="Yes" Summary="" Issue="The &quot;VBA Shell&quot; vulnerability, which affects all versions of Jet except Jet 4.0. An operating system command embedded within a database query could be executed when the query is processed. This would allow a spreadsheet, database, or other application file that contained such a query to take virtually any action on the user's computer when the query was executed. 
The &quot;Text I-ISAM&quot; vulnerability, which affects all versions of Jet. Jet provides a way to modify the contents of text files, as a way of allowing data exchange between it and other systems. However, a malicious user could use this capability to modify system files via a database query. The original patch for this vulnerability allowed &quot;drop table&quot; operations to be used, which could allow files on the user's computer to be deleted; the new patch eliminates this variant." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q239114"/>
				<QNumber QNumber="Q172733"/>
				<QNumber QNumber="Q239482"/>
				<QNumber QNumber="Q239104"/>
				<QNumber QNumber="Q239471"/>
				<QNumber QNumber="Q239105"/>
				<QNumber QNumber="Q141796"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Jet30Pkg.exe" PatchLocationID="668" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="69" FixedInSP="0">
						<AffectedServicePack ServicePackID="97"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="jetCopkg.exe" PatchLocationID="669" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="70" FixedInSP="0">
						<AffectedServicePack ServicePackID="61"/>
						<AffectedServicePack ServicePackID="62"/>
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="JetcoPkg.exe" PatchLocationID="670" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="42" FixedInSP="0">
						<AffectedServicePack ServicePackID="54"/>
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-022" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-022.asp" Title="Double Byte Code Page Vulnerability" DatePosted="1999/06/24" DateRevised="1999/08/19" Supported="Yes" Summary="" Issue="When IIS is run on a machine on which a double-byte character set code page is used (i.e., the default language on the server is set to Chinese, Japanese, or Korean), and a specific URL construction is used to request a file in a virtual directory, normal server-side processing is bypassed. As a result, the file is simply delivered as text to the browser, thereby allowing the source code to be viewed." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q233335"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="fesrc3i.exe" PatchLocationID="504" SBID="0" SQNumber="Q233335" NoReboot="0">
					<AffectedProduct ProductID="71" FixedInSP="0">
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="620"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1197"/>
					</RegChgs>
					<PatchComments/>
				</Patch>
				<Patch PatchName="fesrc4i.exe" PatchLocationID="504" SBID="29" SQNumber="Q233335" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="7">
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="69"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="606"/>
						<FileChg FileChangeID="607"/>
						<FileChg FileChangeID="608"/>
						<FileChg FileChangeID="609"/>
						<FileChg FileChangeID="610"/>
						<FileChg FileChangeID="611"/>
						<FileChg FileChangeID="612"/>
						<FileChg FileChangeID="613"/>
						<FileChg FileChangeID="614"/>
						<FileChg FileChangeID="615"/>
						<FileChg FileChangeID="616"/>
						<FileChg FileChangeID="617"/>
						<FileChg FileChangeID="618"/>
						<FileChg FileChangeID="619"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1196"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-019" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-019.asp" Title="Malformed HTR Request Vulnerability" DatePosted="1999/06/15" DateRevised="1999/07/22" Supported="Yes" Summary="" Issue="The vulnerability involves an unchecked buffer in the filter DLLs for these file types. This poses two threats to safe operation. The first is a denial of service threat. A malformed request for an .HTR, .STM or .IDC file could overflow the buffer, causing IIS to crash. The server would not need to be rebooted, but IIS would need to be rebooted in order to resume service. The second threat is that a carefully-constructed file request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither attack could occur accidentally. The vulnerability is present regardless of whether .HTR, .STM or .IDC files are present on the server." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q234905"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="extfixi.exe" PatchLocationID="506" SBID="20" SQNumber="Q234905" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="23"/>
					</PatchComments>
					<AffectedProduct ProductID="16" FixedInSP="7">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="598"/>
						<FileChg FileChangeID="599"/>
						<FileChg FileChangeID="600"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1194"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-018" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-018.asp" Title="Malformed Favorites Icon Vulnerability" DatePosted="1999/05/27" DateRevised="1999/05/27" Supported="Yes" Summary="" Issue="The &quot;Malformed Favorites Icon&quot; vulnerability. The Favorites feature allows IE users to keep a list of their favorite web sites. In IE 5, the Favorites list can contain icons that are supplied by the associated web sites. However, there is an unchecked buffer in the implementation. A specially-malformed icon could overrun the buffer and be used to run arbitrary code on the user's computer. This vulnerability only affects IE 5 when run on Windows 95 or 98; it does not affect Windows NT systems. 
The &quot;Legacy ActiveX Control&quot; vulnerability. An ActiveX control that was used by previous versions of IE also was included in IE 4.0 and IE 5 even though it is not used by either. It could be misused to allow a web site to read the user's local hard drive. The update eliminates the vulnerability by removing the control." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q231450"/>
				<QNumber QNumber="Q231452"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q241361.exe" PatchLocationID="660" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="q241361.exe" PatchLocationID="661" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="50" FixedInSP="0">
						<AffectedServicePack ServicePackID="76"/>
					</AffectedProduct>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="77"/>
						<AffectedServicePack ServicePackID="38"/>
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-014" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-014.asp" Title="Excel 97 Virus Warning Vulnerabilities" DatePosted="1999/05/07" DateRevised="1999/05/07" Supported="Yes" Summary="" Issue="Microsoft Excel 97 provides a feature that warns the user before launching an external file that could potentially contain a virus or other malicious software.  However, certain scenarios have been identified that could be misused to bypass the warning mechanism. In general, they require the use of infrequently-combined features and commands, and are unlikely to be encountered in normal use." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q231304"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Xl8p9pkg.exe" PatchLocationID="649" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="70" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
					<AffectedProduct ProductID="45" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-012" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-012.asp" Title="MSHTML Update Available for Internet Explorer" DatePosted="1999/04/21" DateRevised="1999/04/21" Supported="Yes" Summary="" Issue="The first vulnerability is a new variant of a previously-identified cross-frame security vulnerability. A particular malformed URL could be used to execute scripts in the security context of a different domain. This could allow a malicious web site operator to execute a script on the web site, and gain privileges on visiting users' machines that are normally granted only to their trusted sites. 
The second vulnerability affects only Internet Explorer 5.0, and is a new variant of a previously-identified untrusted scripted paste vulnerability. The vulnerability would allow a script to paste a filename into the file upload intrinsic control. This should only be possible by explicit user action. Once the filename has been pasted into the control, a subsequent form submission could send the file to a remote web site. If the user has disabled the default warning that is displayed when submitting unencrypted forms, the file would be sent without any warning to the user. 
The third vulnerability is a privacy issue involving the processing of the &quot;IMG SRC&quot; tag in HTML files. This tag identifies and loads image sources - image files that are to be displayed as part of a web page. The vulnerability results because the tag can be used to point to files of any type, rather than only image files, after which point the document object model methods can be used to determine information about them. A malicious web site operator could use this vulnerability to determine the size and MIME type of files on the computer of a visiting user." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q226326"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="mshtml5.exe" PatchLocationID="508" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="mshtml4.exe" PatchLocationID="645" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="28" FixedInSP="0">
						<AffectedServicePack ServicePackID="38"/>
						<AffectedServicePack ServicePackID="21"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS99-011" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ99-011.asp" Title="DHTML Edit Vulnerability" DatePosted="1999/04/21" DateRevised="1999/04/21" Supported="Yes" Summary="" Issue="The root cause of the vulnerability lies in the fact that a web site that hosts the &quot;safe for scripting&quot; version of the control is able to upload any data entered into the control. A malicious web site operator could trick a user into entering sensitive data into a DHTML Edit control hosted on a web page from the operator's site, and then upload the data. In addition, if the malicious web site operator knows the name of a file on the user's local drive, it is possible for the operator to programmatically load the file into the control and then upload it." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q226326"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="DHTMLED5.EXE" PatchLocationID="509" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="50" FixedInSP="0">
						<AffectedServicePack ServicePackID="76"/>
					</AffectedProduct>
					<AffectedProduct ProductID="51" FixedInSP="0">
						<AffectedServicePack ServicePackID="78"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-012" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-012" Title="Outlook, Outlook Express VCard Handler Contains Unchecked Buffer" DatePosted="2001/02/22" DateRevised="2001/05/09" Supported="Yes" Summary="This update resolves the &quot;Malformed vCard&quot; security vulnerability in Outlook and Outlook Express. This vulnerability exists because the component in Outlook and Outlook Express that processes the vCard (virtual business card) has an unchecked buffer (a temporary data storage area without a string length limit). Download now to ensure that your e-mail service processes vCards correctly.  " Issue="Outlook Express provides several components that are used both by it and, if installed on the machine, Outlook. One such component, used to process vCards, contains an unchecked buffer. 
By creating a vCard and editing it to contain specially chosen data, then sending it to another user, an attacker could cause either of two effects to occur if the recipient opened it. In the less serious case, the attacker could cause the mail client to fail. If this happened, the recipient could resume normal operation by restarting the mail client and deleting the offending mail. In the more serious case, the attacker could cause the mail client to run code of her choice on the user?s machine. Such code could take any desired action, limited only by the permissions of the recipient on the machine. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q283908"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q283908.exe" PatchLocationID="324" SBID="0" SQNumber="Q283908" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="80" FixedInSP="85">
						<AffectedServicePack ServicePackID="13"/>
					</AffectedProduct>
					<AffectedProduct ProductID="105" FixedInSP="85">
						<AffectedServicePack ServicePackID="13"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1214"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1258"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q283908.exe" PatchLocationID="637" SBID="0" SQNumber="Q283908" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="12"/>
					</AffectedProduct>
					<AffectedProduct ProductID="82" FixedInSP="75">
						<AffectedServicePack ServicePackID="12"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1215"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1257"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-013" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-013" Title="Windows 2000 Event Viewer Contains Unchecked Buffer" DatePosted="2001/02/26" DateRevised="2001/02/26" Supported="Yes" Summary="This update resolves the &quot;Malformed Event Record&quot; security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS01-013. Download now to prevent a malicious user from running unauthorized code on your computer. " Issue="This is a buffer overrun vulnerability. By entering a specially malformed record into a machine?s event log, an attacker could cause either of two effects to occur when the record was subsequently opened. In the least serious case, he could cause the event viewer to fail. In the more serious case, he could cause the event viewer?s functionality to be modified while running, in order to perform a task of his choosing on the other user?s machine." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q285156"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q285156_W2K_SP3_x86_en.EXE" PatchLocationID="555" SBID="0" SQNumber="Q285156" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="3">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="3">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="3">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="3">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1220"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1275"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-014" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-014" Title="Malformed URL Can Cause Service Failure in IIS 5.0 and Exchange 2000" DatePosted="2001/03/01" DateRevised="2001/03/01" Supported="Yes" Summary="This update resolves the &quot;Malformed URL can cause Service Failure in IIS 5.0 and Exchange 2000&quot; security vulnerability in Internet Information Server (IIS) 5.0 and Exchange 2000, and is discussed in Microsoft Security Bulletin MS01-014. Download now to prevent a malicious user from causing IIS 5.0 to fail. " Issue="This is a denial of service vulnerability. It could enable an attacker to temporarily disrupt service on an affected web, or to temporarily disrupt web-based access to an affected mail server. Although the server in either case would automatically resume normal operation, any sessions in progress at the time of the attack would be lost. The vulnerability does not provide any opportunity for the attacker to usurp administrative control over the server, or to add, change or delete data on it." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q286818"/>
				<QNumber QNumber="Q287678"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q286818_W2K_SP3_x86_en.EXE" PatchLocationID="557" SBID="2" SQNumber="Q286818" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="2">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="74"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="470"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1154"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q287678engi386.EXE" PatchLocationID="558" SBID="0" SQNumber="Q287678" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="34" FixedInSP="84">
						<AffectedServicePack ServicePackID="43"/>
					</AffectedProduct>
					<AffectedProduct ProductID="33" FixedInSP="84">
						<AffectedServicePack ServicePackID="43"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="472"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1155"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-015" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-015" Title="IE Can Divulge Location of Cached Content" DatePosted="2001/03/06" DateRevised="2001/05/25" Supported="Yes" Summary="This update resolves a security vulnerability in Internet Explorer, and is discussed in Microsoft Security Bulletin MS01-015. Download now to prevent an unauthorized user from creating and executing programs on your computer. " Issue="The IE security architecture provides a caching mechanism that is used to store content that needs to be downloaded and processed on the user's local machine. The purpose of the cache is to obfuscate the physical location of the cached content, in order to ensure that the web page or HTML e-mail will work through the IE security architecture to access the information. This ensures that the uses of the information can be properly restricted. 
A vulnerability exists because it is possible for a web page or HTML e-mail to learn the physical location of cached content. Armed with this information, an attacker could cause the cached content to be opened in the Local Computer Zone. This would enable him to launch compiled HTML help (.CHM) files that contain shortcuts to executables, thereby enabling him to run the executables. 

" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q279328"/>
				<QNumber QNumber="Q286045 "/>
				<QNumber QNumber="Q280768 "/>
				<QNumber QNumber="Q286043 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q279328.exe" PatchLocationID="677" SBID="0" SQNumber="Q279328" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="12"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="684"/>
						<FileChg FileChangeID="848"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1227"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q286045.exe" PatchLocationID="678" SBID="7" SQNumber="Q286045" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="80" FixedInSP="85">
						<AffectedServicePack ServicePackID="13"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="685"/>
						<FileChg FileChangeID="681"/>
						<FileChg FileChangeID="686"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1228"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q286043.exe" PatchLocationID="679" SBID="0" SQNumber="Q286043" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="12"/>
					</AffectedProduct>
					<AffectedProduct ProductID="80" FixedInSP="85">
						<AffectedServicePack ServicePackID="13"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="688"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1229"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="scripten.exe" PatchLocationID="680" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="103" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="698"/>
						<FileChg FileChangeID="699"/>
						<FileChg FileChangeID="700"/>
						<FileChg FileChangeID="701"/>
						<FileChg FileChangeID="702"/>
						<FileChg FileChangeID="703"/>
						<FileChg FileChangeID="704"/>
						<FileChg FileChangeID="705"/>
						<FileChg FileChangeID="706"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1230"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="ste51en.exe" PatchLocationID="681" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="103" FixedInSP="0">
						<AffectedServicePack ServicePackID="80"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="707"/>
						<FileChg FileChangeID="708"/>
						<FileChg FileChangeID="709"/>
						<FileChg FileChangeID="710"/>
						<FileChg FileChangeID="711"/>
						<FileChg FileChangeID="712"/>
						<FileChg FileChangeID="714"/>
						<FileChg FileChangeID="717"/>
						<FileChg FileChangeID="719"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1231"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Scripten.exe" PatchLocationID="682" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="104" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1212"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="720"/>
						<FileChg FileChangeID="721"/>
						<FileChg FileChangeID="722"/>
						<FileChg FileChangeID="723"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="Scr55en.exe" PatchLocationID="682" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="104" FixedInSP="0">
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="724"/>
						<FileChg FileChangeID="725"/>
						<FileChg FileChangeID="726"/>
						<FileChg FileChangeID="727"/>
						<FileChg FileChangeID="728"/>
						<FileChg FileChangeID="729"/>
						<FileChg FileChangeID="730"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1232"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-016" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-016" Title="Malformed WebDAV Request Can Cause IIS to Exhaust CPU Resources" DatePosted="2001/03/08" DateRevised="2001/03/13" Supported="Yes" Summary="This update resolves the &quot;Malformed WebDAV Request Can Cause IIS to Exhaust CPU Resources&quot; security vulnerability in Internet Information Services (IIS) 5.0, and is discussed in Microsoft Security Bulletin MS01-016. Download now to prevent a malicious user from temporarily disrupting your Web services. " Issue="WebDAV is an extension to the HTTP protocol that allows remote authoring and management of web content. In the Windows 2000 implementation of the protocol, IIS 5.0 performs initial processing of all WebDAV requests, then forwards the appropriate commands to the WebDAV process. However, a flaw exists in the way WebDAV handles a particular type of malformed request. If a stream of such requests were directed at an affected server, it would consume all CPU availability on the server." ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q291845 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q291845_W2K_SP2_x86_en.EXE" PatchLocationID="572" SBID="8" SQNumber="Q291845" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1162"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="760"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-017" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-017" Title="Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard" DatePosted="2001/03/22" DateRevised="2001/03/28" Supported="Yes" Summary="This update resolves the &quot;Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard&quot; security vulnerability, and is discussed in Microsoft Security Bulletin MS01-017. Download now to prevent an unauthorized user from running code on your computer by digitally signing programs as &quot;Microsoft Corporation.&quot; " Issue="VeriSign, Inc., recently advised Microsoft that on January 29 and 30, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. The common name assigned to both certificates is ?Microsoft Corporation?. The ability to sign executable content using keys that purport to belong to Microsoft would clearly be advantageous to an attacker who wished to convince users to allow the content to run. 
The certificates could be used to sign programs, ActiveX controls, Office macros, and other executable content. Of these, signed ActiveX controls and Office macros would pose the greatest risk, because the attack scenarios involving them would be the most straightforward. Both ActiveX controls and Word documents can be delivered via either web pages or HTML mails. ActiveX controls can be automatically invoked via script, and Word documents can be automatically opened via script unless the user has applied the Office Document Open Confirmation Tool. 

However, even though the certificates say they are owned by Microsoft, they are not bona fide Microsoft certificates, and content signed by them would not be trusted by default. Trust is defined on a certificate-by-certificate basis, rather than on the basis of the common name. As a result, a warning dialogue would be displayed before any of the signed content could be executed, even if the user had previously agreed to trust other certificates with the common name ?Microsoft Corporation?. The danger, of course, is that even a security-conscious user might agree to let the content execute, and might agree to always trust the bogus certificates. 

VeriSign has revoked the certificates, and they are listed in VeriSign?s current Certificate Revocation List (CRL). However, because VeriSign?s code-signing certificates do not specify a CRL Distribution Point (CDP), it is not possible for any browser?s CRL-checking mechanism to download the VeriSign CRL and use it. Microsoft is developing an update that rectifies this problem. The update package includes a CRL containing the two certificates, and an installable revocation handler that consults the CRL on the local machine, rather than attempting to use the CDP mechanism. 
" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q293818"/>
				<QNumber QNumber="Q293817"/>
				<QNumber QNumber="Q293819"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Crlupd.exe" PatchLocationID="709" SBID="0" SQNumber="Q293818" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="crlupd.exe" PatchLocationID="709" SBID="57" SQNumber="Q293818" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="69"/>
						<AffectedServicePack ServicePackID="4"/>
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="82"/>
						<AffectedServicePack ServicePackID="83"/>
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="635"/>
						<FileChg FileChangeID="636"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-018" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-018" Title="Visual Studio VB-TSQL Object Contains Unchecked Buffer" DatePosted="2001/03/27" DateRevised="2001/03/27" Supported="Yes" Summary="Visual Studio 6.0, Enterprise Edition includes a Microsoft Visual Basic feature for debugging T-SQL. This feature contains a problem that could cause a buffer overrun. Because the default installation of the Debugger object allows anyone to start the debugger and run as the logged-on interactive user, this bug potentially could be exploited with malicious intentions." Issue="The VB-TSQL debugger object that ships with Visual Studio 6.0 Enterprise Edition has an unchecked buffer in the code that processes parameters for one of the object?s methods. The object can, by design, be programmatically accessed remotely. If the object were to be referenced by a program that contained specially malformed data within the parameter, either of two outcomes would result. In the less serious case, the attacker could cause the object to fail on the hosting machine. In the more serious case, the attacker could exploit the buffer overrun to run code of the attacker's choice on the hosting machine. 
The debugger object (vbsdicli.exe) is installed by default with Visual Studio 6.0 Enterprise Edition and runs in the context of the interactively logged-on user. The attacker could only execute a successful attack if he knew that a user had the component installed and that the user was logged in at the time of the attack. 
" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q281297"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q281297.EXE" PatchLocationID="705" SBID="0" SQNumber="Q281297" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="107" FixedInSP="0">
						<AffectedServicePack ServicePackID="86"/>
					</AffectedProduct>
					<AffectedProduct ProductID="109" FixedInSP="0">
						<AffectedServicePack ServicePackID="136"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="788"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-019" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-019" Title="Passwords for Compressed Folders are Recoverable" DatePosted="2001/03/28" DateRevised="2001/03/28" Supported="Yes" Summary="Windows Millennium Edition (Me) and Plus! 98 provide a data compression feature that provides the ability to password protect a compressed file. However, under certain conditions, the password may be recorded in a file on your computer. " Issue="Plus! 98, an optional package that extends Windows 98 and Windows 98 Second Edition, introduced a data compression feature called Compressed Folders that was also included in Windows Me. For interoperability with leading third-party compression tools, it provides a password protection option for folders that have been compressed. However, due to a flaw in the package?s implementation, the passwords used to protect the folders are recorded in a file on the user?s system. If an attacker gained access to an affected machine on which password-protected folders were stored, she could learn the passwords and access the files. 
It is important to understand that, although this flaw does constitute a security vulnerability, the password protection feature is not intended to provide strong security. It was included in the products to enable interoperability with password-protection features in other third-party data compression products, and is only intended to provide protection against casual inspection. Customers who need strong protection for files should use Windows® 2000. 

The patch will prevent passwords from being written to the user?s system in the future. However, as discussed in the FAQ, after applying the patch, it is important to also delete c:\windows\dynazip.log, in order to ensure that all previously-recorded passwords are deleted. 
" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q252694 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="252694usa8.exe" PatchLocationID="707" SBID="" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="53"/>
					</PatchComments>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="252694usam.exe" PatchLocationID="708" SBID="" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-020" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-020" Title="Incorrect MIME Header Can Cause IE to Execute E-mail Attachment" DatePosted="2001/03/29" DateRevised="2001/05/25" Supported="Yes" Summary="This update resolves a security vulnerability in Internet Explorer, and is discussed in Microsoft Security Bulletin MS01-020. Download now to prevent a malicious user from running an executable e-mail attachment on your computer.  " Issue="Because HTML e-mails are simply web pages, IE can render them and open binary attachments in a way that is appropriate to their MIME types. However, a flaw exists in the type of processing that is specified for certain unusual MIME types. If an attacker created an HTML e-mail containing an executable attachment, then modified the MIME header information to specify that the attachment was one of the unusual MIME types that IE handles incorrectly, IE would launch the attachment automatically when it rendered the e-mail. 
An attacker could use this vulnerability in either of two scenarios. She could host an affected HTML e-mail on a web site and try to persuade another user to visit it, at which point script on a web page could open the mail and initiate the executable. Alternatively, she could send the HTML mail directly to the user. In either case, the executable attachment, if it ran, would be limited only by user?s permissions on the system. 
" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q290108 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q290108.exe" PatchLocationID="710" SBID="7" SQNumber="Q290108" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="80" FixedInSP="85">
						<AffectedServicePack ServicePackID="13"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="682"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1260"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q290108.exe" PatchLocationID="710" SBID="" SQNumber="Q290108" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="52" FixedInSP="75">
						<AffectedServicePack ServicePackID="12"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="683"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1226"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-021" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-021" Title="Web Request Can Cause Access Violation in ISA Server Web Proxy Service" DatePosted="2001/04/16" DateRevised="2001/04/16" Supported="Yes" Summary="The ISA Server Web Proxy service does not correctly handle a certain type of web request if it exceeds a particular length. Processing such a request would result in an access violation, which would cause the Web Proxy service to fail. This would disrupt all ingoing and outgoing web proxy requests until the service was restarted. " Issue="The ISA Server Web Proxy service does not correctly handle web requests that contain a particular type of malformed argument. Processing such a request would result in an access violation, which would cause the Web Proxy service to fail. This would disrupt all ingoing and outgoing web proxy requests until the service was restarted. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q295279 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="isahf63.exe" PatchLocationID="711" SBID="0" SQNumber="Q295279" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="110" FixedInSP="0">
						<AffectedServicePack ServicePackID="87"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="650"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-022" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-022" Title="WebDAV Service Provider Can Allow Scripts to Levy Requests as User" DatePosted="2001/04/18" DateRevised="2001/04/18" Supported="Yes" Summary="The Microsoft Data Access Component Internet Publishing Provider provides access to WebDAV resources over the Internet. By design, it should differentiate between requests made by a user and those made by script running in the user?s browser. However, because of an implementation flaw, it handles all requests in the security context of the user. As a result, if a user browsed to a web page or opened an HTML e-mail that contained script, that script could access web-based resources as the user. " Issue="The Microsoft Data Access Component Internet Publishing Provider provides access to WebDAV resources over the Internet. By design, it should differentiate between requests made by a user and those made by a script running in the user?s browser. However, because of an implementation flaw, it handles all requests in the security context of the user. As a result, if a user browsed to a web page or opened an HTML e-mail that contained script, that script could access web-based resources as the user. 
The specific actions an attacker could take via this vulnerability would depend on the Web-based resources available to the user, and the user?s privileges on them. However, it is likely that at a minimum, the attacker could browse the user?s intranet, and potentially access web-based e-mail as well. 

" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q296441 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="rbupdate.exe" PatchLocationID="716" SBID="0" SQNumber="Q296441" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="9" FixedInSP="0">
						<AffectedServicePack ServicePackID="50"/>
						<AffectedServicePack ServicePackID="51"/>
						<AffectedServicePack ServicePackID="80"/>
					</AffectedProduct>
					<AffectedProduct ProductID="10" FixedInSP="0">
						<AffectedServicePack ServicePackID="53"/>
						<AffectedServicePack ServicePackID="52"/>
					</AffectedProduct>
					<AffectedProduct ProductID="11" FixedInSP="0">
						<AffectedServicePack ServicePackID="88"/>
					</AffectedProduct>
					<AffectedProduct ProductID="19" FixedInSP="0">
						<AffectedServicePack ServicePackID="89"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Rbupdate.exe" PatchLocationID="716" SBID="0" SQNumber="Q296441" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-023" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-023" Title="Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server" DatePosted="2001/05/01" DateRevised="2001/05/03" Supported="Yes" Summary="This update resolves the &quot;Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server&quot; security vulnerability in Windows 2000 and is discussed in Microsoft Security Bulletin MS01-023. Download now to prevent a malicious user from taking control of your Web server. " Issue="Windows 2000 introduced native support for the Internet Printing Protocol (IPP), an industry-standard protocol for submitting and controlling print jobs over HTTP. The protocol is implemented in Windows 2000 via an ISAPI extension that is installed by default as part of Windows 2000 but which can only be accessed via IIS 5.0. 
A security vulnerability results because the ISAPI extension contains an unchecked buffer in a section of code that handles input parameters. This could enable a remote attacker to conduct a buffer overrun attack and cause code of her choice to run on the server. Such code would run in the Local System security context. This would give the attacker complete control of the server, and would enable her to take virtually any action she chose. 

The attacker could exploit the vulnerability against any server with which she could conduct a web session. No other services would need to be available, and only port 80 (HTTP) or 443 (HTTPS) would need to be open. Clearly, this is a very serious vulnerability, and Microsoft strongly recommends that all IIS 5.0 administrators install the patch immediately. 

Customers who cannot install the patch can protect their systems by removing the mapping for the Internet Printing ISAPI extension. However, it is important to understand that if Web Printing is enabled via Group Policy, this would override the settings made in the Internet Services Manager. As the FAQ discusses in more detail, customers who have enabled Web Printing via Group Policy should disable it first, then unmap the Internet Printing ISAPI extension. 

" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q296576 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q296576_W2K_SP2_x86_en.EXE" PatchLocationID="718" SBID="8" SQNumber="Q296576" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="2">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="651"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1213"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-024" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-024" Title="Malformed Request to Domain Controller Can Cause Memory Exhaustion" DatePosted="2001/05/08" DateRevised="2001/05/08" Supported="Yes" Summary="This update resolves the &quot;Malformed Domain Controller Service Request&quot; security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS01-024. Download now to prevent a malicious user from temporarily disrupting service on your domain controller." Issue="A core service running on all Windows 2000 domain controllers (but not on any other machines) contains a memory leak, which can be triggered when it attempts to process a certain type of invalid service request. By repeatedly sending such a request, an attacker could deplete the available memory on the server. If memory were sufficiently depleted, the domain controller could become unresponsive, which would prevent it from processing logon requests or issuing new Kerberos tickets. An affected machine could be put back into service by rebooting. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q294391 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q299687_W2K_SP3_x86_en.EXE" PatchLocationID="770" SBID="42" SQNumber="Q299687" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="2"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="2"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="2"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="817"/>
						<FileChg FileChangeID="818"/>
						<FileChg FileChangeID="819"/>
						<FileChg FileChangeID="820"/>
						<FileChg FileChangeID="821"/>
						<FileChg FileChangeID="822"/>
						<FileChg FileChangeID="823"/>
						<FileChg FileChangeID="825"/>
						<FileChg FileChangeID="826"/>
						<FileChg FileChangeID="827"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1243"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-025" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-025" Title="Index Server Search Function Contains Unchecked Buffer" DatePosted="2001/05/10" DateRevised="2001/05/22" Supported="Yes" Summary="This update addresses the &quot;Malformed Hit-Highlighting&quot; security vulnerability in Windows 2000 computers running Indexing Service, and is discussed in Microsoft Security Bulletin MS01-025. Download now to prevent a malicious user from reading files on your Web server. " Issue="The patches discussed below address two security vulnerabilities that are unrelated to each other except in the sense that both affect Index Server 2.0. The first vulnerability is a buffer overrun vulnerability. Index Server 2.0 has an unchecked buffer in a function that processes search requests. If an overly long value were provided for a particular search parameter, it would overrun the buffer. If the buffer were overrun with random data, it would cause Index Server to fail. If it were overrun with carefully selected data, code of the attacker?s choice could be made to run on the server, in the Local System security context. 
The second vulnerability affects both Index Server 2.0 and Indexing Service in Windows 2000, and is a new variant of the ?Malformed Hit-Highlighting? vulnerability discussed in Microsoft Security Bulletin MS00-006. The new variant has almost the same scope as the original vulnerability, but potentially exposes a new file type If an attacker provided an invalid search request, she could read ?include? files residing on the web server. The new patch eliminates all known variants of the vulnerability. 
" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q296185 "/>
				<QNumber QNumber="Q294472 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q294472i.exe" PatchLocationID="723" SBID="60" SQNumber="Q294472" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="106" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1215"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="836"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="Q296185i.exe" PatchLocationID="725" SBID="60" SQNumber="Q296185" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="106" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1216"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="837"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="Q296185_W2K_SP3_x86_en.EXE" PatchLocationID="73" SBID="0" SQNumber="Q296185" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="18" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="17" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="663"/>
					</FileChgs>
					<AffectedProduct ProductID="5" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-026" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-026" Title="14 May 2001 Cumulative Patch for IIS" DatePosted="2001/05/14" DateRevised="2001/05/15" Supported="Yes" Summary="This cumulative update includes all the updates that have been released for Internet Information Service (IIS) 5.0, including three new updates, and is discussed in Microsoft Security Bulletin MS01-026. Download now to update IIS 5.0 with the latest security fixes. " Issue="This update eliminates three new vulnerabilities: A vulnerability that could enable a malicious user to run operating system commands on an affected server. 
A vulnerability that could allow a malicious user to enter a File Transfer Protocol (FTP) command, which can cause IIS 5.0 to fail. FTP is the protocol used for copying files to and from remote computer systems on a network. 
A vulnerability that can enable a malicious user to access a guest account using the FTP service. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q293826"/>
				<QNumber QNumber="Q295534"/>
				<QNumber QNumber="Q294370 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q293826_W2K_SP3_x86_en.EXE" PatchLocationID="73" SBID="58" SQNumber="Q293826" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="731"/>
						<FileChg FileChangeID="732"/>
						<FileChg FileChangeID="733"/>
						<FileChg FileChangeID="734"/>
						<FileChg FileChangeID="735"/>
						<FileChg FileChangeID="736"/>
						<FileChg FileChangeID="737"/>
						<FileChg FileChangeID="738"/>
						<FileChg FileChangeID="739"/>
						<FileChg FileChangeID="740"/>
						<FileChg FileChangeID="741"/>
						<FileChg FileChangeID="742"/>
						<FileChg FileChangeID="743"/>
						<FileChg FileChangeID="744"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1233"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q295534i.exe" PatchLocationID="748" SBID="60" SQNumber="Q295534" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="745"/>
						<FileChg FileChangeID="746"/>
						<FileChg FileChangeID="747"/>
						<FileChg FileChangeID="748"/>
						<FileChg FileChangeID="749"/>
						<FileChg FileChangeID="750"/>
						<FileChg FileChangeID="751"/>
						<FileChg FileChangeID="752"/>
						<FileChg FileChangeID="753"/>
						<FileChg FileChangeID="754"/>
						<FileChg FileChangeID="756"/>
						<FileChg FileChangeID="757"/>
						<FileChg FileChangeID="758"/>
						<FileChg FileChangeID="759"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1234"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-027" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-027" Title="Flaws in Web Server Certificate Validation Could Enable Spoofing" DatePosted="2001/05/16" DateRevised="2001/05/25" Supported="Yes" Summary="This update resolves several security vulnerabilities in Internet Explorer, and is discussed in Microsoft Security Bulletins MS01-027, MS01-020, and MS01-015. Download now to eliminate multiple certificate validation vulnerabilities and to prevent malicious Web site operators from making it appear that the content from his or her Web site actually originated from another site, even a trusted or secure Web site. " Issue="A patch is available to eliminate two newly discovered vulnerabilities affecting Internet Explorer, both of which could enable an attacker to spoof trusted web sites. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q295106 "/>
				<QNumber QNumber="Q299618 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q295106.exe" PatchLocationID="734" SBID="0" SQNumber="Q295106" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="52" FixedInSP="0">
						<AffectedServicePack ServicePackID="75"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1223"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="838"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="q299618.exe" PatchLocationID="735" SBID="0" SQNumber="Q299618" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="80" FixedInSP="85">
						<AffectedServicePack ServicePackID="13"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1224"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="876"/>
						<FileChg FileChangeID="877"/>
						<FileChg FileChangeID="878"/>
						<FileChg FileChangeID="879"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-028" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-028" Title="RTF Document Linked to Template Can Run Macros Without Warning" DatePosted="2001/05/21" DateRevised="2001/06/06" Supported="Yes" Summary="The Word 2000 Security Update: Macro Vulnerability prevents macros from opening without a security warning. After you have installed the update, you will be warned before you open an RTF document that contains a template or macro. After you have installed the update, you will still be able to use templates, macros in templates, or Rich Text Format (RTF) documents with macros." Issue="The Word 2000 Security Update: Macro Vulnerability addresses a vulnerability that could allow malicious code to run in a Rich Text Format (RTF) document without warning. Under normal circumstances, you will see a warning in Word 2000 when you open a document attached to a template containing macros. However, it is possible for an RTF document to be linked to a template containing macros in such a way that a macro can run with no warning issued. This could cause damage to data or allow unauthorized retrieval of data from your system when you visit a Web site or open an e-mail message. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q288266 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="wd2kmsec.exe" PatchLocationID="732" SBID="40" SQNumber="Q288266" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="38" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
						<AffectedServicePack ServicePackID="143"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="wd97mcrs.exe" PatchLocationID="733" SBID="41" SQNumber="Q288266" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="39" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-029" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-029" Title="Windows Media Player .ASX Processor Contains Unchecked Buffer" DatePosted="2001/05/23" DateRevised="2001/05/23" Supported="Yes" Summary="This update addresses two security vulnerabilities that are related to each other only by the fact that they both affect Windows Media Player. The two vulnerabilities are a buffer overrun in the functionality used to process Active Stream Redirector (.ASX) files, and a vulnerability affecting how Windows Media Player handles Internet shortcuts. In addition, this update addresses a potential privacy vulnerability that was recently identified. " Issue="This update addresses two security vulnerabilities that are related to each other only by the fact that they both affect Windows Media Player. The two vulnerabilities are a buffer overrun in the functionality used to process Active Stream Redirector (.ASX) files, and a vulnerability affecting how Windows Media Player handles Internet shortcuts. In addition, this update addresses a potential privacy vulnerability that was recently identified. " ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q298598"/>
				<QNumber QNumber="Q296138"/>
				<QNumber QNumber="Q296139 "/>
				<QNumber QNumber="Q296139 "/>
				<QNumber QNumber="Q296139 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="WMSU47357.exe" PatchLocationID="728" SBID="0" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="79" FixedInSP="0">
						<AffectedServicePack ServicePackID="122"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="666"/>
						<FileChg FileChangeID="667"/>
						<FileChg FileChangeID="669"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1219"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="mp71.exe" PatchLocationID="730" SBID="0" SQNumber="" NoReboot="0">
					<PatchComments>
						<PatchComment CommentID="54"/>
					</PatchComments>
					<AffectedProduct ProductID="20" FixedInSP="0">
						<AffectedServicePack ServicePackID="94"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="670"/>
						<FileChg FileChangeID="671"/>
						<FileChg FileChangeID="672"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-030" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-030" Title="Incorrect Attachment Handling in Exchange OWA Can Execute Script" DatePosted="2001/06/06" DateRevised="2001/06/08" Supported="Yes" Summary="" Issue="OWA is a service of Exchange 5.5 and 2000 Server that allows users to use a web browser to access their Exchange mailbox. However, a flaw exists in the interaction between OWA and IE for message attachments. If an attachment contains HTML code including script, the script will be executed when the attachment is opened, regardless of the attachment type. Because OWA requires that scripting be enabled in the zone where the OWA server is located, this script could take action against the user?s Exchange mailbox. 

An attacker could use this flaw to construct an attachment containing malicious script code. The attacker could then send the attachment in a message to the user. If the user opened the attachment in OWA, the script would execute and could take action against the user?s mailbox as if it were the user, including, under certain circumstances, manipulation of messages or folders. 
" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q299535 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q301361i386.EXE" PatchLocationID="752" SBID="0" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="35" FixedInSP="0">
						<AffectedServicePack ServicePackID="60"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q299535engi386.EXE" PatchLocationID="753" SBID="0" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="34" FixedInSP="0">
						<AffectedServicePack ServicePackID="43"/>
					</AffectedProduct>
					<AffectedProduct ProductID="33" FixedInSP="0">
						<AffectedServicePack ServicePackID="43"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-031" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-031" Title="Predictable Named Pipes Could Enable Privilege Elevation via Telnet" DatePosted="2001/06/07" DateRevised="2001/06/07" Supported="Yes" Summary="This update addresses the &quot;Predicatable Named Pipes Could Enable Privilege Elevation via Telnet&quot; security vulnerability in the Windows 2000 Telnet service that is discussed in Microsoft Security Bulletin MS01-031. Download now to prevent a malicious user from launching programs on your computer, gaining access to your network, or initiating a denial of service attack against your computer." Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q299553 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q299553_W2K_SP3_x86_en.EXE" PatchLocationID="754" SBID="0" SQNumber="Q299553" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="799"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1235"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-032" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-032" Title="SQL Query Method Enables Cached Administrator Connection to be Reused" DatePosted="2001/06/12" DateRevised="2001/06/12" Supported="Yes" Summary="One SQL query method contains a flaw that has the effect of making it possible for one user?s query to reuse a cached connection that belonged to the sa account. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q299717 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="s80296i.exe" PatchLocationID="759" SBID="0" SQNumber="Q299717" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="30" FixedInSP="144">
						<AffectedServicePack ServicePackID="98"/>
					</AffectedProduct>
					<AffectedProduct ProductID="32" FixedInSP="151">
						<AffectedServicePack ServicePackID="99"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="s70996i.exe" PatchLocationID="760" SBID="0" SQNumber="Q299717" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="29" FixedInSP="0">
						<AffectedServicePack ServicePackID="56"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="811"/>
						<FileChg FileChangeID="813"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-033" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-033" Title="Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise" DatePosted="2001/06/18" DateRevised="2001/06/18" Supported="Yes" Summary="This update resolves the &quot;Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise&quot; security vulnerability in Windows NT4.0 and Windows 2000 computers running Indexing Services 2.0 and IIS 5.0, and is discussed in Microsoft Security Bulletin MS01-033. Download now to prevent a malicious user from taking control of your Web server. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q300972 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q300972_W2K_SP3_x86_en.EXE" PatchLocationID="763" SBID="58" SQNumber="Q300972" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="18" FixedInSP="0">
						<AffectedServicePack ServicePackID="74"/>
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1241"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="841"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="Q300972i.exe" PatchLocationID="765" SBID="60" SQNumber="Q300972" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="106" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="816"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1242"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-034" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-034" Title="Malformed Word Document Could Enable Macro to Run Automatically" DatePosted="2001/06/21" DateRevised="2001/06/25" Supported="Yes" Summary="This update prevents Word from running macros without warning because the user has opened a document that has been maliciously modified. Once you have installed this update, you will still be able to use templates, macros in templates, or RTF documents with macros. This issue is addressed in the Microsoft Security Bulletin MS01-034: Malformed Word Document Could Enable Macro to Run Automatically." Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q302294 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="wd97mcrs.exe" PatchLocationID="733" SBID="0" SQNumber="Q288266" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="39" FixedInSP="0">
						<AffectedServicePack ServicePackID="29"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="wd2kmsec.exe" PatchLocationID="732" SBID="0" SQNumber="Q288266" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="38" FixedInSP="0">
						<AffectedServicePack ServicePackID="10"/>
						<AffectedServicePack ServicePackID="11"/>
						<AffectedServicePack ServicePackID="143"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="WRD1001.exe" PatchLocationID="767" SBID="0" SQNumber="Q302294" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="111" FixedInSP="0">
						<AffectedServicePack ServicePackID="145"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-035" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-035" Title="FrontPage Server Extension Sub-Component Contains Unchecked Buffer" DatePosted="2001/06/21" DateRevised="2001/06/21" Supported="Yes" Summary="Microsoft has released a patch that eliminates a security vulnerability in Visual Studio RAD (Remote Application Deployment) Support, an optional sub-component of FrontPage Server Extensions. This sub-component contains an unchecked buffer in a section that processes input information. By establishing a web session on with the server and passing a specially malformed packet to the server component, an attacker could cause code of his choice to run on the server. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q300477 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q300477_W2K_SP3_x86_en.EXE" PatchLocationID="768" SBID="0" SQNumber="Q300477" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="112" FixedInSP="0">
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Q300477.exe" PatchLocationID="769" SBID="0" SQNumber="Q300477" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="112" FixedInSP="0">
						<AffectedServicePack ServicePackID="5"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-036" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-036" Title="Function Exposed via LDAP over SSL Could Enable Passwords to be Changed" DatePosted="2001/06/25" DateRevised="2001/06/25" Supported="Yes" Summary="This patch eliminates a vulnerability affecting Windows 2000 servers that provide LDAP services over SSL. A function that allows user to change data attributes of directory principals doesn't correctly check the credentials of the requester, in the specific case where the directory principal is a user and the data attribute is the password. This could enable an attacker to change another user's logon password without proper authorization. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q299687"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q299687_W2K_SP3_x86_en.EXE" PatchLocationID="770" SBID="0" SQNumber="Q299687" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="2"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="2"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="2"/>
						<AffectedServicePack ServicePackID="1"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="817"/>
						<FileChg FileChangeID="818"/>
						<FileChg FileChangeID="819"/>
						<FileChg FileChangeID="820"/>
						<FileChg FileChangeID="821"/>
						<FileChg FileChangeID="822"/>
						<FileChg FileChangeID="823"/>
						<FileChg FileChangeID="825"/>
						<FileChg FileChangeID="826"/>
						<FileChg FileChangeID="827"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1243"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-037" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-037" Title="Authentication Error in SMTP Service Could Allow Mail Relaying" DatePosted="2001/07/05" DateRevised="2001/07/05" Supported="Yes" Summary="This update addresses the &quot;Windows 2000 SMTP Mail Relaying&quot; security vulnerability in the Windows 2000 Simple Mail Transfer Protocol (SMTP) service and is discussed in Microsoft Security Bulletin MS01-037. Download now to prevent malicious users from relaying e-mail messages from your computer." Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q302755"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q302755_W2k_SP3_x86_en.exe" PatchLocationID="786" SBID="0" SQNumber="Q302755" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="883"/>
						<FileChg FileChangeID="885"/>
						<FileChg FileChangeID="887"/>
						<FileChg FileChangeID="889"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1262"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-038" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-038" Title="Outlook View Control Exposes Unsafe Functionality" DatePosted="2001/07/12" DateRevised="2001/07/12" Supported="Yes" Summary="The Microsoft Outlook View Control is an ActiveX control that allows Outlook mail folders to be viewed via web pages. The control should only allow passive operations such as viewing mail or calendar data. In reality, though, it exposes a function that could allow the web page to manipulate Outlook data. This could enable an attacker to delete mail, change calendar information, or take virtually any other action through Outlook including running arbitrary code on the user's machine. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q303833 "/>
				<QNumber QNumber="Q303835"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="outlctlx.exe" PatchLocationID="817" SBID="0" SQNumber="Q303833" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="25" FixedInSP="0">
						<AffectedServicePack ServicePackID="143"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="olk1003.exe" PatchLocationID="818" SBID="0" SQNumber="Q303825" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="113" FixedInSP="0">
						<AffectedServicePack ServicePackID="147"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-039" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-039" Title="Services for Unix 2.0 Telnet and NFS Services Contain Memory Leaks" DatePosted="2001/07/24" DateRevised="2001/07/24" Supported="Yes" Summary="Among the components provided by Services for Unix (SFU) 2.0 are services that implement the NFS (Network File System) and Telnet protocols. Both services contain memory leaks that could be triggered by a user request. An attacker who repeatedly sent such a request could deplete the kernel memory on the server to the point where performance slowed and the system could potentially fail. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q301514 "/>
				<QNumber QNumber="Q294380 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q294380_sfu_2_x86.exe" PatchLocationID="791" SBID="0" SQNumber="Q294380" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="114" FixedInSP="0">
						<AffectedServicePack ServicePackID="148"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1264"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q301514_sfu_2_x86.exe" PatchLocationID="793" SBID="0" SQNumber="Q301514" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="114" FixedInSP="0">
						<AffectedServicePack ServicePackID="148"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1265"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q294380_sfu_2_x86.Exe" PatchLocationID="795" SBID="0" SQNumber="Q294380" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="115" FixedInSP="0">
						<AffectedServicePack ServicePackID="149"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1266"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q301514_sfu_2_x86.Exe" PatchLocationID="73" SBID="0" SQNumber="Q301514" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="115" FixedInSP="0">
						<AffectedServicePack ServicePackID="149"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1267"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-040" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-040" Title="Invalid RDP Data Can Cause Memory Leak in Terminal Services" DatePosted="2001/07/25" DateRevised="2001/07/25" Supported="Yes" Summary="The Windows 2000 Terminal Service and Windows NT 4.0 Terminal Server Edition contains a memory leak in one of the functions that processes incoming Remote Data Protocol data via port 3389. Each time an RDP packet containing a specific type of malformation is processed, the memory leak depletes overall server memory by a small amount. 
If an attacker sent a sufficiently large quantity of such data to an affected machine, he could deplete the machine's memory to the point where response time would be slowed or the machine's ability to respond would be stopped altogether. All system services would be affected, including but not limited to terminal services. Normal operation could be restored by rebooting the machine. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q292435"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q292435_w2k_sp3_x86_en.exe" PatchLocationID="796" SBID="0" SQNumber="Q292435" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1268"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="893"/>
						<FileChg FileChangeID="895"/>
						<FileChg FileChangeID="1159"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="q292435i.exe" PatchLocationID="798" SBID="0" SQNumber="Q292435" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="83"/>
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="897"/>
						<FileChg FileChangeID="898"/>
						<FileChg FileChangeID="899"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1269"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-041" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-041" Title="Malformed RPC Request Can Cause Service Failure" DatePosted="2001/07/26" DateRevised="2001/07/26" Supported="Yes" Summary="Several of the RPC servers associated with system services in Microsoft Exchange, SQL Server, Windows NT 4.0 and Windows 2000 do not adequately validate inputs, and in some cases will accept invalid inputs that prevent normal processing. The specific input values at issue here vary from RPC server to RPC server. 
An attacker who sent such inputs to an affected RPC server could disrupt its service. The precise type of disruption would depend on the specific service, but could range in effect from minor (e.g., the service temporarily hanging) to major (e.g., the service failing in a way that would require the entire system to be restarted). " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q298012 "/>
				<QNumber QNumber="Q298012 "/>
				<QNumber QNumber="Q299444"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q299444i.exe" PatchLocationID="800" SBID="0" SQNumber="Q299444" NoReboot="1">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1270"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="901"/>
						<FileChg FileChangeID="902"/>
						<FileChg FileChangeID="904"/>
						<FileChg FileChangeID="905"/>
						<FileChg FileChangeID="907"/>
						<FileChg FileChangeID="915"/>
						<FileChg FileChangeID="919"/>
						<FileChg FileChangeID="920"/>
						<FileChg FileChangeID="922"/>
						<FileChg FileChangeID="923"/>
						<FileChg FileChangeID="924"/>
						<FileChg FileChangeID="925"/>
						<FileChg FileChangeID="926"/>
						<FileChg FileChangeID="927"/>
						<FileChg FileChangeID="928"/>
						<FileChg FileChangeID="929"/>
						<FileChg FileChangeID="930"/>
						<FileChg FileChangeID="931"/>
						<FileChg FileChangeID="932"/>
						<FileChg FileChangeID="933"/>
						<FileChg FileChangeID="935"/>
						<FileChg FileChangeID="936"/>
						<FileChg FileChangeID="937"/>
						<FileChg FileChangeID="938"/>
						<FileChg FileChangeID="939"/>
						<FileChg FileChangeID="940"/>
						<FileChg FileChangeID="943"/>
						<FileChg FileChangeID="944"/>
						<FileChg FileChangeID="945"/>
						<FileChg FileChangeID="946"/>
						<FileChg FileChangeID="948"/>
						<FileChg FileChangeID="950"/>
						<FileChg FileChangeID="951"/>
						<FileChg FileChangeID="952"/>
						<FileChg FileChangeID="953"/>
						<FileChg FileChangeID="954"/>
						<FileChg FileChangeID="955"/>
						<FileChg FileChangeID="958"/>
						<FileChg FileChangeID="959"/>
						<FileChg FileChangeID="960"/>
						<FileChg FileChangeID="961"/>
						<FileChg FileChangeID="962"/>
						<FileChg FileChangeID="963"/>
						<FileChg FileChangeID="966"/>
						<FileChg FileChangeID="967"/>
						<FileChg FileChangeID="968"/>
						<FileChg FileChangeID="969"/>
						<FileChg FileChangeID="970"/>
						<FileChg FileChangeID="971"/>
						<FileChg FileChangeID="972"/>
						<FileChg FileChangeID="973"/>
						<FileChg FileChangeID="976"/>
						<FileChg FileChangeID="978"/>
						<FileChg FileChangeID="980"/>
						<FileChg FileChangeID="982"/>
						<FileChg FileChangeID="984"/>
						<FileChg FileChangeID="986"/>
						<FileChg FileChangeID="988"/>
						<FileChg FileChangeID="990"/>
						<FileChg FileChangeID="992"/>
						<FileChg FileChangeID="994"/>
						<FileChg FileChangeID="996"/>
						<FileChg FileChangeID="998"/>
						<FileChg FileChangeID="1000"/>
						<FileChg FileChangeID="1002"/>
						<FileChg FileChangeID="1004"/>
						<FileChg FileChangeID="1006"/>
						<FileChg FileChangeID="1008"/>
						<FileChg FileChangeID="1010"/>
						<FileChg FileChangeID="1012"/>
						<FileChg FileChangeID="1014"/>
						<FileChg FileChangeID="1016"/>
						<FileChg FileChangeID="1018"/>
						<FileChg FileChangeID="1020"/>
						<FileChg FileChangeID="1022"/>
						<FileChg FileChangeID="1024"/>
						<FileChg FileChangeID="1026"/>
						<FileChg FileChangeID="1028"/>
						<FileChg FileChangeID="1030"/>
						<FileChg FileChangeID="1032"/>
						<FileChg FileChangeID="1034"/>
						<FileChg FileChangeID="1036"/>
						<FileChg FileChangeID="1038"/>
						<FileChg FileChangeID="1040"/>
						<FileChg FileChangeID="1042"/>
						<FileChg FileChangeID="1044"/>
						<FileChg FileChangeID="1046"/>
						<FileChg FileChangeID="635"/>
						<FileChg FileChangeID="636"/>
						<FileChg FileChangeID="1048"/>
						<FileChg FileChangeID="1207"/>
						<FileChg FileChangeID="1211"/>
						<FileChg FileChangeID="1212"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="Q299444I.exe" PatchLocationID="800" SBID="59" SQNumber="Q299444" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1270"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="900"/>
						<FileChg FileChangeID="903"/>
						<FileChg FileChangeID="908"/>
						<FileChg FileChangeID="909"/>
						<FileChg FileChangeID="910"/>
						<FileChg FileChangeID="911"/>
						<FileChg FileChangeID="912"/>
						<FileChg FileChangeID="913"/>
						<FileChg FileChangeID="914"/>
						<FileChg FileChangeID="916"/>
						<FileChg FileChangeID="917"/>
						<FileChg FileChangeID="956"/>
						<FileChg FileChangeID="957"/>
						<FileChg FileChangeID="964"/>
						<FileChg FileChangeID="965"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="q298012_w2k_sp3_x86_en.exe" PatchLocationID="804" SBID="0" SQNumber="Q298012" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1052"/>
						<FileChg FileChangeID="1054"/>
						<FileChg FileChangeID="1056"/>
						<FileChg FileChangeID="1058"/>
						<FileChg FileChangeID="1060"/>
						<FileChg FileChangeID="1062"/>
						<FileChg FileChangeID="1064"/>
						<FileChg FileChangeID="1066"/>
						<FileChg FileChangeID="1068"/>
						<FileChg FileChangeID="1072"/>
						<FileChg FileChangeID="1074"/>
						<FileChg FileChangeID="1076"/>
						<FileChg FileChangeID="1077"/>
						<FileChg FileChangeID="1079"/>
						<FileChg FileChangeID="1081"/>
						<FileChg FileChangeID="1083"/>
						<FileChg FileChangeID="1085"/>
						<FileChg FileChangeID="1087"/>
						<FileChg FileChangeID="1089"/>
						<FileChg FileChangeID="1091"/>
						<FileChg FileChangeID="1093"/>
						<FileChg FileChangeID="1095"/>
						<FileChg FileChangeID="1097"/>
						<FileChg FileChangeID="1099"/>
						<FileChg FileChangeID="1101"/>
						<FileChg FileChangeID="1103"/>
						<FileChg FileChangeID="1105"/>
						<FileChg FileChangeID="1107"/>
						<FileChg FileChangeID="1109"/>
						<FileChg FileChangeID="1111"/>
						<FileChg FileChangeID="1113"/>
						<FileChg FileChangeID="1115"/>
						<FileChg FileChangeID="1117"/>
						<FileChg FileChangeID="1119"/>
						<FileChg FileChangeID="1121"/>
						<FileChg FileChangeID="1123"/>
						<FileChg FileChangeID="1125"/>
						<FileChg FileChangeID="1127"/>
						<FileChg FileChangeID="1129"/>
						<FileChg FileChangeID="1131"/>
						<FileChg FileChangeID="1132"/>
						<FileChg FileChangeID="1133"/>
						<FileChg FileChangeID="1134"/>
						<FileChg FileChangeID="1136"/>
						<FileChg FileChangeID="1137"/>
						<FileChg FileChangeID="1138"/>
						<FileChg FileChangeID="1139"/>
						<FileChg FileChangeID="1140"/>
						<FileChg FileChangeID="1142"/>
						<FileChg FileChangeID="1143"/>
						<FileChg FileChangeID="1144"/>
						<FileChg FileChangeID="1145"/>
						<FileChg FileChangeID="1147"/>
						<FileChg FileChangeID="1148"/>
						<FileChg FileChangeID="1150"/>
						<FileChg FileChangeID="1151"/>
						<FileChg FileChangeID="1152"/>
						<FileChg FileChangeID="1154"/>
						<FileChg FileChangeID="1156"/>
						<FileChg FileChangeID="1157"/>
						<FileChg FileChangeID="1216"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="q298012_sql2000_x86_en.exe" PatchLocationID="809" SBID="0" SQNumber="Q298012" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="30" FixedInSP="0">
						<AffectedServicePack ServicePackID="98"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="q298012_sql70sp2_x86_en.exe" PatchLocationID="810" SBID="0" SQNumber="Q298012" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="29" FixedInSP="0">
						<AffectedServicePack ServicePackID="23"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="q304062engi386.exe" PatchLocationID="811" SBID="0" SQNumber="Q304062" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="35" FixedInSP="0">
						<AffectedServicePack ServicePackID="60"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="q304063engi386.exe" PatchLocationID="812" SBID="0" SQNumber="Q304063" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="33" FixedInSP="0">
						<AffectedServicePack ServicePackID="43"/>
					</AffectedProduct>
					<AffectedProduct ProductID="34" FixedInSP="0">
						<AffectedServicePack ServicePackID="43"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-042" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-042" Title="Windows Media Player .NSC Processor Contains Unchecked Buffer" DatePosted="2001/07/26" DateRevised="2001/07/26" Supported="Yes" Summary="Windows Media Player provides support for audio and video streaming. Streaming media channels can be configured by using Windows Media Station (.NSC) files. An unchecked buffer exists in the functionality used to process Windows Media Station files. This unchecked buffer could potentially allow an attacker to run code of his choice on the machine of another user. The attacker could either send a specially malformed file to another user and entice her to run or preview it, or he could host such a file on a web site and cause it to launch automatically whenever a user visited the site. The code could take any action on the machine that the legitimate user himself could take. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q304404"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="wmsu55362.exe" PatchLocationID="802" SBID="0" SQNumber="Q304404" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="79" FixedInSP="0">
						<AffectedServicePack ServicePackID="122"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1271"/>
					</RegChgs>
					<AffectedProduct ProductID="116" FixedInSP="0">
						<AffectedServicePack ServicePackID="150"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1158"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-043" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-043" Title="NNTP Service in Windows NT 4.0 and Windows 2000 Contains Memory Leak" DatePosted="2001/08/14" DateRevised="2001/08/14" Supported="Yes" Summary="The NNTP (Network News Transport Protocol) service in Windows NT 4.0 and Windows 2000 contains a memory leak in a routine that processes news postings. Each time such a posting is processed that contains a particular construction, the memory leak causes a small amount of memory to no longer be available for use. If an attacker sent a large number of posts, the server memory could be depleted to the point at which normal service would be disrupted. An affected server could be restored to normal service by rebooting. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q303984"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q304876engi386.exe" PatchLocationID="808" SBID="0" SQNumber="Q303984" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1161"/>
					</FileChgs>
				</Patch>
				<Patch PatchName="q303984_w2k_sp3_x86_en.exe" PatchLocationID="73" SBID="0" SQNumber="Q303984" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="5" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1161"/>
					</FileChgs>
					<AffectedProduct ProductID="33" FixedInSP="0">
						<AffectedServicePack ServicePackID="43"/>
						<AffectedServicePack ServicePackID="84"/>
					</AffectedProduct>
					<AffectedProduct ProductID="34" FixedInSP="0">
						<AffectedServicePack ServicePackID="43"/>
						<AffectedServicePack ServicePackID="84"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-044" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-044" Title="15 August 2001 Cumulative Patch for IIS" DatePosted="2001/08/15" DateRevised="2001/08/15" Supported="Yes" Summary="Microsoft has released a cumulative patch for IIS 4.0 and 5.0. In addition to eliminating virtually all previously identified security vulnerabilities in IIS, it also eliminates several newly discovered ones. These include three denial of service vulnerabilities, one of which is exploited by the Code Red worm, and two vulnerabilities that could enable an attacker with the ability to load low-privilege code on the server to gain higher privileges. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q297860"/>
				<QNumber QNumber="Q305359"/>
				<QNumber QNumber="Q304867"/>
				<QNumber QNumber="Q294774"/>
				<QNumber QNumber="Q301625"/>
				<QNumber QNumber="Q298340 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q301625i.exe" PatchLocationID="813" SBID="0" SQNumber="Q301625" NoReboot="1">
					<PatchComments/>
					<AffectedProduct ProductID="16" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
						<AffectedServicePack ServicePackID="5"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1162"/>
						<FileChg FileChangeID="1163"/>
						<FileChg FileChangeID="1164"/>
						<FileChg FileChangeID="1165"/>
						<FileChg FileChangeID="1166"/>
						<FileChg FileChangeID="1167"/>
						<FileChg FileChangeID="1168"/>
						<FileChg FileChangeID="1169"/>
						<FileChg FileChangeID="1170"/>
						<FileChg FileChangeID="1171"/>
						<FileChg FileChangeID="1172"/>
						<FileChg FileChangeID="1174"/>
						<FileChg FileChangeID="1175"/>
						<FileChg FileChangeID="1176"/>
						<FileChg FileChangeID="1177"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1272"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q301625_w2k_sp3_x86_en.exe" PatchLocationID="820" SBID="0" SQNumber="Q301625" NoReboot="1">
					<PatchComments/>
					<AffectedProduct ProductID="17" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1178"/>
						<FileChg FileChangeID="1179"/>
						<FileChg FileChangeID="1180"/>
						<FileChg FileChangeID="1182"/>
						<FileChg FileChangeID="1183"/>
						<FileChg FileChangeID="1185"/>
						<FileChg FileChangeID="1186"/>
						<FileChg FileChangeID="1188"/>
						<FileChg FileChangeID="1189"/>
						<FileChg FileChangeID="1190"/>
						<FileChg FileChangeID="1191"/>
						<FileChg FileChangeID="1192"/>
						<FileChg FileChangeID="1193"/>
						<FileChg FileChangeID="1194"/>
						<FileChg FileChangeID="1195"/>
						<FileChg FileChangeID="1196"/>
						<FileChg FileChangeID="1197"/>
						<FileChg FileChangeID="1198"/>
						<FileChg FileChangeID="1199"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-045" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-045" Title="ISA Server H.323 Gatekeeper Service Contains Memory Leak" DatePosted="2001/08/16" DateRevised="2001/08/16" Supported="Yes" Summary="There is a potential memory leak in the H323 ASN DLL, which is used by the Winsock Proxy service and the Gatekeeper service, which is fixed. 

Also included is a fix to prevent scripting in the error return pages. The problem is caused because the ISA server returns the complete original URL to the browser in the error message along with the description of the reason why it could not be accessed. If the request URL contains a script, the browser executes the script on receipt. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q289503 "/>
				<QNumber QNumber="Q295389 "/>
				<QNumber QNumber="Q289503 "/>
				<QNumber QNumber="Q295389 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="isahf68.exe" PatchLocationID="816" SBID="0" SQNumber="Q289503" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="110" FixedInSP="0">
						<AffectedServicePack ServicePackID="87"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-046" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-046" Title="Access Violation in Windows 2000 IRDA Driver Can Cause System to Restart" DatePosted="2001/08/21" DateRevised="2001/08/21" Supported="Yes" Summary="Microsoft Windows 2000 provides support for infrared-based connectivity. This support is provided through protocols developed by the Infrared Data Association (IRDA). Because of this, they are often called IRDA devices. These devices can be used to share files and printers with other IRDA-device capable systems. The software which handles IRDA devices in Windows 2000 contains an unchecked buffer in the code which handles certain IRDA packets. 

A security vulnerability results because it is possible for a malicious user to send a specially crafted IRDA packet to the victim's system. This could enable the attacker to conduct a buffer overflow attack and cause an access violation on the system, forcing a reboot. To be best of our knowledge, it cannot be used to run malicious code on the user's system " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q303049"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q252795_W2K_SP3_x86_en.EXE" PatchLocationID="819" SBID="0" SQNumber="Q252795" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="5" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1201"/>
						<FileChg FileChangeID="1203"/>
						<FileChg FileChangeID="1205"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1273"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-047" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-047" Title="OWA Function Allows Unauthenticated User to Enumerate Global Address List" DatePosted="2001/09/06" DateRevised="2001/09/06" Supported="Yes" Summary="Among the functions Outlook Web Access (OWA) in Exchange 5.5 offers is the ability to search the global address list (GAL). By design, this is an authenticated function, implemented as a two-tier architecture - a front tier that provides a user interface and a back-end tier that actually performs the search. However, only the front tier actually checks authentication. An attacker who sent a properly formatted request to the back-end function that actually performs the search could enumerate the GAL without authenticating. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q307195 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q307195engi386.EXE" PatchLocationID="822" SBID="0" SQNumber="Q307195" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="35" FixedInSP="0">
						<AffectedServicePack ServicePackID="60"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-048" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-048" Title="Malformed Request to RPC Endpoint Mapper can Cause RPC Service to Fail" DatePosted="2001/09/10" DateRevised="2001/09/10" Supported="Yes" Summary="The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service. The Windows NT 4.0 endpoint mapper contains a flaw that causes it to fail upon receipt of a request that contains a particular type of malformed data. 

Because the endpoint mapper runs within the RPC service itself, exploiting this vulnerability would cause the RPC service itself to fail, with the attendant loss of any RPC-based services the server offers, as well as potential loss of some COM functions. Normal service could be restored by rebooting the server. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q305399"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q305399i.exe" PatchLocationID="823" SBID="0" SQNumber="Q305399" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="1" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="2" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<AffectedProduct ProductID="3" FixedInSP="0">
						<AffectedServicePack ServicePackID="7"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1274"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="1217"/>
						<FileChg FileChangeID="1218"/>
						<FileChg FileChangeID="1219"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-049" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-049" Title="Deeply-nested OWA Request Can Consume Server CPU Availability" DatePosted="2001/09/26" DateRevised="2001/09/26" Supported="Yes" Summary="A security vulnerability exists in Exchange 2000 Outlook Web Access, because it will accept and process a request for an item in an authenticated user’s mailbox without verifying first that the folder structure is valid. An attacker could mount a denial of service attack by repeatedly levying a request for a non-existent but deeply nested folder in his own mailbox. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q303451"/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q303451engi386.EXE" PatchLocationID="825" SBID="0" SQNumber="Q303451" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="34" FixedInSP="0">
						<AffectedServicePack ServicePackID="84"/>
					</AffectedProduct>
					<AffectedProduct ProductID="33" FixedInSP="0">
						<AffectedServicePack ServicePackID="84"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-050" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-050" Title="Malformed Excel or PowerPoint Document Can Bypass Macro Security" DatePosted="2001/10/04" DateRevised="2001/10/04" Supported="Yes" Summary="Excel and PowerPoint have a macro security framework that controls the execution of macros and prevents macros from running automatically. Under this framework, any time a user opens a document the document is scanned for the presence of macros. If a document contains macros, the user is notified and asked if he wants to run the macros or the macros are disabled entirely, depending on the security setting. A flaw exists in the way macros are detected that can allow a malicious user to bypass macro checking. 

A malicious attacker could attempt to exploit this vulnerability by crafting a specially formed Excel or PowerPoint document with macro code that would run automatically when the user opened it. The attacker could carry out this attack by hosting the malicious file on a web site, a file share, or by sending it through email. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q306603"/>
				<QNumber QNumber="Q306604"/>
				<QNumber QNumber="Q306605"/>
				<QNumber QNumber="Q306606 "/>
				<QNumber QNumber="Q306606 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="xl2000" PatchLocationID="827" SBID="0" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="44" FixedInSP="0">
						<AffectedServicePack ServicePackID="11"/>
						<AffectedServicePack ServicePackID="143"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="xl2002" PatchLocationID="828" SBID="0" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="117" FixedInSP="0">
						<AffectedServicePack ServicePackID="153"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Ppt2000" PatchLocationID="829" SBID="0" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="13" FixedInSP="0">
						<AffectedServicePack ServicePackID="11"/>
						<AffectedServicePack ServicePackID="143"/>
					</AffectedProduct>
				</Patch>
				<Patch PatchName="Ppt2002" PatchLocationID="830" SBID="0" SQNumber="" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="118" FixedInSP="0">
						<AffectedServicePack ServicePackID="153"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-051" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-051" Title="Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone" DatePosted="2001/10/10" DateRevised="2001/10/10" Supported="Yes" Summary="This patch eliminates three vulnerabilities affecting Internet Explorer. The first involves how IE handles URLs that include dotless IP addresses. If a web site were specified using a dotless IP format (e.g., http://031713501415 rather than http://207.46.131.13), and the request were malformed in a particular way, IE would not recognize that the site was an Internet site. Instead, it would treat the site as an intranet site, and open pages on the site in the Intranet Zone rather than the correct zone. This would allow the site to run with fewer security restrictions than appropriate. This vulnerability does not affect IE 6. 

The second involves how IE handles URLs that specify third-party sites. By encoding an URL in a particular way, it would be possible for an attacker to include HTTP requests that would be sent to the site as soon as a connection had been established. These requests would appear to have originated from the user. In most cases, this would only allow the attacker to send the user to a site and request a page on it. However, if exploited against a web-based service (e.g., a web-based mail service), it could be possible for the attacker to take action on the user’s behalf, including sending a request to delete data. 

The third is a new variant of a vulnerability discussed in Microsoft Security Bulletin MS01-015, affecting how Telnet sessions are invoked via IE. By design, telnet sessions can be launched via IE. However, a vulnerability exists because when doing so, IE will start Telnet using any command-line options the web site specifies. This only becomes a concern when using the version of the Telnet client that installs as part of Services for Unix (SFU) 2.0 on Windows NT 4.0 or Windows 2000 machines. The version of the Telnet client in SFU 2.0 provides an option for creating a verbatim transcript of a Telnet session. An attacker could start a session using the logging option, then stream an executable file onto the user’s system in a location that would cause it to be executed automatically the next time the user booted the machine. The flaw does not lie in the Telnet client, but in IE, which should not allow Telnet to be started remotely with command-line arguments. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q306121 "/>
				<QNumber QNumber="Q306121 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="q306121.exe" PatchLocationID="831" SBID="0" SQNumber="Q306121" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="52" FixedInSP="0">
						<AffectedServicePack ServicePackID="75"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1221"/>
						<FileChg FileChangeID="1222"/>
						<FileChg FileChangeID="1223"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1276"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q306121.exe" PatchLocationID="831" SBID="0" SQNumber="Q306121" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="80" FixedInSP="0">
						<AffectedServicePack ServicePackID="85"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1224"/>
						<FileChg FileChangeID="1225"/>
						<FileChg FileChangeID="1226"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1277"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="q306121.Exe" PatchLocationID="831" SBID="0" SQNumber="Q306121" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="119" FixedInSP="0">
						<AffectedServicePack ServicePackID="155"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1227"/>
						<FileChg FileChangeID="1228"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1278"/>
					</RegChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-052" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-052" Title="Invalid RDP Data can Cause Terminal Service Failure" DatePosted="2001/10/18" DateRevised="2001/10/18" Supported="Yes" Summary="The implementation of the Remote Data Protocol (RDP) in the terminal service in Windows NT 4.0 and Windows 2000 does not correctly handle a particular series of data packets. If such a series of packets were received by an affected server, it would cause the server to fail. The server could be put back into normal service by rebooting it, but any work in progress at the time of the attack would be lost. 

It would not be necessary for an attacker to be able to start a session with an affected server in order to exploit this vulnerability – the only prerequisite would be the need to be able to send the correct series of packets to the RDP port on the server. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q307454 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="Q307454i.exe" PatchLocationID="837" SBID="0" SQNumber="Q307454" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="4" FixedInSP="0">
						<AffectedServicePack ServicePackID="8"/>
					</AffectedProduct>
					<FileChgs>
						<FileChg FileChangeID="1232"/>
						<FileChg FileChangeID="1234"/>
						<FileChg FileChangeID="1235"/>
					</FileChgs>
					<RegChgs>
						<RegChg RegChangeID="1280"/>
					</RegChgs>
				</Patch>
				<Patch PatchName="Q307454_W2K_SP3_x86_en.exe" PatchLocationID="835" SBID="0" SQNumber="Q307454" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="6" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="7" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<AffectedProduct ProductID="8" FixedInSP="0">
						<AffectedServicePack ServicePackID="1"/>
						<AffectedServicePack ServicePackID="2"/>
					</AffectedProduct>
					<RegChgs>
						<RegChg RegChangeID="1281"/>
					</RegChgs>
					<FileChgs>
						<FileChg FileChangeID="1236"/>
						<FileChg FileChangeID="1238"/>
						<FileChg FileChangeID="1239"/>
						<FileChg FileChangeID="1241"/>
						<FileChg FileChangeID="1243"/>
						<FileChg FileChangeID="1245"/>
						<FileChg FileChangeID="1246"/>
					</FileChgs>
				</Patch>
			</Patches>
		</Bulletin>
		<Bulletin BulletinID="MS01-053" BulletinLocationID="73" FAQLocationID="73" FAQPageName="FQ01-053" Title="Downloaded Applications Can Execute on Mac IE 5.1 for OS X" DatePosted="2001/10/23" DateRevised="2001/10/23" Supported="Yes" Summary="The Macintosh OS X Operating System provides built-in support for both BinHex and MacBinary file types. These file types allow for the efficient transfer of information across networks by allowing information to be compressed by the sender and then decompressed by the recipient. This capability is particularly useful on the Internet, by allowing users to dowload compressed files. 

A vulnerability results because of a flaw in the way Mac OS X and Mac IE 5.1 interoperate when BinHex and MacBinary file types are downloaded. As a result, an application that is downloaded in either of these formats can execute automatically once the download is complete. " Issue="" ImpactSeverityID="0" PreReqSeverityID="0" MitigationSeverityID="0" PopularitySeverityID="0">
			<BulletinComments/>
			<QNumbers>
				<QNumber QNumber="Q311052 "/>
			</QNumbers>
			<Patches>
				<Patch PatchName="MacIE501" PatchLocationID="839" SBID="0" SQNumber="Q311052" NoReboot="0">
					<PatchComments/>
					<AffectedProduct ProductID="122" FixedInSP="0">
						<AffectedServicePack ServicePackID="159"/>
					</AffectedProduct>
				</Patch>
			</Patches>
		</Bulletin>
	</Bulletins>
	<Products>
		<Product ProductID="1" Name="Windows NT Workstation 4.0" MinimumSupportedServicePackID="4" CurrentServicePackID="7" CurrentVersion="4.00.1381">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="1"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="69"/>
				<AvailableSP ServicePackID="4"/>
				<AvailableSP ServicePackID="5"/>
				<AvailableSP ServicePackID="7"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="2" Name="Windows NT Server 4.0" MinimumSupportedServicePackID="4" CurrentServicePackID="7" CurrentVersion="4.00.1381">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="1"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="69"/>
				<AvailableSP ServicePackID="4"/>
				<AvailableSP ServicePackID="5"/>
				<AvailableSP ServicePackID="7"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="3" Name="Windows NT Server 4.0, Enterprise Edition" MinimumSupportedServicePackID="4" CurrentServicePackID="7" CurrentVersion="4.00.1381">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="1"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="69"/>
				<AvailableSP ServicePackID="4"/>
				<AvailableSP ServicePackID="5"/>
				<AvailableSP ServicePackID="7"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="4" Name="Windows NT Server 4.0, Terminal Server Edition" MinimumSupportedServicePackID="82" CurrentServicePackID="8" CurrentVersion="na">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="1"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="81"/>
				<AvailableSP ServicePackID="82"/>
				<AvailableSP ServicePackID="83"/>
				<AvailableSP ServicePackID="8"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="5" Name="Windows 2000 Professional" MinimumSupportedServicePackID="74" CurrentServicePackID="2" CurrentVersion="5.00.2195">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="2"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="74"/>
				<AvailableSP ServicePackID="1"/>
				<AvailableSP ServicePackID="2"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="6" Name="Windows 2000 Server" MinimumSupportedServicePackID="74" CurrentServicePackID="2" CurrentVersion="5.00.2195">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="2"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="74"/>
				<AvailableSP ServicePackID="1"/>
				<AvailableSP ServicePackID="2"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="7" Name="Windows 2000 Advanced Server" MinimumSupportedServicePackID="74" CurrentServicePackID="2" CurrentVersion="5.00.2195">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="2"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="74"/>
				<AvailableSP ServicePackID="1"/>
				<AvailableSP ServicePackID="2"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="8" Name="Windows 2000 Datacenter Server" MinimumSupportedServicePackID="74" CurrentServicePackID="2" CurrentVersion="na">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="2"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="74"/>
				<AvailableSP ServicePackID="1"/>
				<AvailableSP ServicePackID="2"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="9" Name="Windows 95" MinimumSupportedServicePackID="50" CurrentServicePackID="80" CurrentVersion="na">
			<AvailableSPs>
				<AvailableSP ServicePackID="50"/>
				<AvailableSP ServicePackID="51"/>
				<AvailableSP ServicePackID="80"/>
			</AvailableSPs>
			<ProductFamilies/>
		</Product>
		<Product ProductID="10" Name="Windows 98" MinimumSupportedServicePackID="53" CurrentServicePackID="52" CurrentVersion="na">
			<AvailableSPs>
				<AvailableSP ServicePackID="52"/>
				<AvailableSP ServicePackID="53"/>
			</AvailableSPs>
			<ProductFamilies/>
		</Product>
		<Product ProductID="11" Name="Windows 98 SE" MinimumSupportedServicePackID="88" CurrentServicePackID="88" CurrentVersion="na">
			<ProductFamilies/>
			<AvailableSPs/>
		</Product>
		<Product ProductID="19" Name="Windows Me" MinimumSupportedServicePackID="89" CurrentServicePackID="89" CurrentVersion="na">
			<ProductFamilies/>
			<AvailableSPs/>
		</Product>
		<Product ProductID="71" Name="Internet Information Server 3.0" MinimumSupportedServicePackID="4" CurrentServicePackID="7" CurrentVersion="3.0">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="1"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="69"/>
				<AvailableSP ServicePackID="4"/>
				<AvailableSP ServicePackID="5"/>
				<AvailableSP ServicePackID="7"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="16" Name="Internet Information Server 4.0" MinimumSupportedServicePackID="4" CurrentServicePackID="7" CurrentVersion="4.0">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="1"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="69"/>
				<AvailableSP ServicePackID="4"/>
				<AvailableSP ServicePackID="5"/>
				<AvailableSP ServicePackID="7"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="17" Name="Internet Information Services 5.0" MinimumSupportedServicePackID="74" CurrentServicePackID="2" CurrentVersion="5.0">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="2"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="74"/>
				<AvailableSP ServicePackID="1"/>
				<AvailableSP ServicePackID="2"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="18" Name="Indexing Services for Windows 2000" MinimumSupportedServicePackID="74" CurrentServicePackID="2" CurrentVersion="5.00.2195">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="2"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="74"/>
				<AvailableSP ServicePackID="1"/>
				<AvailableSP ServicePackID="2"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="14" Name="Windows Media Services 4.0" MinimumSupportedServicePackID="90" CurrentServicePackID="90" CurrentVersion="na">
			<ProductFamilies/>
			<AvailableSPs/>
		</Product>
		<Product ProductID="15" Name="Windows Media Services 4.1" MinimumSupportedServicePackID="91" CurrentServicePackID="91" CurrentVersion="na">
			<ProductFamilies/>
			<AvailableSPs/>
		</Product>
		<Product ProductID="48" Name="Windows Media Encoder 4.0" MinimumSupportedServicePackID="92" CurrentServicePackID="92" CurrentVersion="na">
			<ProductFamilies/>
			<AvailableSPs/>
		</Product>
		<Product ProductID="49" Name="Windows Media Encoder 4.1" MinimumSupportedServicePackID="93" CurrentServicePackID="93" CurrentVersion="na">
			<ProductFamilies/>
			<AvailableSPs/>
		</Product>
		<Product ProductID="20" Name="Windows Media Player 7.0" MinimumSupportedServicePackID="94" CurrentServicePackID="94" CurrentVersion="na">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="4"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="94"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="42" Name="Office 2000" MinimumSupportedServicePackID="54" CurrentServicePackID="143" CurrentVersion="9.0.4402 SR-1">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="54"/>
				<AvailableSP ServicePackID="10"/>
				<AvailableSP ServicePackID="11"/>
				<AvailableSP ServicePackID="143"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="38" Name="Word 2000" MinimumSupportedServicePackID="54" CurrentServicePackID="143" CurrentVersion="9.0.4402 SR-1">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="54"/>
				<AvailableSP ServicePackID="10"/>
				<AvailableSP ServicePackID="11"/>
				<AvailableSP ServicePackID="143"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="44" Name="Excel 2000" MinimumSupportedServicePackID="54" CurrentServicePackID="143" CurrentVersion="9.0.4402 SR-1">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="54"/>
				<AvailableSP ServicePackID="10"/>
				<AvailableSP ServicePackID="11"/>
				<AvailableSP ServicePackID="143"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="13" Name="PowerPoint 2000" MinimumSupportedServicePackID="54" CurrentServicePackID="143" CurrentVersion="9.0.4402 SR-1">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="54"/>
				<AvailableSP ServicePackID="10"/>
				<AvailableSP ServicePackID="11"/>
				<AvailableSP ServicePackID="143"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="88" Name="Access 2000" MinimumSupportedServicePackID="54" CurrentServicePackID="143" CurrentVersion="9.0.4402 SR-1">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="54"/>
				<AvailableSP ServicePackID="10"/>
				<AvailableSP ServicePackID="11"/>
				<AvailableSP ServicePackID="143"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="25" Name="Outlook 2000" MinimumSupportedServicePackID="54" CurrentServicePackID="143" CurrentVersion="9.0.0.4527">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="54"/>
				<AvailableSP ServicePackID="10"/>
				<AvailableSP ServicePackID="11"/>
				<AvailableSP ServicePackID="143"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="64" Name="Word 98" MinimumSupportedServicePackID="95" CurrentServicePackID="95" CurrentVersion="na">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs/>
		</Product>
		<Product ProductID="78" Name="PowerPoint 98" MinimumSupportedServicePackID="96" CurrentServicePackID="96" CurrentVersion="na">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs/>
		</Product>
		<Product ProductID="26" Name="Outlook 98" MinimumSupportedServicePackID="29" CurrentServicePackID="29" CurrentVersion="na">
			<AvailableSP ServicePackID="29"/>
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs/>
		</Product>
		<Product ProductID="70" Name="Office 97" MinimumSupportedServicePackID="61" CurrentServicePackID="29" CurrentVersion="na">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="61"/>
				<AvailableSP ServicePackID="62"/>
				<AvailableSP ServicePackID="29"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="46" Name="PowerPoint 97" MinimumSupportedServicePackID="61" CurrentServicePackID="29" CurrentVersion="na">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="61"/>
				<AvailableSP ServicePackID="62"/>
				<AvailableSP ServicePackID="29"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="39" Name="Word 97" MinimumSupportedServicePackID="61" CurrentServicePackID="29" CurrentVersion="na">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="61"/>
				<AvailableSP ServicePackID="62"/>
				<AvailableSP ServicePackID="29"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="45" Name="Excel 97" MinimumSupportedServicePackID="61" CurrentServicePackID="29" CurrentVersion="na">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="61"/>
				<AvailableSP ServicePackID="62"/>
				<AvailableSP ServicePackID="29"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="69" Name="Office 95" MinimumSupportedServicePackID="97" CurrentServicePackID="97" CurrentVersion="na">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="5"/>
			</ProductFamilies>
			<AvailableSPs/>
		</Product>
		<Product ProductID="29" Name="SQL Server 7.0" MinimumSupportedServicePackID="55" CurrentServicePackID="56" CurrentVersion="7.00">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="1"/>
				<ProductFamily ProductFamilyID="2"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="55"/>
				<AvailableSP ServicePackID="15"/>
				<AvailableSP ServicePackID="23"/>
				<AvailableSP ServicePackID="56"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="30" Name="SQL Server 2000" MinimumSupportedServicePackID="98" CurrentServicePackID="144" CurrentVersion="8.00">
			<ProductFamilies>
				<ProductFamily ProductFamilyID="2"/>
			</ProductFamilies>
			<AvailableSPs>
				<AvailableSP ServicePackID="98"/>
				<AvailableSP ServicePackID="144"/>
			</AvailableSPs>
		</Product>
		<Product ProductID="31" Name="SQL Server Desktop Engine (MSDE) 1.0" MinimumSupportedServicePackID="55" CurrentServicePackID="15" CurrentVersion="na">
			<AvailableSPs>
				<AvailableSP ServicePackID="55"/>
				<AvailableSP ServicePackID="15"/>
				<AvailableSP ServicePackID="23"/>
				<AvailableSP ServicePackID="56"/>
			</AvailableSPs>
			<ProductFamilies/>
		</Product>
		<Product ProductID="32" Name="SQL Server Desktop Engine (MSDE) 2000" MinimumSupportedServicePackID="99" C
