Blog

Home > Microsoft Security > Microsoft Security Bulletin Ms00-086

Microsoft Security Bulletin Ms00-086

This wouldn't pose a security problem, and the user could simply restart it and resume normal operation. It has no effect on the effectiveness of the patch against the vulnerability discussed here, but it does cause servers to be vulnerable to the "Web Server Directory Traversal" discussed in Every type of file has a proper action associated with it. However, it's possible for a malicious web site operator to invoke this vulnerability to run on the computer of a user who visits his site. http://getbetabox.com/microsoft-security/microsoft-security-bulletin-03-026.html

Who should use the patch? However, the IE Security Zones feature can prevent this - it lets you categorize web sites into different zones, and specify what the sites in each zone can do. Your web site would be Web Site A. The end result would be that the malicious user's script would run on the user's machine. https://technet.microsoft.com/en-us/library/security/ms00-086.aspx

Worse, the vulnerability could potentially give him a beachhead from which to conduct additional attacks and try to obtain additional privileges. Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp. When Windows Media Player runs, it does so in the security context of the user.

I'm using Windows Media Player 6.4, but I see that the ".WMS Script Execution" vulnerability only affects Windows Media Player 7. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION Microsoft recommends that all affected customers apply the new versions of the patches. Information on contacting Microsoft Product Support Services is available at http://support.microsoft.com/contactussupport/?ws=support.

GFI Security Labs (http://gfi.com) for reporting the ".WMS Script Execution" vulnerability to us and working with us to protect customers Support: This is a fully supported patch. We appreciate your feedback. Security Advisories and Bulletins Security Bulletins 2000 2000 MS00-090 MS00-090 MS00-090 MS00-100 MS00-099 MS00-098 MS00-097 MS00-096 MS00-095 MS00-094 MS00-093 MS00-092 MS00-091 MS00-090 MS00-089 MS00-088 MS00-087 MS00-086 MS00-085 MS00-084 MS00-083 MS00-082 MS00-081 https://technet.microsoft.com/en-us/library/security/ms00-033.aspx Disclaimer: The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind.

The malicious user couldn't simply make up a file name. The Knowledge Base article contains detailed instructions for applying the patch to your site. So, this patch needs to be installed on servers, not on browsers? For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security. [prev in list] [next in list] [prev in thread] [next in thread] Configure |

Customers who applied the original version of the patch should apply the new version to ensure that they are fully protected. https://technet.microsoft.com/en-us/library/security/ms00-004.aspx Affected Software: Microsoft Internet Information Server 4.0 Microsoft Internet Information Services 5.0 Vulnerability Identifier: CVE-2000-0886 General Information Technical details Technical description: When IIS receives a valid request for an executable file, Would this vulnerability give a malicious user complete control over the machine? If they're unrelated, why does the patch for this issue also eliminate the "Web Server Folder Traversal" vulnerability?

If both Web Site A and B had exactly the same permissions on a particular user's machine, it wouldn't confer any advantages. navigate here Microsoft Product Support Services can provide assistance with this or any other product support issue. During execution, RDISK creates a temporary file containing an enumeration of the registry. Instead, it should filter out any inputs that aren't appropriate.

This scenario is really no different from any other case in which a user runs untrusted code. Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products. Note: The patches require IE 4.01 Service Pack 2 or IE 5.01 to install. Check This Out However, if the user was an administrator on the machine, the script would potentially be able to do a great deal of damage.

For instance, he could upload malicious code that exploits other known vulnerabilities, and try to exploit them. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Patch availability Download locations for this patch Internet Information Server 4.0:http://support.microsoft.com/kb/277873 Internet Information Services 5.0:http://www.microsoft.com/downloads/details.aspx?FamilyId=DFBF1FE0-A2B0-4BF0-BDAA-B939D693DD69&displaylang=enNote: The IIS 5.0 patch can be applied atop systems running either Windows 2000 Gold or Service

Is this a problem with the default skins that come with Windows Media Player 7?

Microsoft has provided a security bulletin and this FAQ to provide customers with a detailed understanding of the vulnerabilities and the procedure to eliminate them. He would then need to either wait for a victim to visit his site, or he could send an HTML mail that, when opened, would open a browser window to the The vulnerability results because of a flaw in the way IIS parses file requests. Affected Software: Microsoft Windows Media Player 6.4 Microsoft Windows Media Player 7 Note: The ".ASX Buffer Overrun" affects Windows Media Player versions 6.4 and 7.

Microsoft recommends that the patch be installed on any web server that uses an affected product to generate dynamic web pages. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION http://getbetabox.com/microsoft-security/microsoft-security-bulletin-ms06-070.html Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you!

Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! If Web Site B were operated by a malicious user and he was able to entice the user into visiting his web site and clicking a hyperlink, his site could go Revisions: August 25, 2000: Bulletin Created. On November 30, 2000, it was updated to discuss a newly-discovered regression error in the IIS 5.0 patch and recommend that customers apply an updated version of the patch.

We appreciate your feedback. Customers using versions prior to these may receive a message reading "This update does not need to be installed on this system". On August 25, 2000, Microsoft released the original version of Microsoft Security Bulletin MS00-060, to announce the availability of a patch that eliminates vulnerabilities in Microsoft® Internet Information Server. Frequently asked questions What's this bulletin about?

Likewise, tools like the Local Users and Groups snap-in require administrative privileges to execute. The patch installs the correct fix(es) for the particular version of Windows Media Player in use. See ASP.NET Ajax CDN Terms of Use – http://www.asp.net/ajaxlibrary/CDN.ashx. ]]> TechNet Products Products Windows Windows Server System Center Browser However, there is a flaw in the way IIS handles the requests.

Under default conditions, it would be possible for the web site to automatically open the .ASX file whenever someone visited the site. Where can I learn more about best practices for security? The patch also eliminates a new variant of the previously-addressed WPAD Spoofing vulnerability. Microsoft has sent copies of the security bulletin to all subscribers to the Microsoft Product Security Notification Service, a free e-mail service that customers can use to stay up to date

There are two vulnerabilities, both discussed in detail below: The "ASX Buffer Overrun" vulnerability, which affects both Windows Media Player 6.4 and 7. The ".WMS Script Execution" affects only Windows Media Player version 7. In contrast, if a user chooses to run a program on her local computer, it should be able to do whatever it's programmed to do - because only the user should The scope of the "Web Server File Request" vulnerability is exactly as we have previously described it.

A full description of the characters that should be filtered is available in Knowledge Base article 252985. Information on contacting Microsoft Technical Support is available at http://support.microsoft.com/contactussupport/?ws=support. How can I tell if I installed the patch correctly?