ActiveWin2k: Security Bulletins Included in Microsoft Windows 2000 SP2

ActiveWin: Win 2000

DirectX

ActiveMac

Downloads

Forums

Interviews

News

MS Games & Hardware

Reviews

Support Center

Windows 2000

Windows Me

Windows Server 2003

Windows Vista

Windows XP

News Centers

Windows/Microsoft

DVD

Apple/Mac

Xbox

News Search

ActiveXBox

Xbox News

Box Shots

Inside The Xbox

Released Titles

Announced Titles

Screenshots/Videos

History Of The Xbox

Links

Forum

FAQ

Windows XP

Introduction

System Requirements

Home Features

Pro Features

Upgrade Checklists

History

FAQ

Links

TopTechTips

FAQ's

Windows Vista

Windows 98/98 SE

Windows 2000

Windows Me

Windows Server 2002

Windows "Whistler" XP

Windows CE

Internet Explorer 6

Internet Explorer 5

Xbox

Xbox 360

DirectX

DVD's

TopTechTips

Registry Tips

Windows 95/98

Windows 2000

Internet Explorer 5

Program Tips

Easter Eggs

Hardware

DVD

ActiveDVD

DVD News

DVD Forum

Glossary

Tips

Articles

Reviews

News Archive

Links

Drivers

Latest Reviews

Xbox/Games

Fallout 3

Applications

Windows Server 2008 R2

Windows 7

Hardware

iPod Touch 32GB

Latest Interviews

Steve Ballmer

Jim Allchin

Site News/Info

About This Site

Affiliates

Default Home Page

Link To Us

Links

News Archive

Site Search

Awards

ActiveWin2k

Security Bulletins Included in Microsoft Windows 2000 SP2

This service pack includes fully regression-tested versions of the patches for all security vulnerabilities that had been discovered in Windows 2000 up to the closing date of Service Pack development.

MS00-036 (Q262694) - ResetBrowser Frame and Host Announcement Frame Vulnerabilities
MS00-044 (Q267559) - Absent Directory Browser Argument Vulnerability
MS00-047 (Q269239) - NetBIOS Name Server Protocol Spoofing Vulnerability
MS00-050 (Q267843) - Telnet Server Flooding Vulnerability
MS00-052 (Q269049) - Relative Shell Path Vulnerability
MS00-053 (Q269523) - Service Control Manager Named Pipe Impersonation Vulnerability
MS00-057 (Q269862) - File Permission Canonicalization Vulnerability
MS00-059 (Q271752) - Java VM Applet Vulnerability
MS00-060 (Q275657) - IIS Cross-Site Scripting Vulnerabilities
MS00-065 (Q272736) - Still Image Service Privilege Escalation Vulnerability
MS00-066 (Q272303) - Malformed RPC Packet Vulnerability
MS00-067 (Q272743) - Windows 2000 Telnet Client NTLM Authentication Vulnerability
MS00-069 (Q270676) - Simplified Chinese IME State Recognition Vulnerability
MS00-070 (Q266433) - Multiple LPC and LPC Ports Vulnerabilities
MS00-075 (Q275609) - Microsoft VM ActiveX Component Vulnerability
MS00-077 (Q273854) - NetMeeting Desktop Sharing Vulnerability
MS00-078 (Q269862) - Web Server Folder Traversal Vulnerability
MS00-080 (Q274149) - Session ID Cookie Marking Vulnerability
MS00-081 (Q277014) - New Variant of VM File Reading Vulnerability
MS00-083 (Q274835) - Netmon Protocol Parsing Vulnerability
MS00-084 (Q278499) - Indexing Services Cross Site Scripting Vulnerability
MS00-085 (Q278511) - ActiveX Parameter Validation Vulnerability
MS00-086 (Q277873) - Web Server File Request Parsing Vulnerability
MS00-089 (Q274372) - Domain Account Lockout Vulnerability
MS00-094 (Q276575) - Phone Book Service Buffer Overflow Vulnerability
MS00-096 (Q266794) - SNMP Parameters Vulnerability
MS00-098 (Q280838) - Indexing Service File Enumeration Vulnerability
MS00-099 (Q271641) - Directory Service Restore Mode Password Vulnerability
MS00-100 (Q280322) - Malformed Web Form Submission Vulnerability
MS01-001 (Q282132) - Web Client Will Perform NTLM Authentication Regardless of
Security Settings
MS01-005 (Q281767) - Packaging Anomaly Could Cause Hotfixes to be Removed
MS01-006 (Q286132) - Invalid RDP Data Can Cause Terminal Server Failure
MS01-014 (Q286818) - Malformed URL Can Cause Service Failure in IIS 5.0 and Exchange 2000
MS01-016 (Q291845) - Malformed WebDAV Request Can Cause IIS to Exhaust CPU Resources
MS01-017 (Q293818) - Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
MS01-023 (Q296576) - Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server

Internet Exporer 5.5 security patches are NOT included in Windows 2000 Service Pack 2. Customers running Internet Explorer 5.5 are encouraged to review and apply security patches (related to their IE 5.5 Service Pack) identified here: http://www.microsoft.com/technet/security/current.asp?productID=80&servicePackId=0.

Security patches included in Internet Explorer 5.01 Service Pack 2 have been included in Windows 2000 Service Pack 2. Specifically, IE 5.01 patches referenced in the following security bulletins are included in Windows 2000 Service Pack 2:

MS00-033 (Q262509) - Patch Available for "Frame Domain Verification", "Unauthorized Cookie Access", and "Malformed Component Attribute" Vulnerabilities
MS00-039 (Q254902) - Patch Available for “SSL Certificate Validation" Vulnerabilities
MS00-042 (Q265258) - Patch Available for Active Setup Download Vulnerability
MS00-049 (Q269368) - Patches Available for "Office HTML Script" and "IE Script" Vulnerabilities
MS00-055 (Q269368) - Patch Available for "Scriptlet Rendering" Vulnerability
MS00-076 (Q273868) - Patch Available for "Cached Web Credentials" Vulnerability
MS00-093 (Q279328) - Patch Available for "Browser Print Template" and "File Upload via Form" Vulnerabilities (also Q279329, Q279881, Q279330)
MS01-015 (Q286043) - IE can Divulge Location of Cached Content (telnet invocation vulnerability)
MS01-015 (Q286045) - IE can Divulge Location of Cached Content (cached content vulnerability)
MS01-020 (Q290108) - Incorrect MIME Header Can Cause IE to Execute E-mail Attachment

This information was obtained from Microsoft TechNet.

Return To The Windows 2000 Section