windows 2000

April Patch Tuesday cometh

Mehan Jayasuriya — Thu, 03 Apr 2008 16:18:44 -0400

Another month, another Microsoft Patch Tuesday. What's in store for us this month? Well, it looks like we'll be seeing eight patches total, five of which will be labeled as "critical". The critical updates will address code execution vulnerabilites in both Windows and Internet Explorer. Affected versions are as follows: Windows Vista, Windows XP, and Windows 2000, Windows Server 2003, Windows Server 2008 and all versions of Internet Explorer. In addition to the critical fixes, the company will patch two "important" vulnerabilites relating to spoofing and unauthorized user privilege elevation attacks in Microsoft Office. More on the patches next week.

For more on the coming patches:
- see this Information Week story

Worm code presents real threat

Thu, 16 Nov 2006 19:01:36 -0500

Hackers published code online yesterday that would allow malcontents to unleash a worm attack on Windows 2000 via a vulnerability in the Windows Workstation service. According to security firm Symantec, the code was released on a site called MilwOrm. The patch for the flaw was part of Microsoft's fixes this past Tuesday and experts are urging that enterprises make the fix as soon as possible, deeming it one of the most critical to patch.

For more on the worm vulnerability:
- read the news at TechWorld

Re-patch fixes NTFS vulnerability

Mon, 18 Sep 2006 20:01:35 -0400

It's becoming almost comical, but Microsoft has issued yet another re-patch for a patch released in its August Patch Tuesday package. This time it's a hotfix for the MS06-049 update, which fixed a hole in the Windows 2000 kernel. The buggy patch can taint data on NTFS drives making them unreadable. To get the re-patch users have to call Microsoft because it's not available for downloading. The company is also presenting a workaround solution that involves disabling the NTFS compression feature. This re-patch is the third re-patch from the August security fix list.

For more on the latest re-patch:
- read the article at TechWeb

Microsoft readies a patch for a patch

Wed, 23 Aug 2006 20:01:38 -0400

A security expert has incurred the wrath of Microsoft after he released information about a new bug that was introduced with the vendor's latest Internet Explorer patch. According to eEye's top hacking expert, a bug in the MS06-042 patch (which was issued back on August 8th) can be exploited to run nasty code on Windows 2000 and XP SP1 systems running IE 6 SP1. Microsoft was all set to release a patch for the new bug but is now holding off, saying the patch is not quite ready. In the meantime, they're blasting eEye for their "irresponsible" disclosure.

For more on Microsoft's latest patch bug fix:
-check out this TechWeb article

Microsoft pushes for worm patch

Sun, 13 Aug 2006 20:01:39 -0400

While the Department of Justice made its plea last week, now Microsoft is strongly urging, nearly pleading, with enterprises to patch a critical flaw noted in its most recent Patch Tuesday event. The vendor says the danger level of the published exploit code could be severe on Windows 2000 and XP Service Pack. Security experts have been pushing since the flaw was first publicized last week, saying fixing the MS06-040 vulnerability is a top priority at this point, due to the high risk of attack. As one vulnerability expert notes, the posed threat is "eminently wormable."

For more on the need to patch:
- read this TechWeb article