Microsoft Sicherheitsbulletins des Jahres 2001 in einer Übersicht

[Lemmi]

Dezember 2001

• MS01-060 : SQL Server Text Formatting Functions Contain Unchecked Buffers
• MS01-059 : Unchecked Buffer in Universal Plug and Play Can Lead to System Compromise
• MS01-058 : 13 December 2001 Cumulative Patch for IE
• MS01-057 : Specially Formed Script in HTML Mail Can Execute in Exchange 5.5 OWA

November 2001

• MS01-056 : Windows Media Player .ASF Processor Contains Unchecked Buffer
• MS01-055 : 13 November 2001 Cumulative Patch for IE
• MS01-054 : Invalid Universal Plug and Play Request Can Disrupt System Operation

Oktober 2001

• MS01-053 : Downloaded Applications Can Execute on Mac IE 5.1 for OS X
• MS01-052 : Invalid RDP Data Can Cause Terminal Service Failure
• MS01-051 : Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone
• MS01-050 : Malformed Excel or PowerPoint Document Can Bypass Macro Security

September 2001

• MS01-049 : Deeply-nested OWA Request Can Consume Server CPU Availability
• MS01-048 : Malformed Request to RPC Endpoint Mapper Can Cause RPC Service to Fail
• MS01-047 : OWA Function Allows Unauthenticated User to Enumerate Global Address List

August 2001

• MS01-046 : Access Violation in Windows 2000 IRDA Driver Can Cause System to Restart
• MS01-045 : ISA Server H.323 Gatekeeper Service Contains Memory Leak
• MS01-044 : 15 August 2001 Cumulative Patch for IIS
• MS01-043 : NNTP Service in Windows NT 4.0 and Windows 2000 Contains Memory Leak

Juli 2001

• MS01-042 : Windows Media Player .NSC Processor Contains Unchecked Buffer
• MS01-041 : Malformed RPC Request Can Cause Service Failure
• MS01-040 : Invalid RDP Data Can Cause Memory Leak in Terminal Services
• MS01-039 : Services for Unix 2.0 Telnet and NFS Services Contain Memory Leaks
• MS01-038 : Outlook View Control Exposes Unsafe Functionality
• MS01-037 : Authentication Error in SMTP Service Could Allow Mail Relaying

Juni 2001

• MS01-036 : Function Exposed via LDAP over SSL Could Enable Passwords to be Changed
• MS01-035 : FrontPage Server Extension Sub-Component Contains Unchecked Buffer
• MS01-034 : Malformed Word Document Could Enable Macro to Run Automatically
• MS01-033 : Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise
• MS01-032 : SQL Query Method Enables Cached Administrator Connection to be Reused
• MS01-031 : Predictable Named Pipes Could Enable Privilege Elevation via Telnet
• MS01-030 : Incorrect Attachment Handling in Exchange OWA Can Execute Script

Mai 2001

• MS01-029 : Windows Media Player .ASX Processor Contains Unchecked Buffer
• MS01-028 : RTF Document Linked to Template Can Run Macros Without Warning
• MS01-027 : Flaws in Web Server Certificate Validation Could Enable Spoofing
• MS01-026 : 14 May 2001 Cumulative Patch for IIS
• MS01-025 : Index Server Search Function Contains Unchecked Buffer
• MS01-024 : Malformed Request to Domain Controller Can Cause Memory Exhaustion
• MS01-023 : Unchecked Buffer in ISAPI Extension Could Enable Compromise of IIS 5.0 Server

April 2001

• MS01-022 : WebDAV Service Provider Can Allow Scripts to Levy Requests as User
• MS01-021 : Web Request Can Cause Access Violation in ISA Server Web Proxy Service

März 2001

• MS01-020 : Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
• MS01-019 : Passwords for Compressed Folders are Recoverable
• MS01-018 : Visual Studio VB-TSQL Object Contains Unchecked Buffer
• MS01-017 : Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
• MS01-016 : Malformed WebDAV Request Can Cause IIS to Exhaust CPU Resources
• MS01-015 : IE Can Divulge Location of Cached Content
• MS01-014 : Malformed URL Can Cause Service Failure in IIS 5.0 and Exchange 2000

[Februar 2001

• MS01-013 : Windows 2000 Event Viewer Contains Unchecked Buffer
• MS01-012 : Outlook - Outlook Express VCard Handler Contains Unchecked Buffer
• MS01-011 : Malformed Request to Domain Controller Can Cause CPU Exhaustion
• MS01-010 : Windows Media Player Skins Files Can Enable Java Code to Execute
• MS01-009 : Malformed PPTP Packet Stream Can Cause Kernel Exhaustion
• MS01-008 : Malformed NTLMSSP Request Can Enable Code to Run with System Privileges
• MS01-007 : Network DDE Agent Requests Can Enable Code to Run in System Context

Januar 2001

• MS01-006 : Invalid RDP Data Can Cause Terminal Server Failure
• MS01-005 : Packaging Anomaly Could Cause Hotfixes to be Removed
• MS01-004 : Malformed .HTR Request Allows Reading of File Fragments
• MS01-003 : Weak Permissions on Winsock Mutex Can Allow Service Failure
• MS01-002 : PowerPoint 2000 File Parser Contains Unchecked Buffer
• MS01-001 : Web Client Will Perform NTLM Authentication Regardless of Security Settings