Windows 2000 patch : Dec 27

[eddie5659]

Hiya

This update resolves the "Malformed Data Frame Sent to a Windows 2000 Computer Through an Infrared Port Causes Stop Error" security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS01-046. Download now to prevent a malicious user from causing your computer to crash by sending a malformed data frame to your computer's infrared port.

System Requirements
This update applies to Windows 2000

http://www.microsoft.com/windows2000/downloads/security/q252795/default.asp

Regards

eddie

 

[Max19]

Eddie, where do you get your information? This patch was released August 19, 2001. Why are you posting about it here over 4 months later?

 

[eddie5659]

Max

Its an update to the patch, direct from Microsoft's update site.

This update resolves the "Malformed Data Frame Sent to a Windows 2000 Computer Through an Infrared Port Causes Stop Error" security vulnerability in Windows 2000, and is discussed in Microsoft Security Bulletin MS01-046

if you go to http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms01-046.asp

at the bottom it says:

Revisions:


V1.0 (August 21, 2001): Bulletin Created.
V1.1 (December 27, 2001): Caveats section added

eddie

 

[Max19]

It's not an update to the patch, it's an update to the documentation for the patch.

 

[eddie5659]

Okay

It was just that I read this:

Note This update also includes functionality that allows Windows 2000 to communicate with infrared-enabled mobile devices in order to establish a dial-up networking connection via an infrared port.

And usually when I see the word Update, I assume it means a new update on the patch. Microsoft do do that from time to time, but I guess that this isn't one of those times.

eddie

 

[Max19]

Eddie, in all the years I've been working with Microsoft Security bulletins and patches, I've never known Microsoft to update a patch without changing its name, thereby causing IT departments to wonder if they have the latest version of a patch or not. Could you point to a specific example of this?

And before anyone panics over this vulnerability:

"Do all Windows 2000 users need to apply the patch?

No, only those who have systems with IrDA capabilities need to apply the patch."

That means if you don't have an infrared port on your computer, it is NOT at all vulnerable.

Also,

"This vulnerability is unusual because it could only be exploited if the user was in close physical proximity to the attacker. It cannot be remotely exploited from the network. It also cannot be locally exploited from the console. Any attempt to maliciously exploit this vulnerability would require that the attacker be within a clear line of site of the victim's machine or be able to transmit the IrDA packets through reflection directly to the victim's I port and that the attacker have a machine with him to exploit the vulnerability."

For those security conscious folks running Windows NT/2000/XP, get a copy of HFNetCheck, and run it to determine what patches are available for your system.

 

[eddie5659]

Okay Max

I admit, I was wrong, but there you go. However, looking at one of the articles that Microsoft have done, I remember posting this one:

http://forums.techguy.org/showthread.php?threadid=60947

The original patch was to do with Exchange 5.5 with IE. Apparenlty, some users were installing this patch whose IE was lower than 5. The original bulletin didn't mention this.

The update did, but they didn't change the name, just said Updated. Also, it gave instructions for people who had already applied the patch.

I realise that 99% of the time they do change it, but on occasion they may not.

Anyway, as I say, it was an honest mistake.

Sorry for any inconvenience

eddie