Windows-Help.NET Newsletter 23 Feb. 2002, Vol 5 No. 8

In this issue:

w   Flaws Leave Network Vulnerable
w   Featured Software: Synchromagic
w   Microsoft Security Bulletin(s)
w   Recent Support BBS Postings
w   Web Site Updates
w   Administrivia


Flaws Leave Network Vulnerable

by Arie Slob

Hello Windows users,

Earlier this month the Computer Emergency Response Team (CERT) Coordination Center issued an advisory, detailing multiple vulnerabilities in the Simple Network Management Protocol (SNMP). SNMP is a language used for communicating with network devices such as routers and switches.

According to the CERT advisory "These vulnerabilities may allow unauthorized privileged access, denial-of-service attacks, or cause unstable behavior".

The advisory list responses of some 75 companies at this time, but according to estimates around 250 companies have products that may be vulnerable.

The vulnerabilities where discovered by academic research group OUSPG who are located at the Oulu University in Finland, and where first reported to CERT in the summer of 2001.

Designed in the late 80's, the Simple Network Management Protocol (SNMP) is the most popular protocol in use to manage networked devices, enabling network and system administrators to remotely monitor and configure devices on the network. Many of the core Internet devices (Routers, Switches, Hubs, Bridges) are run with SNMP, and could thus be vulnerable to hackers.

After months of silence, word of the vulnerability started leaking out a few weeks ago, and CERT decided to put out the warning, even before many companies had the time to develop patches. According to CERT officials they where worried that rumors about the vulnerabilities would have hackers take a closer look at SNMP, to find any vulnerabilities to exploit.

Microsoft have issued a security bulletin (see below), with work-arounds and the first patches to the SNMP protocol used in its products.

Rose City Software


"I travel a great deal and always have to synchronize my laptop with my office desktop. SynchroMagic gets the job quickly and efficiently in about 1/10th the time it used to take me and I never forget any files! And when I return to the office synching back to my desktop is a no brainer. I love this software!"
-- David Rees, USA

Microsoft Security

Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files

Microsoft has posted a patch that fixes a security vulnerability in Internet Explorer, which can allow VB scripts of one domain to access the contents of another domain in a frame.

Affected Software Versions

  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer 6.0

Note: Versions of Internet Explorer prior to 5.01 Service Pack 2 are no longer eligible for hotfix support. Internet Explorer 5.01 SP2 is supported only via Windows 2000 Service Packs and Security Roll-up Packages.


XMLHTTP Control Can Allow Access to Local Files

Microsoft has posted a patch that fixes a security vulnerability in the XMLHTTP (ActiveX control) Control, which allows web pages rendering in the browser to send or receive XML data via HTTP operations.

Affected Software Versions

  • Microsoft XML Core Services versions 2.6, 3.0, and 4.0
    An affected version of Microsoft XML Core Services also ships as part of the following products:
    • Microsoft Windows XP
    • Microsoft Internet Explorer 6.0
    • Microsoft SQL Server 2000


Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run

Microsoft has posted a patch for Microsoft Windows (all versions except Me) that fixes a security vulnerability in the Simple Network Management Protocol (SNMP).

Affected Software Versions

  • Microsoft Windows 95, 98, 98SE
  • Microsoft Windows NT 4.0, NT 4.0 Server, Terminal Server Edition
  • Microsoft Windows 2000
  • Microsoft Windows XP


Recent Support BBS Postings

USB connectors don't work - Hardware
Launching IE6 Maximized? - Internet Explorer
Win98 vs. Win98SE - Windows 98
Power Management Settings - Windows 98
Firewall information - Security / Virus

Web Site Updates

These pages were added/updated in the past 2 weeks. Information on previously updated/added pages is available on the What's New? page for 1 month.
Added: Pondering a Purchase of an LCD Monitor or Laptop?

Windows-Help.NET Added: Microsoft Security: Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files
Added: Microsoft Security: XMLHTTP Control Can Allow Access to Local Files
Added: Microsoft Security: Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run

Windows 98
Updated: Internet Explorer 5: Security Patches


Pondering a Purchase of an LCD Monitor or Laptop?

You might want to purchase one now while supplies are still plentiful, because...

Read Full Article
Windows XP Tip: Disable Low Diskspace Notification

When a hard disk is running out of disk space, Windows will occasionally pop up a warning message in your system tray. Nothing wrong with that, but sometimes it's just not possible to adjust the free space on the disk. For a work-around, check out this tip.
Windows 98 Tip: Improving Performance

Although Windows 98, when running on an identical setup as Windows 95, outperforms the latter, there are still a few "tweaks" to improve the performance of Windows 98.
HOW TO: Automatically Log On a User Account in Windows XP

This Microsoft Knowledge Base article describes how to automatically log on a user account during the Windows startup process.

Tell a friend about this Newsletter!

Need Help with Windows? Ask questions here!

FREE Software!


  Web Site

Support BBS
Windows 95
Windows 98
Windows Me
Windows 2000
Windows XP
IRC Info
'Net Humor
Search Engines
Shareware Links
Software Store
TechFiles Index
Web Design

Rose City Software
RCS Summaries
Be a Beta tester
List With Us

  Subscribe Free

IT Professionals
Windows XP
Windows XP Software
Windows XP Security
Windows XP Networking
Windows XP Systems Management
Windows 2000
Windows Networking
Small business owners
Network Management
Systems Administrators
Training & Certification

Lots More Great Mailing Lists!

Enter E-mail address HTML E-mail?
Yes No
Zip Code:

Subscribers to these free lists will receive occasional e-mail announcements of special offers relating to each topic of interest indicated above!

Back Issues, unsubscribing etc.