DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 317636 - Last Review: April 19, 2007 - Revision: 7.7

Hotfix Download Available
View and request hotfix downloads
 
This article was previously published under Q317636

On This Page

SUMMARY

Microsoft has released a Security Rollup Package (SRP) for Windows NT Server 4.0, Terminal Server Edition, that includes the functionality from the Post-Windows NT 4.0 SP6a Security Rollup Package (http://support.microsoft.com/default.aspx?scid=kb;en-us;299444) and the security patches that are described in the "More Information" section in this article. This small, comprehensive rollup of post-Service Pack 6 (SP6) fixes provides an easier mechanism for managing the rollout of security fixes.

The SRP includes only security updates for Windows NT 4.0. It does not include patches for any other products or operating systems. Microsoft Internet Information Server (IIS) is not intended for use on Windows NT Server 4.0, Terminal Server Edition, and is not supported. Microsoft recommends that customers who run IIS 4.0 on Windows NT Server 4.0, Terminal Server Edition, protect their systems by removing IIS 4.0.

MORE INFORMATION

For more information about the SRP, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/cc767874.aspx (http://technet.microsoft.com/en-us/library/cc767874.aspx)
For more information about actions to take before you apply the SRP, click the following article number to view the article in the Microsoft Knowledge Base:
318587  (http://support.microsoft.com/kb/318587/ ) Windows NT Server 4.0, Terminal Server Edition, Security Rollup Package Release Notes
Packages are available from the following Microsoft Web site (if your language is not listed, please check back):
Collapse this imageExpand this image
Download
English Language Version (http://download.microsoft.com/download/winntterminal/patch/q317636/nt4/en-us/q317636i.exe)
Collapse this imageExpand this image
Download
French Language Version (http://download.microsoft.com/download/winntterminal/patch/q317636/nt4/fr/fraq317636i.exe)
Collapse this imageExpand this image
Download
German Language Version (http://download.microsoft.com/download/winntterminal/patch/q317636/nt4/de/deuq317636i.exe)
Collapse this imageExpand this image
Download
Japanese Language Version (http://download.microsoft.com/download/winntterminal/patch/q317636/nt4/ja/jpnq317636i.exe)
Collapse this imageExpand this image
Download
Spanish Language Version (http://download.microsoft.com/download/winntterminal/patch/q317636/nt4/es/espq317636i.exe)
Note This package requires Windows NT Server 4.0, Terminal Server Edition, SP6.

Release Date: April 24, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://support.microsoft.com/kb/119591/EN-US/ ) How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Fixes that are included in the SRP

The SRP includes the following post-SP6 fixes that have been delivered by Microsoft Security Bulletins (http://technet.microsoft.com/en-us/library/cc767874.aspx) . The SRP also includes some fixes that have not been previously described. Because security bulletins are disruptive to customer's maintenance procedures, Microsoft often issues them only when a security issue poses an immediate danger to customer's computers. Issues that do not meet this standard are typically addressed through other delivery vehicles such as service packs or, in this case, the SRP.
241041  (http://support.microsoft.com/kb/241041/EN-US/ ) Enabling NetBT to Open IP Ports Exclusively
242294  (http://support.microsoft.com/kb/242294/EN-US/ ) MS99-041: Security Descriptor Allows Privilege Elevation on Remote Computers
243835  (http://support.microsoft.com/kb/243835/EN-US/ ) MS99-046: How to Prevent Predictable TCP/IP Initial Sequence Numbers
246045  (http://support.microsoft.com/kb/246045/EN-US/ ) MS99-055: Malformed Resource Enumeration Arguments May Cause Named Pipes and Other System Services to Fail
247869  (http://support.microsoft.com/kb/247869/EN-US/ ) MS00-003: Local Procedure Call May Permit Unauthorized Account Usage
248183  (http://support.microsoft.com/kb/248183/EN-US/ ) Syskey Tool Reuses Keystream
248185  (http://support.microsoft.com/kb/248185/EN-US/ ) Security Identifier Enumeration Function in LSA May Not Handle Argument Properly
248399  (http://support.microsoft.com/kb/248399/EN-US/ ) MS00-007: Shared Workstation Setup May Permit Access to Recycle Bin Files
249108  (http://support.microsoft.com/kb/249108/EN-US/ ) Registry Data Is Viewable By All Users During Rdisk Repair Update
249197  (http://support.microsoft.com/kb/249197/EN-US/ ) Internet Explorer Does Not Allow Use of Single SGC Certificate with 128-Bit Encryption for Virtual Sites
249863  (http://support.microsoft.com/kb/249863/EN-US/ ) SGC Connections May Fail from Domestic Clients
249973  (http://support.microsoft.com/kb/249973/EN-US/ ) MS00-005: Default RTF File Viewer Interrupts Normal Program Processing
250625  (http://support.microsoft.com/kb/250625/EN-US/ ) MS00-024: Default Registry Key Permissions May Allow Privilege Elevation
257870  (http://support.microsoft.com/kb/257870/EN-US/ ) Malformed Print Request May Stop Windows 2000 TCP/IP Printing Service
259042  (http://support.microsoft.com/kb/259042/EN-US/ ) Handle Leak in WinLogon After Applying Windows NT 4.0 Service Pack 6
259496  (http://support.microsoft.com/kb/259496/EN-US/ ) MS00-008: Incorrect Registry Setting May Allow Cryptography Key Compromise
259622  (http://support.microsoft.com/kb/259622/EN-US/ ) MS00-027: Command Processor May Not Parse Excessive Arguments Properly
259728  (http://support.microsoft.com/kb/259728/EN-US/ ) MS00-029: Windows Hangs with Fragmented IP Datagrams
259773  (http://support.microsoft.com/kb/259773/EN-US/ ) MS00-003: Incorrect Response to Local Procedure Call Causes "Stop" Error Message
262388  (http://support.microsoft.com/kb/262388/EN-US/ ) Denial-of-Service Attack Possible from Linux RPC Client
262694  (http://support.microsoft.com/kb/262694/EN-US/ ) MS00-036: Malicious User Can Shut Down Computer Browser Service
263307  (http://support.microsoft.com/kb/263307/EN-US/ ) MS00-036: Excessive Browser Announcements May Force Computer Shutdown
264684  (http://support.microsoft.com/kb/264684/EN-US/ ) MS00-040: Patch for "Remote Registry Access Authentication" Vulnerability
266433  (http://support.microsoft.com/kb/266433/EN-US/ ) MS00-070: Patch for Numerous Vulnerabilities in the LPC Port System Calls
267858  (http://support.microsoft.com/kb/267858/EN-US/ ) "Memory Could Not Be Read" Error Message While Doing File Operation
268082  (http://support.microsoft.com/kb/268082/EN-US/ ) DNS SOA Record May Reveal Administrator Account Name
269049  (http://support.microsoft.com/kb/269049/EN-US/ ) MS00-052: Registry-Invoked Programs Use Standard Search Path
269239  (http://support.microsoft.com/kb/269239/EN-US/ ) MS00-047: NetBIOS Vulnerability May Cause Duplicate Name on the Network Conflicts
271216  (http://support.microsoft.com/kb/271216/EN-US/ ) Fix for E-mail Issues Between 128-Bit and 56-Bit Encryption Using French Regional Settings
274835  (http://support.microsoft.com/kb/274835/EN-US/ ) MS00-083: Buffer Overflow in Network Monitor May Cause Vulnerability
275567  (http://support.microsoft.com/kb/275567/EN-US/ ) MS00-091: Multiple NetBT Sessions May Hang Local Host
276575  (http://support.microsoft.com/kb/276575/EN-US/ ) MS00-094: Patch Available for "Phone Book Service Buffer Overflow" Vulnerability
277910  (http://support.microsoft.com/kb/277910/EN-US/ ) MS00-087: Patch Available for "Terminal Server Login Buffer Overflow" Vulnerability
279336  (http://support.microsoft.com/kb/279336/EN-US/ ) MS01-003: Patch Available for Winsock Mutex Vulnerability
279843  (http://support.microsoft.com/kb/279843/EN-US/ ) Some System Named Pipes Are Not Created with Appropriate Permissions
280119  (http://support.microsoft.com/kb/280119/EN-US/ ) MS01-008: A Patch Is Available for the NTLMSSP Privilege Elevation Vulnerability
283001  (http://support.microsoft.com/kb/283001/EN-US/ ) MS01-009: Patch Available for Malformed PPTP Packet Stream Vulnerability
292435  (http://support.microsoft.com/kb/292435/EN-US/ ) MS01-040: Invalid RDP Data Can Cause Memory Leak in Terminal Services
293818  (http://support.microsoft.com/kb/293818/EN-US/ ) MS01-017: Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
298012  (http://support.microsoft.com/kb/298012/EN-US/ ) MS01-041: Malformed RPC Request Can Cause Service Problems
303628  (http://support.microsoft.com/kb/303628/EN-US/ ) Relative Path Issue Can Allow Program to Be Run Under the System Context

FrontPage Server Extensions

FrontPage Server Extensions are included as part of the Windows NT 4.0 Option Pack. This pack is not supported on Windows NT Server 4.0, Terminal Server Edition. Patches for FrontPage Server Extensions have been provided as part of the SRP only for customers who have installed the Option Pack to protect their computers during the migration to a supported operating system.

Index Server 2.0

252463  (http://support.microsoft.com/kb/252463/EN-US/ ) MS00-006: Index Server Error Message Reveals Physical Location of Web Folders
294472  (http://support.microsoft.com/kb/294472/EN-US/ ) MS99-057: Index Server Search Function Contains Unchecked Buffer
296185  (http://support.microsoft.com/kb/296185/EN-US/ ) MS01-025: Patch Available for New Variant of the "Malformed Hit-Highlighting" Vulnerability
300972  (http://support.microsoft.com/kb/300972/EN-US/ ) MS01-033: Unchecked Buffer in Index Server ISAPI Extension Can Enable Web Server Compromise
NOTE: Index Server 2.0 is part of the Windows NT 4.0 Option Pack which is not supported on Windows NT Server 4.0, Terminal Server Edition. Patches for Index Server 2.0 have been provided as part of the SRP only for customers who have installed the Option Pack to protect their computers during the migration to a supported operating system.

Internet Information Server 4.0

252693  (http://support.microsoft.com/kb/252693/EN-US/ ) Chunked Encoding Request with No Data Causes IIS Memory Leak
254142  (http://support.microsoft.com/kb/254142/EN-US/ ) MS00-023: 100% CPU Usage Occurs When You Send a Large Escape Sequence
260205  (http://support.microsoft.com/kb/260205/EN-US/ ) MS00-030: HTTP Request with a Large Number of Dots or Dot-Slashes Causes High CPU Utilization
260838  (http://support.microsoft.com/kb/260838/EN-US/ ) MS00-031: IIS Stops Servicing HTR Requests
267559  (http://support.microsoft.com/kb/267559/EN-US/ ) MS00-044: GET on HTR File Can Cause a "Denial of Service" or Enable Directory Browsing
269862  (http://support.microsoft.com/kb/269862/EN-US/ ) MS00-057: Patch Released for Canonicalization Error Issue
271652  (http://support.microsoft.com/kb/271652/EN-US/ ) MS00-063: Patch Released for Malformed URL Vulnerability That Disables Web Server Response
274149  (http://support.microsoft.com/kb/274149/EN-US/ ) Cookies Are Not Marked as SSL-Secured in IIS
277873  (http://support.microsoft.com/kb/277873/EN-US/ ) MS00-086: Patch Available for "Web Server File Request Parsing" Vulnerability
285985  (http://support.microsoft.com/kb/285985/EN-US/ ) MS01-004: Patch Available for New Variant of File Fragment Reading via .HTR Vulnerability
295534  (http://support.microsoft.com/kb/295534/EN-US/ ) MS01-026: Superfluous Decoding Operation Can Allow Command Execution Through IIS
297860  (http://support.microsoft.com/kb/297860/EN-US/ ) MS01-044: IIS 5.0 Security and Post-Windows NT 4.0 SP5 IIS 4.0 Patch Rollup
319733  (http://support.microsoft.com/kb/319733/EN-US/ ) MS02-018: April 2002 Cumulative Patch for Internet Information Services
NOTE: Internet Information Server 4.0 is part of the Windows NT 4.0 Option Pack which is not supported on Windows NT Server 4.0, Terminal Server Edition. Patches for IIS 4.0 have been provided as part of the SRP only for customers who have installed the Option Pack to protect their computers during the migration to a supported operating system.

Fixes that are not included in Windows NT Server 4.0, Terminal Server Edition SRP

The Windows NT Server 4.0, Terminal Server Edition SRP does not supersede the patches that are included in the following post-SP6 security bulletins:
300845  (http://support.microsoft.com/kb/300845/EN-US/ ) MS02-013: Java Applet Can Redirect Browser Traffic
311967  (http://support.microsoft.com/kb/311967/EN-US/ ) MS02-017: Unchecked Buffer in the Multiple UNC Provider
313829  (http://support.microsoft.com/kb/313829/EN-US/ ) Unchecked Buffer in Windows Shell Could Lead to Code Running
314147  (http://support.microsoft.com/kb/314147/EN-US/ ) MS02-006: An Unchecked Buffer in the SNMP Service May Allow Code to Run
318202  (http://support.microsoft.com/kb/318202/EN-US/ ) MS02-008: XMLHTTP Control in MSXML 2.0 Can Allow Access to Local Files
The Windows NT Server 4.0, Terminal Server Edition SRP does not include the patch delivered in the following post-SP6 security bulletin, because it should only be applied if WebDAV has been installed on the server.
296441  (http://support.microsoft.com/kb/296441/EN-US/ ) MS01-022: WebDAV Service Provider Can Allow Scripts to Levy Requests as a User
The Windows NT Server 4.0, Terminal Server Edition SRP does not include the tools that are provided as part of the following bulletins. These tools should be downloaded and run separately.
265714  (http://support.microsoft.com/kb/265714/EN-US/ ) MS00-095: Windows NT 4.0 SNMP Registry Entries Are Readable
267861  (http://support.microsoft.com/kb/267861/EN-US/ ) MS00-095: RAS Registry Modification Allowed Without Administrative Rights
267864  (http://support.microsoft.com/kb/267864/EN-US/ ) MS00-095: MTS Package Administration Key Includes Information About Users
The Windows NT Server 4.0, Terminal Server Edition SRP does not supersede the following bulletin, because the fix in this case requires an administrative procedure rather than a software change.
241219  (http://support.microsoft.com/kb/241219/EN-US/ ) MS99-036: Unattended Installation File Is Not Deleted After Setup Finishes

APPLIES TO
  • Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 6
Keywords: 
kbhotfixserver kbqfe kbfix kbinfo kbqfe kbsecurity KB317636
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support