Window NT Server 4.0, Terminal Server Edition Security Rollup Package 1 Now Available
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
Microsoft has released the first Security Rollup Package (SRP) for Microsoft® Windows NT Server 4.0, Terminal Server Edition (TSE SRP1). TSE SRP1 includes the functionality of virtually all security patches since the release of Windows NT Server 4.0, Terminal Server Edition Service Pack 6 (SP6).
TSE SRP1 is a small, comprehensive rollup of post-SP6 fixes, and provides an easier mechanism for managing the rollout of security fixes. For more information, please refer to Microsoft Knowledge Base article 317636.
On This Page
Patches included in TSE SRP1
Patches not included in TSE SRP1
Patches included in TSE SRP1
TSE SRP1 for Windows NT Server 4.0, Terminal Server Edition supersedes the patches delivered in the following security bulletins:
Core OS:
MS99-041 (242294): Tool Available for "RASMAN Security Descriptor" Vulnerability. While the SRP does not include the tool itself, the SRPs installer package does perform the functions that the tool performs, and resets the permissions to the appropriate value.
MS00-007 (248399): Patch Available for "Recycle Bin Creation" Vulnerability
MS00-021 (257870): Patch Available for "Malformed TCP/IP Print Request" Vulnerability
MS00-027 (259622): Patch Available for "Malformed Environment Variable" Vulnerability
MS00-029 (259728): Patch Available for "IP Fragment Reassembly" Vulnerability
MS00-036 (262694)and (263307): Patch Available for 'ResetBrowser Frame' and 'HostAnnouncement Frame' Vulnerabilities
MS00-040 (264684): Patch Available for 'Remote Registry Access Authentication' Vulnerability
MS00-047 (269239): Patch Available for 'NetBIOS Name Server Protocol Spoofing' Vulnerability
MS00-052 (269049): Patch Available for 'Relative Shell Path' Vulnerability
MS00-070 (266433): Patch Available for Multiple LPC and LPC Ports Vulnerabilities
MS00-083 (274835): Patch Available for 'Netmon Protocol Parsing' Vulnerability
MS00-087 (277910): Patch Available for 'Terminal Server Login Buffer Overflow' Vulnerability
MS00-091 (275567): Patch Available for 'Incomplete TCP/IP Packet' Vulnerability
MS00-094 (276575): Patch Available for 'Phone Book Service Buffer Overflow' Vulnerability
MS01-003 (279336): Weak Permissions on Winsock Mutex Can Allow Service Failure
MS01-008 (280119): Malformed NTLMSSP Request Can Enable Code to Run with System Privileges
MS01-009 (283001): Malformed PPTP Packet Stream can Cause Kernel Exhaustion
MS01-017 (293818): Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
MS01-040 (292435): Invalid RDP Data Can Cause Memory Leak in Terminal Services
MS01-041 (298012): Malformed RPC Request Can Cause Service Failure
MS01-052 (303628): Patch Available for 'Relative Shell Path' Vulnerability
MS02-001 (289246): Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data
FrontPage 2002 Server Extensions:
MS00-100 (280322): Patch Available for 'Malformed Web Form Submission' Vulnerability
Note: FrontPage 2002 Server Extensions ship as part of the NT 4.0 Option Pack, which is not supported on Windows NT Server 4.0, Terminal Server Edition. Patches for FPSE have been provided as part of TSE SRP1 only as a means of allowing customers who have installed the Option Pack to protect their systems while migrating to a supported platform.
Index Server 2.0:
MS00-006 (252463): Patch Available for "Malformed Hit-Highlighting Argument" Vulnerability
MS01-033 (300972): Unchecked Buffer in Index Server ISAPI Extension Can Enable Web Server Compromise
Note: Index Server 2.0 is part of the NT 4.0 Option Pack which is not supported on Windows NT Server 4.0, Terminal Server Edition. Patches for Index Server 2.0 have been provided as part of TSE SRP1 only as a means of allowing customers who have installed the Option Pack to protect their systems while migrating to a supported platform.
Internet Information Server 4.0:
MS02-018 (319733): Cumulative Patch for Internet Information Service. This patch supersedes all previously delivered patches for IIS 4.0.
Note: Internet Information Server 4.0 is part of the NT 4.0 Option Pack which is not supported on Windows NT Server 4.0, Terminal Server Edition. Patches for IIS 4.0 have been provided as part of TSE SRP1 only as a means of allowing customers who have installed the Option Pack to protect their systems while migrating to a supported platform.
Patches not included in TSE SRP1
TSE SRP1 does not supersede the patches delivered in the following post-SP6 security bulletins, because they were released after the cut-off date for inclusion in the SRP:
MS02-006 (314147): Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run.
MS02-008 (318202): XMLHTTP Control Can Allow Access to Local Files.
MS02-014 (313829): Unchecked Buffer in Windows Shell Could Lead to Code Execution.
MS02-017 (311967): Unchecked buffer in the Multiple UNC Provider Could Enable Code Execution.
Patches for Windows NT Server 4.0, Terminal Server Edition, that were delivered after 15 April 2002.
TSE SRP1 does not include the patch delivered in the following post-SP6 security bulletin, as it should only be applied if WebDAV has been installed on the server.
TSE SRP1 does not include the tool provided as part of the following bulletin. This tool should be downloaded and run separately.
- MS00-095 (265714, 267861, 267864): Tool Available for 'Registry Permissions' Vulnerability. This tool supersedes those provided in MS00-024 (259496), MS00-008 (103861, 185590, 184375) and MS00-005 (250625).
TSE SRP1 does not supersede the following bulletin, because the remediation in this case requires an administrative procedure rather than a software change.
For more information about the security rollup and to download the package, click here.