main

Windows 2000: Registry Tool for Security Patch

Daniel Fleshbourne   on 17 March 2003 - 19:53 · 5 comments & 837 views

Advertisement (Why?)
Quick Info
File Name: setmaxurllength.exe - Download Size: 215 KB - Date Published: 3/17/2003 - Version: 815021

Overview
A security issue has been identified that could allow an attacker to compromise a web server running Microsoft(r) Windows(r) 2000 and gain control over it. This tool, whose usage is described in Microsoft Knowledgebase article 815021, can be used to apply a registry setting that blocks known exploits of this vulnerability. This tool should be used as a temporary workaround until such time as the patch can be applied.

Download: Windows 2000: Registry Tool for Security Patch Unchecked buffer
View: Knowledge Base Article
News source: In-House


Change log:

  • Modern UI 1.63: Header bitmap support, new defines to change the description area, single macro for language selection dialog, more!
  • New tutorial in the documentation
  • define_if_last in Page command also works when a define has not been specified for all Page commands. This fixes the problem with the Modern UI "Click Next" / "Click Install" texts.
  • Added SectionSetInstTypes and SectionGetInstTypes
  • Reboot command does not force a reboot anymore (allows the user to save work)
  • !if[n]def/!else fixes
  • LogSet on now really starts logging
  • Cancel button available on all pages after the instfiles page but the last page unless /ENABLECANCEL was used in its Page command
  • License page: No more limit on RTF size
  • LangDLL: Option to auto-count number of languages, shell font support
  • Page and UninstPage can not be used inside sections/functions
  • CreateDirectory now uses the error flag
  • EnumRegKey/Value output_var check fixed
  • Updated translations
  • Dreaded BSOD after plug-ins enumeration finally banished
  • Minimize button and BGGradient and BGImage compatibility fixes
  • WriteINIStr with empty value works again
  • Added FlushINI



Share this Article

About the Author

Full name: Daniel Fleshbourne
User name: Daniel
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

Post a comment · Send to friend Comments · There are 5 additional comments
(1 reply) #1 tmaxxtigger on 17 Mar 2003 - 20:37
Hey, isn't Wednesday Hotfix day???
#1.1 dismuter on 17 Mar 2003 - 22:45
[neoquote=#1.0 by tmaxxtigger]Hey, isn't Wednesday Hotfix day??? [/neoquote] Exactly what I was thinking!
#2 edgrale on 17 Mar 2003 - 21:16
I wonder why I don't get these in e-mail anymore... weird.
#3 Drestin on 18 Mar 2003 - 00:00
Patch those IIS boxes boys (this one lets you do it without rebooting) cause THIS is the type of hole that worm-authors LOVE. It's there by default and damned simple to exploit. Argh... I honestly wish they had just rolled this one into a cumulative update and didn't make such clear mention of it. Gets those script kiddies drooling. Nice to see that it doesn't affect IIS 5.1 or 6 at all, though.
#4 raid517 on 18 Mar 2003 - 02:04
Hmm seems like a good way to get three articles out of one story. New MS security flaws... What else is new? Q

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.879) © 2000 - 2008 Neowin.net