General 8066 Published by

Microsoft Security Bulletin MS00-036 announces the availability of a patch that eliminates two vulnerabilities, one affecting Microsoft:registered: Windows NT:registered: 4.0 and Windows:registered: 2000 systems, and the other affecting only Windows NT 4.0 systems.

What's the scope of the vulnerability?

These vulnerabilities could allow a malicious user to make it difficult or impossible for users on a network to locate services or other computers on the network. In the worst case, the first vulnerability also could enable the malicious user to provide bogus information to network users.

Under most conditions, the malicious user could only exploit these vulnerabilities within the subnet that his machine is on. Also, if a properly-configured firewall is in place, external users could not exploit this vulnerability against a network. Finally, normal system administration tools would allow the administrator to find the user who mounted the attack.

Read more