Windows NT 4.0 Service Pack 6a 后的 Security Rollup Package (SRP) |
本文章中的信息适用于:
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server,企业版 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
摘要
Microsoft 已经为 Windows NT 4.0 发布了一个 Security Rollup Package (SRP),其中包括了自 Windows NT 4.0 Service Pack 6a (SP6a) 发布以来所有 Windows NT 4.0 的安全补丁中的功能。这是对 SP6a 后的修补程序的小巧而全面的汇总,并且为管理安全修补程序的初次发布提供了一种更为简便的机制。应用 SRP 不会改变计算机的加密级别。
Compaq 数组控制器用户:如果您已经通过 Compaq 网站、Compaq FTP 站点、或 Compaq SmartStart 安装了 Compaq 数组控制器驱动程序 (Cpqarray.sys),请参考 Microsoft 知识库中关于 Compaq 数组控制器和 Windows NT 4.0 SRP 的下列文章:
Q305228 "STOP 0xA" Occurs After Applying Windows NT 4.0 Security Rollup Package
数字签名问题:如果您正在运行 Internet Explorer 5.5 Service Pack 2 (SP2) 或 Internet Explorer 5.01 Service Pack 2 (SP2),请在访问任何使用安全套接字层 (SSL) 的安全网站 (https://) 时,参阅 Microsoft 知识库中的下列文章:Q305929 "This Certificate has an Invalid Digital Signature" Error Occurs After You Install the Windows NT 4.0 Security Rollup Package (SRP)
Microsoft IntelliPoint 用户:如果您使用早于 2.2 版本的 Microsoft IntelliPoint,请在安装 SRP 前参阅 Microsoft 知识库中的下列文章:Q305462 Mouse and Keyboard Stop Working After You Install the Windows NT 4.0 Security Rollup Package
如果要添加可选服务,您必须重新应用 Windows NT 4.0 Service Pack,然后再重新应用 SRP。有关其他信息,请单击下面的文章编号以查看 Microsoft 知识库中的文章:Q196269 When to Reinstall a Service Pack
如果需要添加可选服务,请执行以下步骤:
- 安装所有的可选服务和伴随服务。系统将会提示您提供最初的 Window NT 4.0 媒体。
- 安装了最初媒体中的文件之后,在重新启动计算机之前,重新安装 Windows NT 4.0 SP6a。您必须在重新安装 SRP 之前重新安装 SP6a,因为 SRP 需要 SP6a。
- 重新启动计算机。
- 重新安装 SRP。
- 重新启动计算机。
- 根据需要安装其他 SP6a 后的修补程序。
有关如何重新启动一次而完成多个修补程序安装的其他信息,请单击下面的文章编号以查看 Microsoft 知识库中的文章: Q296861 Use QChain.exe to Install Multiple Hotfixes with One Reboot
- 重新启动计算机。
有关 SRP 的更多信息,请访问以下 Microsoft 网站:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/security/news/nt4srp.asp
更多信息
可以从以下 Microsoft 网站中获取修补程序(如果您的语言没有列出,请再检查一下):
http://www.microsoft.com/ntserver/nts/downloads/critical/q299444/default.asp
注意:该补丁需要 Windows NT 4.0 SP6a。
发布日期:2001 年 7 月 26 日
有关如何下载 Microsoft 支持文件的其他信息,请单击下面的文章编号以查看 Microsoft 知识库中的文章:Q119591 How to Obtain Microsoft Support Files from Online Services
Microsoft 使用在发布日期后可用的最新病毒检测软件来扫描该文件是否有病毒。一旦发布后,文件将保存在防止对文件进行未授权更改的安全服务器上。
SRP 中包含的修补程序
SRP 包含已通过 Microsoft 安全公告交付的 SP6a 后的所有修补程序。此外,它还包括少数尚未讨论过的修补程序。鉴于安全公告会干扰客户的日常维护过程,一般情况下,Microsoft 只在安全问题对您的系统造成直接威胁时才进行发布。不符合该标准的问题一般通过其他交付手段解决,例如,Service Pack 或本例中的 SRP。 Q241041 Enabling NetBT to Open IP Ports Exclusively
Q243649 Unchecked Print Spooler Buffer May Expose System Vulnerability
Q243835 How to Prevent Predictable TCP/IP Initial Sequence Numbers
Q244599 Fixes Required in TCSEC C2 Security Evaluation Configuration for Windows NT 4.0 Service Pack 6a
Q246045 Malformed Resource Enumeration Arguments May Cause Named Pipes and Other System Services to Fail
Q247869 Local Procedure Call May Permit Unauthorized Account Usage
Q248183 Syskey Tool Reuses Keystream
Q248185 Security Identifier Enumeration Function in LSA May Not Handle Argument Properly
Q248399 Shared Workstation Setup May Permit Access to Recycle Bin Files
Q249108 Registry Data Is Viewable By All Users During Rdisk Repair Update
Q249197 Internet Explorer Does Not Allow Use of Single SGC Certificate with 128-Bit Encryption for Virtual Sites
Q249863 SGC Connections May Fail from Domestic Clients
Q249973 Default RTF File Viewer Interrupts Normal Program Processing
Q250625 Default Registry Key Permissions May Allow Privilege Elevation
Q252463 Index Server Error Message Reveals Physical Location of Web Folders
Q257870 Malformed Print Request May Stop Windows 2000 TCP/IP Printing Service
Q259042 Handle Leak in WinLogon After Applying Windows NT 4.0 Service Pack 6
Q259496 Incorrect Registry Setting May Allow Cryptography Key Compromise
Q259622 Command Processor May Not Parse Excessive Arguments Properly
Q259728 Windows Hangs with Fragmented IP Datagrams
Q259773 Incorrect Response to Local Procedure Call Causes "Stop" Error Message
Q262388 Denial-of-Service Attack Possible from Linux RPC Client
Q262694 Malicious User Can Shut Down Computer Browser Service
Q264684 Patch for "Remote Registry Access Authentication" Vulnerability
Q265714 Windows NT 4.0 SNMP Registry Entries Are Readable
Q266433 Patch for Numerous Vulnerabilities in the LPC Port System Calls
Q267858 Memory Could Not Be Read Error Message While Doing File Operation
Q267861 RAS Registry Modification Allowed Without Administrative Rights
Q267864 MTS Package Administration Key Includes Information About Users
Q268082 DNS SOA Record May Reveal Administrator Account Name
Q269049 Registry-Invoked Programs Use Standard Search Path
Q269239 NetBIOS Vulnerability May Cause Duplicate Name on the Network Conflicts
Q271216 Fix for E-mail Issues Between 128-Bit and 56-Bit Encryption Using French Regional Settings
Q274835 Buffer Overflow in Network Monitor May Cause Vulnerability
Q275567 Multiple NetBT Sessions May Hang Local Host
Q276575 Patch Available for "Phone Book Service Buffer Overflow" Vulnerability
Q279336 Patch Available for Winsock Mutex Vulnerability
Q279843 Several Named Pipes Like NTSVCS and LSASS are Created Without Protection
Q280119 A Patch Is Available for the NTLMSSP Privilege Elevation Vulnerability
Q283001 Patch Available for Malformed PPTP Packet Stream Vulnerability
Q293818 Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
Q294472 Index Server Search Function Contains Unchecked Buffer
Q296185 Patch Available for New Variant of the "Malformed Hit-Highlighting" Vulnerability
Q298012 Malformed RPC Request May Cause Service Failure
Q300972 Unchecked Buffer in Index Server ISAPI Extension Can Enable Web Server Compromise
Q303628 Relative Path Issue Can Run Program Under System Context
包含在 SRP 中的 IIS 修补程序
Q188348 Specially-Malformed FTP Requests May Create Denial of Service
Q233335 Page Contents Visible When Certain Characters are at End of URL
Q234905 Improperly Formatted HTTP Request May Cause INETINFO Process to Fail
Q238349 Specially-Malformed Header in GET Request Creates Denial of Service
Q238606 Page Contents Visible When Certain Dot Extensions Present in the Virtual Directory Name
Q241805 Combined FTP and Domain Restriction Security Patch for IIS 4.0
Q244613 IIS 4.0 SSL ISAPI Filter Can Leak Single Buffer of Plaintext
Q246401 IIS May Improperly Parse Specific Escape Characters
Q249599 Virtual Directory Mapped to UNC Returns Server-Side Script Code When URL Contains Additional Characters at the End of the Request
Q252693 Chunked Encoding Request with No Data Causes IIS Memory Leak
Q254142 100% CPU Usage Occurs When You Send a Large Escape Sequence
Q260205 HTTP Request with a Large Number of Dots or Dot-Slashes Causes High CPU Utilization
Q260347 IIS 4: Fix for Cross-Site Scripting Issues
Q260838 IIS Stops Servicing HTR Requests
Q267559 GET on HTR File Can Cause a "Denial of Service" or Enable Directory Browsing
Q269862 Patch Released for Canonicalization Error Issue
Q271652 Patch Released for Malformed URL Vulnerability That Disables Web Server Response
Q274149 Cookies Are Not Marked as Secure in IIS
Q277873 Patch Available for "Web Server File Request Parsing" Vulnerability
Q280322 FPSE: Patch for Malformed Web Form Submission Security Vulnerability
Q285985 Patch Available for New Variant of File Fragment Reading via .HTR Vulnerability
Q295534 Superfluous Decoding Operation Can Allow Command Execution Through IIS
Microsoft 知识库中 2001 年 5 月 14 日列出的下列文章部分的修补程序包括在 Windows NT 4.0 SP6a 后的 SRP 中:
Q297860 IIS 5.0 Security and Post-Windows NT 4.0 SP5 IIS 4.0 Patch Rollup
注意:在对 Windows NT 4.0 SP6a 之后的 SRP(其中包括了在公告 MS01-026 中提及的安全补丁)进行应用时,请注意系统中可能出现新的问题,如下列 KB 文章所述:
Q299273 UPN Logon Option Does Not Work After You Apply Fix from MS01-026[iis]
EOF