Jump to content

Windows 2000 "Hotstream" Project


Gurgelmeyer

Recommended Posts

That makes sense - seeing how two updates for IE are folded into the MS URP (excuse me :blushing: )

MS05-014 Cumulative security update for Internet Explorer 867282 and

MS05-020 Cumulative security update for Internet Explorer 890923.


Bulletin Article title
MS02-050 Certificate validation flaw might permit identity spoofing 317636
MS03-008 Flaw in Windows Script Engine may allow code to run 814078
MS03-022 Vulnerability in ISAPI Extension for Windows Media Services may cause code execution 822343
MS03-023 Buffer overrun in the HTML converter could allow code execution 823559
MS03-025 Flaw in Windows message handling through Utility Manager could enable privilege elevation 822679
MS03-026 Buffer Overrun in RPC May Allow Code Execution 823980
MS03-030 Unchecked Buffer in DirectX Could Enable System Compromise 819696
MS03-034 Flaw in NetBIOS could lead to information disclosure 824105
MS03-039 A buffer overrun in RPCSS could allow an attacker to run malicious programs 824146
MS03-041 Vulnerability in Authenticode Verification Could Allow Remote Code Execution 823182
MS03-042 Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution 826232
MS03-043 Buffer overrun in Messenger service could allow code execution 828035
MS03-044 Buffer overrun in Windows Help and Support Center could lead to system compromise 825119
MS03-045 Buffer overrun in the ListBox and in the ComboBox Control could allow code execution 824141
MS03-049 Buffer Overrun in the Workstation Service Could Allow Code Execution 828749

MS04-006 A vulnerability in the Windows Internet Name Service (WINS) could allow code execution 830352
MS04-007 An ASN.1 vulnerability could allow code execution 828028
MS04-008 Vulnerability in Windows Media Services could allow a Denial of Service attack 832359
MS04-011 Security Update for Microsoft Windows 835732
MS04-012 Cumulative Update for Microsoft RPC/DCOM 828741
MS04-014 Vulnerability in the Microsoft Jet Database Engine could permit code execution 837001
MS04-016 Vulnerability in DirectPlay could allow denial of service 839643
MS04-019 A vulnerability in Utility Manager could allow code execution 842526
MS04-020 A vulnerability in POSIX could allow code execution 841872
MS04-022 A vulnerability in Task Scheduler could allow code execution 841873
MS04-023 Vulnerability in HTML Help could allow code execution 840315
MS04-024 A vulnerability in the Windows shell could allow remote code execution 839645
MS04-030 Vulnerability in WebDAV XML message handler could lead to a denial of service 824151
MS04-031 Vulnerability in NetDDE could allow remote code execution 841533
MS04-032 Security update for Microsoft Windows 840987
MS04-037 Vulnerability in Windows shell could allow remote code execution 841356
MS04-041 A vulnerability in WordPad could allow code execution 885836
MS04-043 Vulnerability in HyperTerminal could allow code execution 873339
MS04-044 Vulnerabilities in Windows Kernel and LSASS could allow elevation of privilege 885835
MS04-045 Vulnerability in WINS could allow remote code execution 870763

MS05-001 Vulnerability in HTML Help could allow code execution 890175
MS05-002 Vulnerability in cursor and icon format handling could allow remote code execution 891711
MS05-003 Vulnerability in the Indexing Service could allow remote code execution 871250
MS05-008 Vulnerability in Windows shell could allow remote code execution 890047
MS05-010 Vulnerability in the License Logging service could allow code execution 885834
MS05-011 Vulnerability in server message block could allow remote code execution 885250
MS05-012 Vulnerability in OLE and COM could allow remote code execution 873333
MS05-013 Vulnerability in the DHTML editing component ActiveX control could allow code execution 891781
MS05-014 Cumulative security update for Internet Explorer 867282
MS05-015 Vulnerability in hyperlink object library could allow remote code execution in Windows Server 2003 888113
MS05-016 Vulnerability in Windows Shell that could allow remote code execution 893086
MS05-017 Vulnerability in MSMQ could allow code execution 892944
MS05-018 Vulnerabilities in Windows kernel could allow elevation of privilege and denial of service 890859
MS05-019 Vulnerabilities in TCP/IP could allow remote code execution and denial of service 893066
MS05-020 Cumulative security update for Internet Explorer 890923

April 30 was last update included in rollup

Link to comment
Share on other sites


The IE so-called "cumulative" updates are a mess these days. Especially the IE6 ones - because they are not always cumulative, there are some times 2 updates with different KB #'s - one for admins and one on WU, and most IE6 security updates contain more than one version of the same binary. In w2k3 it gets even better: different versions of the same file sometimes share the same build number. Must be a nightmare for admins :wacko:

What actually gets installed is yet another thing to be conserned about. When installing IE6 one file which has to do with security/encryption seems to be kept permanently in the pending file-rename operations queue on w2k. The reason is, that it has a lower version number than the built in file with the same name, so the .inf installer doesn't replace the one in the dllcache.

Anyway - thanks guys for clearing this up. You saved me a lot of time :thumbup:

Link to comment
Share on other sites

Things just keep getting better. I hope you're keeping track of how you did all of this, because I for one would find it to be a really interesting read.

Link to comment
Share on other sites

Gurgelmeyer!? I know you have your hands full with work and commitments a plenty that will likely keep you busy indefinitely -- but I have to ask: How about an "Unofficial Gurgelmeyer/Microsoft JVM Roll-up"?

A lot of people still prefer the Microsoft JVM over Sun's Java JRE as it's: smaller, required for and/or still faster for some applications, and with all its patches as secure as Sun's JRE.

The last release of the JVM was 3810 (available here and elsewhere) but there are a confusing slew of patches... As some would like to install the JVM and others JRE it would be nice to be able to install a fully updated Microsoft JVM that was secure from go, rather then having to search for 3810, then have to remember to go to Microsoft Update and pick the JVM updates. This would also (ideally) make cleanly installing and uninstalling the Microsoft JVM a clean and simple one step process...

This project would benefit Users of ever flavor of Windows -- 2000, XP, and Server 20003. As your understanding of Microsoft's patch and packaging system internals seems to be the best in the biz, it would be nice if you were the guy to give this 'the Gurgelmeyer treatment', to see it done right -- if and/or when you'd have time to get around to such a thing...

:wub:

Edited by hoak
Link to comment
Share on other sites

<sigh>

RyanVM isn't trolling. Did you read the linked material? MS doesn't include it's Java in its operating systems anymore. It was a victim of their embrace and extend, had security flaws, got lotsa patches, Sun won the lawsuit, MS dropped their proprietary version. Which is, in fact, a JVM based on version 1.1, which dates from 1997.

(Not saying it's good or bad, simply explaining that when RyanVM says what he says, he isn't trolling)

Link to comment
Share on other sites

RyanVM isn't trolling. Did you read the linked material?

Yes, did you? In fact I read the thread in entire, and the title/topic post only emphasizes the point I made here, and that others were trying to make in the MS JVM thread that RyanVM's post has no bearing on and is not pertinent to...

MS doesn't include it's Java in its  operating systems anymore.

Yes, I know, it should be pretty obvious I acknowledge this in my post...

It was a victim of their embrace and extend, had security flaws, got lotsa patches, Sun won the lawsuit, MS dropped their proprietary version. Which is, in fact, a JVM based on version 1.1, which dates from 1997.

Well thanks for the embellished, incomplete and not entirely accurate history lesson; but I really don't need one, and it has virtually no bearing on the veracity of the MS JVM for those that need or perfer it for specific applications.

(Not saying it's good or bad, simply explaining that when RyanVM says what he says, he isn't trolling)

Well then call it a post not germane to the topic; I seriously doubt that most people that post to these fourms don't know the history of the Microsoft/Sun/Java litigation in considerable detail that is way beyond the scope and not germane to the topic.... What you and RyanVM clealy miss, misunderstand or ignore is the value and veracity of the MS JVM; the fact that even though Microsoft no longer officially offers or supports it -- that it still outperformas the Sun's JRE for many applications considerably and is arguably (for your benifit), as, or more secure with Microsoft's updates than the Sun JRE.

The point, of the post in this thread is there are those that need the Microsoft JVM for specific applications compiled specifically for or optimised for it -- that either run poorly or not at all on the Sun JRE, and that it would be nice to be able to install and uninstall a secure and fully patched MS JVM... Sorry that this has appearently escaped you (and RyanVM) in both threads...

:blink:

Edited by hoak
Link to comment
Share on other sites

Hi all :)

I - for one - still can't do online banking without MSJVM. :wacko:

I already looked into this a few months back, and I've briefly examined the original multi-platform MSJVM package (3802), the W2k SP3 version of MSJVM (3805), the original multi-platform version of Q816093 (3810), and the W2k SP3-only version of Q816093 (3810).

Best regards,

Gurgelmeyer

PS - Yes, I'll do it :)

Edited by Gurgelmeyer
Link to comment
Share on other sites

Woot! The Magic Penguin strikes again! :wub: I'm sorry to have pooped up the thread with this stuff, but it's been so long since I've done without the MS JVM that I can't even remember what Microsoft and 3rd party applications I have that grind to a halt without it. :blushing:

All I can say is: "Are we ever lucky to have Gurgelmeyer!" It will be interesting to benchmark equivelent service setups on a properly patched Gurgelmeyered™ installation of Windows 2000 vs. Server 2003 and Windows XP...

:)

Link to comment
Share on other sites

Hi, gents.

This post is not arguing anything whatsoever either way about MS JVM, its users, online banking, security or insecurity of the MS JVM, who or what supports it, or anything else. It's just me doing an MSJVM package for fun.

Build 3810 will install only if msjava.dll is on the system, and XPSP2 and Win2k SP4+ don't put it on the system by default. So, I whipped the below up.

Here was a RAR file containing the last msjava.dll MS issued (Build 3810 version); it installs in in your /system32. Then, the package runs the 3810 updater. It worked okay and installed MS JVM on my machine. Give it a try. I'll keep it up for a few days, but I don't want major throughput so I'll take it down after a little while.

edit: file now removed. (23 folks downloaded it.)

Edited by fdv
Link to comment
Share on other sites

I just got a replacement for my faulty HDD and I'm glad I found this forum thread. I am interested in slipstreaming your SP5 into my Win2K CD before I re-install.

Couple questions...

1.) I noticed someone mention that having a SP5 installed might cause problems with Windows Update in the future. Any further information on this?

2.) How's it coming? My new HDD is burning a whole threw my desk waiting to go into my computer.

I wanna be clear that I am not a whiney grabby guy that expects everything in the world for free, etc. If you get it done and when then I'll be thankful, but I am just curious because I want to know if I should bother waiting for it to be finished or if I should just go ahead and re-install w/o it.

Thanks Gurgelmeyer, Project looks great. Way to fill the Gap.

-matthiaselmo

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...