Free windows vulnerabilities software for windows

Windows 2000 LPC Vulnerability Patch is a highly-efficient, high-quality patch which eliminates several security vulnerabilities that could allow a range of effects, from denial of service attacks to, in some cases, privilege elevation. Several vulnerabilities have been identified in the Windows NT 4.0 and Windows 2000 implementations of LPC and LPC ports:

• The Invalid LPC Request vulnerability, which affects only Windows NT 4.0. By levying an invalid LPC request, it would be possible to make the affected system fail.
• The LPC Memory Exhaustion vulnerability, which affects both Windows NT 4.0 and Windows 2000. By levying spurious LPC requests, it could be possible to increase the number of queued LPC messages to the point where kernel memory was depleted.
• The Predictable LPC Message Identifier vulnerability, which affects both Windows NT 4.0 and Windows 2000. Any process that knows the identifier of an LPC message can access it; however, the identifiers can be predicted. In the simplest case, a malicious user could access other process LPC ports and feed them random data as a denial of service attack. In the worst case, it could be possible, under certain conditions, to send bogus requests to a privileged process in order to gain additional local privileges.
• A new variant of the previously-reported Spoofed LPC Port Request vulnerability. This vulnerability affects Windows NT 4.0 and Windows 2000, and could, under a very restricted set of conditions, allow a malicious user to create a process that would run under the security context of an already-running process, potentially including System processes.

Windows XP RDP Protocol Security Vulnerability Patch MS02-051 is a patch for removing two vulnerabilities not good for the implementation of the RDP protocol.

The first vulnerability involves the way in which session encryption is implemented in certain versions of RDP. All RDP implementations permit the data in an RDP session to be encrypted. However, in the versions of RDP that are included in Windows 2000 and Windows XP, the checksums for the plain-text session data are sent without themselves being encrypted. An attacker who can ""eavesdrop on"" and record an RDP session might be able to conduct a straightforward cryptanalytic attack against the checksums and recover the session traffic.

The second vulnerability involves the way in which the RDP implementation in Windows XP handles data packets that are malformed in a particular way. When RDP receives such data packets, the Remote Desktop service stops working. When this problem occurs, Windows stops working correctly also. An attacker does not have to be authenticated on an affected computer to deliver packets of this type to an affected computer.

Windows Media Player ASF Unchecked Buffer Vulnerability MS01-056 is a useful software which addresses two security vulnerabilities in Windows Media Player.

The two vulnerabilities are a buffer overrun in the functionality used to process Active Stream Redirector (.ASX) files, and a vulnerability affecting how Windows Media Player handles Internet shortcuts.

In addition, this update addresses a potential privacy vulnerability that was recently identified. This patch should be used with Windows Media Player 6.4, 7, or 7.1.

WareSeeker Editor

Windows Media Player 6.4 Cumulative Vulnerability Patch MS02-032 is a useful software which includes the functionality of all previously released patches for Windows Media Player 6.4.

In addition, it eliminates the following three newly discovered vulnerabilities: An information disclosure vulnerability that could allow an attacker to run code on the user's system and is rated as critical severity.

Major Features:

1. A privilege elevation vulnerability that could enable an attacker who can physically logon locally to a Windows 2000 machine and run a program to obtain the same rights as the operating system.
2. A script execution vulnerability related that could run a script of an attacker's choice as if the user had chosen to run it after playing a specially formed media file and then viewing a specially constructed web page.
3. This particular vulnerability has specific timing requirements that make attempts to exploit vulnerability difficult and is rated as low severity.

WareSeeker Editor

Microsoft Windows 98 Update: Scriptlet.typlib and Eyedog Security Vulnerabilities Update brings an advanced and complete update which eliminates security vulnerabilities in two ActiveX controls: Scriptlet.typlib and Eyedog. Without this update, these controls can be maliciously used to perform unauthorized actions, like creating, deleting, or modifying files on a user's computer. For more information on this update and these ActiveX controls, please visit Microsoft Security Bulletin MS99-031.