ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Become a ZDNet.co.uk member

Resources Downloads

Download Now

Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows 2000) MS01-001


 License Free
Requirements Windows 2000, Office 2000 NOT installed
Downloads 214 Limitations None
Publisher Microsoft File Size 1.6M
Date added 13 Jan 2001 Check your speed

Report a broken link

This patch eliminates a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a Web server.

The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows Internet Explorer to view and publish files via Web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed. Instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user's Web site, either by browsing to the site or by opening an HTML mail that initiated a session with it, an application on the site could capture the user's NTLM credentials. The malicious user could then use an offline brute-force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources.

The vulnerability would only provide the malicious user with the cryptographically protected NTLM authentication credentials of another user. It would not, by itself, allow a malicious user to gain control of another user's computer or to gain access to resources to which that user was authorized access. In order to leverage the NTLM credentials (or a subsequently cracked password), the malicious user would have to be able to remotely logon to the target system. However, best practices dictate that remote logon services be blocked at border devices, and if these practices were followed, they would prevent an attacker from using the credentials to logon to the target system.

Frequently asked questions regarding this vulnerability can be found here.

Download Now

Did you find this download useful?
27 out of 50 users found this download useful


People who downloaded this software also downloaded...

SpyWall Anti-Spyware 1.4.3.1

Remove spyware and keep them out with a browser sandbox.

More info +

Download


Web Form SPAM Protection 1.5.1

Protect your files against spam spiders by encrypting your Web form code.

More info +

Download


Anonymity Gateway 2.5

Mask your real IP while surfing and erase traces of online activity.

More info +

Download


ItsCryptic 1

Protect files confidential to you or your business by encrypting them.

More info +

Download


Child Computer Lock 1.6

Protect your privacy by locking your computer.

More info +

Download


Sentry Total Family Protection 40.0.0012

Monitor your child's Internet and computer activity.

More info +

Download


EasyCryptor 1

Encrypt and decrypt any files and send results to your e-mail address.

More info +

Download


WinSettings Pro 2.1

Optimize your PC for better performance and reliability.

More info +

Download


Watch N Catch 1.0

Protect your assets with an IP-based video surveillance system.

More info +

Download


n-Pass2Go 2.7.0.465

Store and manage your passwords and encrypted data on any removable device.

More info +

Download



Download

Embarcadero Power SQL

Embarcadero PowerSQL simplifies SQL development for application developers with many features for improving productivity and reducing errors.

  • Downloads: 1,875
  • Requirements:
  • License: Vendor registration required
  • Publisher: Embarcadero
  • Size: 0

Download Now

More In Security management


Sentry Posts Blog

Biometric devices. Do you need one?

When saying “biometrics” I am not thinking about law enforcement, AFIS systems, national ID and visa projects. I first think about personal solutions that will make my life easier.... More

1 comment

Barracuda launches counter-suit agains...

Court cases are never pleasant or simple. The ongoing battle between security companies Trend Micro and Barracuda Networks took a new twist on Wednesday, when Barracuda launched a counter-suit... More

Post a comment

Mobile Speed Demon: Wireless Surpasses...

Mobile Speed Demon: Wireless Surpasses Landline Author: Eric Everson, Founder MyMobiSafe.com As I look around my house and throughout my network of friends, I instantly realize... More

Post a comment

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.

By: RonaldWilkins

Read full story:
Deloitte: People are still weakest security link

DOWNLOAD

Security Essentials

Security Downloads

There are masses of security suites out there for small businesses. Here's a selection to get you started

Editor’s Rating
1 Norton 360™
2 AVG Anti-Virus Free Edition Rating: 10
3 PC Tools AntiVirus Free Edition
4 Kaspersky Internet Security

See All Software

In association with Symantec