ZDNet UK


Skip to Main Content

  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Become a ZDNet UK member

Resources Downloads

Download Now

Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows Me) MS01-001


 License Free
Requirements Windows Me, Office 2000 NOT installed
Downloads 114 Limitations None
Publisher Microsoft File Size 304k
Date added 13 Jan 2001 Check your speed

Report a broken link

This patch eliminates a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a Web server.

The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and publish files via Web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed. Instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user's Web site, either by browsing to the site or by opening an HTML mail that initiated a session with it, an application on the site could capture the user's NTLM credentials. The malicious user could then use an offline brute-force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources.

The vulnerability would only provide the malicious user with the cryptographically protected NTLM authentication credentials of another user. It would not, by itself, allow a malicious user to gain control of another user's computer or to gain access to resources to which that user was authorized access. In order to leverage the NTLM credentials (or a subsequently cracked password), the malicious user would have to be able to remotely logon to the target system. However, best practices dictate that remote logon services be blocked at border devices, and if these practices were followed, they would prevent an attacker from using the credentials to logon to the target system.

Frequently asked questions regarding this vulnerability can be found here.

Download Now

Did you find this download useful?
22 out of 43 users found this download useful


People who downloaded this software also downloaded...

Sa4o - SafestMail4Outlook 2

Protect your e-mail against unsolicited messages and spams.

More info +

Download


History Cleaner 6.8

Clean Internet history, cookies, temporary Internet files, and index.dat files.

More info +

Download


Mirramail Encrypted Email 3.0

Send messages using a complete e-mail program.

More info +

Download


Smart Keystroke Recorder Pro 4.9

Monitor your computer and Internet activities.

More info +

Download


PCMesh Internet and Disk Cleanup 6.1

Delete all junk files and tracks of your Internet surfing.

More info +

Download


Email Privacy 3

Bypass your ISP's mail server and send e-mail directly to your recipient's mailbox.

More info +

Download


Maxa-Lock SE STD 3

Protect your running computer from intruders and get alarm if somebody tries to access it.

More info +

Download


LANwriter 1.0

Get an application for network CD/DVD writing, FTP and secure data publishing.

More info +

Download


Drag-Drop Form 7.2.9

Encrypt, store, and get quick access to your login URLs, usernames, passwords, and other private information.

More info +

Download


DeVault Pro 2009 S3

Organize, backup, encrypt, and share all your files via secure digital vaults.

More info +

Download


More In Security management




Download

Brocade File Insight 2.0

Brocade File Insight is a free Windows-based reporting utility that provides a quick and easy way to understand your SMB/CIFS network file environments.

  • Downloads: 4,557
  • Requirements: Microsoft 32-bit Windows Server 2003, XP Professional, or newer
  • License: Free Tool / Utility
  • Publisher: Brocade
  • Size: 0

Download Now

Google Chrome Special Report

All roads lead to Chrome

All roads lead to Chrome

Comment With its new browser, Google has finally taken its gaudy, chrome-plated, futuristic ray gun and pointed it straight at Microsoft's head

News Google to unveil open-source 'Chrome' browser

News Mozilla welcomes competition from Google's Chrome

More Special Reports

Sentry Posts Blog

Police seize phone-gun

Italian police have seized a gun disguised as a mobile phone, according to a report on Gizmodo. The phone can hold four bullets, and is powerful enough to kill somebody. Gizmodo... More

3 comments

Gov't loses a PC a week

The government averaged losing one PC per week over the last year, according to figures collated by the Conservatives. A Friday report by the Press Association said that Tory front-bencher... More

1 comment

The Technological Singularity

Are we approaching a point when machines may wake up and become self or seemingly self aware? Vernor Vinge in 1993 seemed to think so. He refered to this event as the "technological... More

4 comments

Featured Talkback

In association with Intel
It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.

By: RonaldWilkins

Read full story:
Deloitte: People are still weakest security link

DOWNLOAD

Security Essentials

Security Downloads

There are masses of security suites out there for small businesses. Here's a selection to get you started

Editor’s Rating
1 Norton 360™
2 AVG Anti-Virus Free Edition Rating: 10
3 PC Tools AntiVirus Free Edition
4 Kaspersky Internet Security

See All Software

In association with Symantec