Windows NT 4.0 SRP Info

Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)

Microsoft has released a Security Rollup Package (SRP) for Windows NT 4.0 that includes the functionality from all security patches released for Windows NT 4.0 since the release of Windows NT 4.0 Service Pack 6a (SP6a) . This small, comprehensive rollup of post-SP6a fixes provides an easier mechanism for managing the rollout of security fixes. Please refer to Microsoft Knowledge Base article 299444 for more information about this rollup package.
Download SRP for NT 4.0 (13.9mb, released July 26, 2001)

What is included in the SRP?

The following Microsoft Security Bulletins are included in the SRP:
Core OS

• MS99-046 (243835) – Improve TCP Initial Sequence Number Randomness
• MS99-047 (243649) – Malformed Spooler Request Vulnerability
• MS99-055 (246045) – Malformed Resource Enumeration Argument Vulnerability
• MS99-056 (248183) – Syskey Keystream Reuse Vulnerability
• MS99-057 (248185) – Malformed Security Identifier Request Vulnerability
• MS00-003 (247869) – Spoofed LPC Port Request Vulnerability
• MS00-004 (249108) – RDISK Registry Enumeration File Vulnerability
• MS00-005 (249973) – Malformed RTF Control Word Vulnerability
• MS00-007 (248399) – Recycle Bin Creation Vulnerability
• MS00-008 (250625) – Registry Permissions Vulnerability
• MS00-021 (257870) – Malformed TCP/IP Print Request Vulnerability
• MS00-024 (259496) – OffloadModExpo Registry Permissions Vulnerability
• MS00-027 (259622) – Malformed Environment Variable Vulnerability
• MS00-029 (259728) – IP Fragment Reassembly Vulnerability
• MS00-036 (262694) – ResetBrowser Frame and Host Announcement Frame Vulnerabilities
• MS00-040 (264684) – Remote Registry Access Authentication Vulnerability
• MS00-047 (269239) – NetBIOS Name Server Protocol Spoofing Vulnerability
• MS00-052 (269049) – Relative Shell Path Vulnerability
• MS00-070 (266433) – Multiple LPC and LPC Ports Vulnerabilities
• MS00-083 (274835) – Netmon Protocol Parsing Vulnerability
• MS00-091 (275567) – Incomplete TCP/IP Packet Vulnerability
• MS00-094 (276575) – Phone Book Service Buffer Overflow Vulnerability
• MS00-095 (265714) – Registry Permissions Vulnerability
• MS01-003 (279336) – Weak Permissions on Winsock Mutex Can Allow Service Failure
• MS01-008 (280119) – Malformed NTLMSSP Request Can Enable Code to Run with System Privileges
• MS01-009 (283001) – Malformed PPTP Packet Stream Can Cause Kernel Exhaustion
• MS01-017 (293818) – Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
• MS01-041 (298012) – Malformed RPC Request Can Cause Service Failure

Internet Information Server 4.0

• MS99-003 (188348) – IIS Malformed FTP List Request Vulnerability
• MS99-019 (234905) – Malformed HTR Request Vulnerability
• MS99-022 (233335) – Double Byte Code Page Vulnerability
• MS99-029 (238349) – Unauthorized Access to IIS Servers through ODBC Data Access with RDS
• MS99-039 (241805) – Domain Resolution and FTP Download Vulnerabilities
• MS99-053 (244613) – Windows Multithreaded SSL ISAPI Filter Vulnerability
• MS99-058 (238606) – Virtual Directory Naming Vulnerability
• MS99-061 (246401) – Escape Character Parsing Vulnerability
• MS00-018 (252693) – Chunked Encoding Post Vulnerability
• MS00-019 (249599) – Virtualized UNC Share Vulnerability
• MS00-023 (254142) – Myriad Escaped Characters Vulnerability
• MS00-030 (260205) – Malformed Extension Data in URL Vulnerability
• MS00-031 (260838) – Undelimited .HTR Request and File Fragment Reading via .HTR Vulnerabilities
• MS00-044 (267559) – Absent Directory Browser Argument Vulnerability
• MS00-057 (269862) – File Permission Canonicalization Vulnerability
• MS00-060 (260347) – IIS Cross-Site Scripting Vulnerabilities
• MS00-063 (271652) – Invalid URL Vulnerability
• MS00-078 (269862) – Web Server Folder Traversal Vulnerability
• MS00-080 (274149) – Session ID Cookie Marking Vulnerability
• MS00-086 (277873) – Web Server File Request Parsing Vulnerability
• MS01-004 (285985) – Malformed .HTR Request Allows Reading of File Fragments
• MS01-026 (295534) – Superfluous Decoding Operation Could Allow Command Execution via IIS

Index Server

• MS00-006 (252463) – Malformed Hit-Highlighting Argument Vulnerability
• MS01-025 (294472) and (296185) – Index Server Search Function Contains Unchecked Buffer
• MS01-033 (300972) – Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise

Front Page Server Extensions

• MS00-100 (280322) – Malformed Web Form Submission Vulnerability

What SRP does NOT include

The fixes for the following vulnerabilities affecting Windows NT 4.0 systems are not included in the SRP. Administrators should read the associated security bulletin to determine if these patches should be applied:
Core OS

• MS01-022 (296441) – WebDAV Service Provider Can Allow Scripts to Levy Requests as User
• MS00-079 – Hyperterminal issue (this patch was re-released after the NT4 SRP)

Front Page Server Extensions

• MS01-035 (300477) – FrontPage Server Extension Sub-Component Contains Unchecked Buffer

Java Virtual Machine

• MS00-081 (277014) – New Variant of VM File Reading Vulnerability Which includes patches for:
  • MS99-031 : Virtual Machine Sandbox Vulnerability
  • MS99-045 : Virtual Machine Verifier Vulnerability
  • MS00-011 : VM File Reading Vulnerability
  • MS00-059 : Java VM Applet Vulnerability

The following fixes are not included in the SRP because they require administrative action rather than a software change. Administrators should ensure that in addition to applying this patch, they also have taken the administrative action discussed in the following bulletins:
Core OS

• MS98-001 (169556) – Disabling Creation of Local Groups on a Domain by Non-Administrative Users
• MS99-036 (155197) – Windows NT 4.0 Does Not Delete Unattended Installation File
• MS99-041 (242294) – RASMAN Security Descriptor Vulnerability

Internet Information Server

• MS98-004 (184375) – Unauthorized ODBC Data Access with RDS and IIS
• MS99-013 (232449) – File Viewers Vulnerability
• MS99-025 (184375) – Unauthorized Access to IIS Servers through ODBC Data Access with RDS

Front Page Server Extensions

• MS00-025 (259799) – Link View Server-Side Component Vulnerability
• MS00-028 (260267) – Server-Side Image Map Components Vulnerability

Download SRP1

To get more information about the security rollup and to download the package – 299444
Note for Hebrew Enabled users: Please make sure you select HEBREW from the drop down list of available languages!