• On MovieTome: Leaked images from TRANSFORMERS 2?
advertisement15% off XPS M1330 & M1530 laptops
advertisement

Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows Me) MS01-001

Download Now (304.65K)
Tested spyware free

Features

  • License:

    Free

  • Editor's Rating:

    Not rated

  • Average User Rating:

    4.0 stars (out of 18 votes) Rate it!

  • Downloads:

    61,098

  • Requirements:

    Windows Me, Office 2000 NOT installed

  • Limitations:

    No limitations

  • Date Added:

    January 12, 2001

Publisher's description of Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows Me)

From Microsoft:

This patch eliminates a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a Web server.

The Web Extender Client (WEC) is a component that ships as part of Office 2000, Windows 2000, and Windows Me. WEC allows IE to view and publish files via Web folders, similar to viewing and adding files in a directory through Windows Explorer. Due to an implementation flaw, WEC does not respect the IE Security settings regarding when NTLM authentication will be performed. Instead, WEC will perform NTLM authentication with any server that requests it. If a user established a session with a malicious user's Web site, either by browsing to the site or by opening an HTML mail that initiated a session with it, an application on the site could capture the user's NTLM credentials. The malicious user could then use an offline brute-force attack to derive the password or, with specialized tools, could submit a variant of these credentials in an attempt to access protected resources.

The vulnerability would only provide the malicious user with the cryptographically protected NTLM authentication credentials of another user. It would not, by itself, allow a malicious user to gain control of another user's computer or to gain access to resources to which that user was authorized access. In order to leverage the NTLM credentials (or a subsequently cracked password), the malicious user would have to be able to remotely logon to the target system. However, best practices dictate that remote logon services be blocked at border devices, and if these practices were followed, they would prevent an attacker from using the credentials to logon to the target system.

Frequently asked questions regarding this vulnerability can be found here.

Memeo Share
Share photos and videos directly to the desktop.
Download Now
PerfectDisk
Defragment disks, free up space, optimize system performance
Download Now

Most popular Encryption Software downloads

  1. 59,849 downloads 1. RoboForm
  2. 14,756 downloads 2. Hotspot Shield
  3. 4,252 downloads 3. Microsoft Word 2002 Update
  4. 4,237 downloads 4. Folder Lock
  5. 2,572 downloads 5. Actual Keylogger
  6. See all Encryption Software downloads
PaltalkScene 12.61
See, hear, and chat live in video rooms.
Download Now
Memeo AutoBackup
Start backing up your files in less than 60 seconds.
Download Now

User reviews

Submit your review

Log in or create an account to submit your review for:

Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows Me) MS01-001

1. Rate this product:
(Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.)
0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.)
0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.)
0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.)
0 of 5000 characters

The posting of advertisements, profanity, or personal attacks are prohibited.
Click here to review our site terms of use.

Submit

You must be 13 years of age or older to submit personal information to CNET Networks. In compliance with the Children's Online Privacy Protection Act of 1998, CNET Networks does not accept name and e-mail address information from users who are under 13 years of age.

All submitted ratings and written comments become the sole property of CNET Networks, Inc. (CNET) and may be used at CNET Networks' sole discretion. Ratings and written comments are generally posted within two to four business days in batch groups, not in real time. However, CNET Networks reserves the right to remove or refuse to post any submission for any reason. You acknowledge that you, not CNET Networks, are responsible for the contents of your submission.

CNET Networks is not responsible for the content of the publisher's descriptions or user reviews on this site. We encourage you to determine whether this product or your intended use is legal. We do not encourage or condone the use of any software in violation of applicable laws. CNET Download.com does not sell, resell, or license any of the products listed on the site. We cannot be held liable for issues that arise from the download or use of these products.

advertisement
download
Site map
Help center
Our software policies
Newsletters
Submit software
Popular topics
Apple iPhone
Apple iPod
Best hybrid cars
Cell phones
Dell
GPS
CNET sites
CNET TV
Downloads
News
Reviews
Shopper.com
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET