Microsoft Security Bulletin (MS00-072)

Print

Patch Available for 'Share Level Password' Vulnerability

Originally posted: October 10, 2000

Summary

Microsoft has released a patch that eliminates a security vulnerability in Microsoft® Windows 95, 98, 98 Second Edition, and Windows Me. The vulnerability could allow a malicious user to programmatically access a Windows 9x/Me file share without knowing the entire password assigned to that share.

Affected Software:

• Microsoft Windows 95
• Microsoft Windows 98
• Microsoft Windows 98 Second Edition
• Microsoft Windows Me

Patch availability

Download locations for this patch

• Microsoft Windows 95
  http://download.microsoft.com/download/win95/Update/11958/W95/EN-US/273991USA5.EXE
• Microsoft Windows 98 and 98 Second Edition
  http://download.microsoft.com/download/win98SE/Update/11958/W98/EN-US/273991USA8.EXE
• Microsoft Windows Me
  http://download.microsoft.com/download/winme/Update/11958/WinMe/EN-US/273991USAM.EXE
• Microsoft Windows 98 or later to receive the latest critical updates go to
  http://windowsupdate.microsoft.com
• To clean the "w32.opaserve" worm download and run the file at
  http://securityresponse.symantec.com/avcenter/FixOpsrv.exe
  For more information view the Symantec site at
  http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.removal.tool.html