NLB, IE, Security Hotfixes - 13 Feb 2001

Win2K NLB Hotfix Bundle
Last week, I discussed a hotfix bundle that updates the Windows File Protection (WFP) catalog with 24 security updates. Microsoft has released another hotfix package containing two load-balancing updates that you can apply in one operation. This latest hotfix package includes a fix for a nasty Windows Management Instrumentation (WMI) memory leak and a correction that lets you modify the load weight setting without terminating active client connections. You can download this two-bug bundle, Q278670_Win2K_sp2_x86_en.exe, from the Microsoft Web site. If you haven’t already installed these bug fixes, this bundle gives you an easy way to do so. If you have installed the fixes, this update will save you time and effort if you ever need to reinstall them. See Microsoft article Q278670 for details.

IE Cached Credentials Security Hotfix
I recommend that most of you install the security update for the Cached Web Credentials vulnerability that exists in pre-5.5 versions of Internet Explorer (IE). This update closes a loophole that lets IE forward cached logon credentials (i.e., username and password) entered at a secure Web site to a nonsecure Web site. Microsoft article Q273868 indicates that the security update won't install unless your system runs IE 5.01 Service Pack 1 (SP1). If your system runs an older version of IE, you must update to 5.01 SP1. You can eliminate the vulnerability—and thus the need for the security update—by upgrading directly to IE 5.5. No fix was available when I first wrote about this problem, but as of February 7, you can download an IE patch from the Microsoft Web site.

Network DDE Security Hotfix
Microsoft has released an update that eliminates a vulnerability on systems that use Network Dynamic Data Exchange (DDE) to share resources. The Network DDE service runs in the security context of the Local System. Apparently, the code contains a loophole that a malicious user can exploit to gain SYSTEM permission on the local system, which, of course, eliminates all restrictions on the operations that a user can perform locally. A malicious user can exploit this loophole by running a program locally on the target machine, so this vulnerability exists on all systems that let non-administrators log on interactively and run programs. Download the security update, q285851_win2k_sp3_x86_en.exe, from the Microsoft Web site.

Win2K Server Terminal Services Blue-Screen Fix
A bug in win32k.sys causes Windows 2000 to crash and display a Stop code of 0x00000050 with the message, "Page_fault_in_nonpaged_area." If this system crash is occurring on one or more of your Win2K Server Terminal Services systems, call Microsoft Support for the bug fix. The update contains four files, gdi32.dll, user32.dll, win32k.sys, and winsrv.dll; the files have a release date of January 30. Microsoft article Q281132 doesn't provide any details about the source of the problem or the solution.

SMS 2.0 SP3 Released
Systems Management Server (SMS) 2.0 administrators anxiously awaiting SP3 need wait no longer— the service pack is now available for download from Microsoft. You must upgrade directly from SP2 to SP3, so if you run an older version, you must first upgrade to SP2 and then install SP3. Microsoft article Q281829 states that you can install SP3 using several different methods, including

  • creating a new secondary site
  • installing the SMS Administrator console
  • upgrading a primary site from an existing SMS 2.0 SP2 site
  • upgrading a secondary site from an existing SMS 2.0 SP2 secondary site
  • upgrading the SMS Administrator console from an existing SMS 2.0 SP2 console

SP3 also lets you remove, modify, and reset an existing SP3 site. If you must upgrade an SMS 2.0 primary site, secondary site, or Administrator console that's not running SP2, you must first upgrade to SP2 and then upgrade to SP3. If you don’t have SP2, you can order it from Microsoft or download it directly from the Microsoft Web site. ( To avoid problems, Microsoft recommends that you read the release notes and the readme files before you proceed with the update. To check out the release notes, go to the Microsoft Web site.

To review the operations guide, go to the Microsoft Web site. To ensure that you have a copy, Microsoft also includes both of these files in the downloadable service pack image.

Does Ethan Frome Own Your Documents?
According to Microsoft article Q283810, a familiar Microsoft Office 97 virus is making a comeback in Word 2000. I’ve seen the virus repeatedly in documents people send me. If you place your cursor over a Word document in Windows Explorer and the text that appears lists the file's owner as Ethan Frome, you should run antivirus software to clean up your system. Another symptom of this virus is the presence of a file named "Ethan.___" in the root folder of drive C. This virus is annoying but pretty harmless.

RegClean Utility Runs on Win2K
RegClean analyzes keys that reside in the registry's HKEY_CLASSES_ROOT area. Many of these keys are critical to proper OLE functioning. Over time, as you install, remove, and reinstall software, keys that define how certain objects should behave can become corrupted. When this corruption occurs, objects behave incorrectly and you experience problems when you embed or link to objects (e.g., when you insert a spreadsheet in a Word document or a PowerPoint presentation). RegClean finds keys that contain erroneous values, and, after recording those entries in an undo.reg file, it removes the keys from the registry. This utility doesn't fix every known problem with the registry and can't fix a registry that's corrupt; it only fixes problems with standard entries located in HKEY_CLASSES_ROOT.

RegClean ignores any registry entries that it doesn't understand or that might be correct. When it makes corrections, the utility creates an undo file named "UNDO computer name yyyymmdd hhmmss.REG." If the corrections cause problems, you can easily restore the previous registry data by double-clicking the undo file or running it from a command prompt.

This utility isn't a cure-all, but RegClean can correct object-related problems that you might encounter in Microsoft Office. When I downloaded and ran the utility on my Win2K Advanced Server (Win2K AS) system, RegClean scoured the registry for a minute or two and then asked me whether I wanted to correct the problems it found. The utility didn't identify the nature or the extent of the problems, but when I clicked OK to perform the repairs, RegClean finished up in just a few seconds.

I presume that object problems are more prevalent in older version of Office but that these problems can occur in later versions. Why else would Microsoft make RegClean compatible with Win2K? Microsoft article Q147769 ( indicates that RegClean 4.1a runs on Win2K, NT, Windows Millennium Edition (Windows Me), and Windows 9x. Microsoft originally introduced the tool for Office 97. You can download RegClean from the Microsoft Web site.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.