Microsoft VM builds prior to build 3318 allow access to ActiveX controls that
should not be available (discovered in Oct 2000). See Q275609 and MS00-075 for background on the vulnerability. There are
upgraded versions of the VM for all OS versions supporting IE.
No big deal but there is a new trojan that does significant damage to the
Windows registry IF you have windows scripting host (which W2K does and NT if
you installed it):
Trojan horse breaks Windows PCs
To see if you are vulnerable and need to upgrade your VM in IE:
- Click Start
- Click Run
- Type cmd and hit the enter key
- At the command prompt, type jview and hit the enter
key
The version information will be at the right of the topmost line. It will
have a format like “5.00.xxxx”, where the “xxxx” is the build number. When I run
this on my W2K commandline running IE6, I see:
Microsoft (R) Command-line Loader for Java Version 5.00.3802
Thus my build number is 3802. OK, now I know the build number. How do I tell
if I’m affected? Any build 2000-2441 is vulnerable as well as obsolete where as
any builds 3000-3187 are vulnerable. If your VM is vulnerable, download a non-vulnerable
VM
