- The Windows 2000\XP\.NET Resource Index
Home | About Us | Search

Last Updated December 16, 2003

Windows 2003
Windows 2000
Windows XP
Book Reviews
Career Tools
Device Drivers
Hardware Guides
MCSE Toolkit
Service Packs
  Articles & Whitepapers
  Books on Security
  Disaster Recovery
  FAQ's & Tutorials
  Incident Response
  Intrusion Detection
  Legal Resources
  Online Seminars
  Password Security
  Penetration Testing
  Security Links
  Securing Networks
  Social Engineering











Vulnerabilities and Exploits

You have to know where the holes are in Windows 2000 and your network if you're going to plug them, and new ones are found everyday. Here's where to find the best info on the web.
Resource Links

BugNet is the world's leading provider of software bug fixes. Features monthly in-depth analysis, insightful commentary, and over 300 new software bug fixes from top vendors, including Microsoft, Netscape, Novell, Lotus, Apple, Adobe, Red hat, and Sun Microsystems. Between monthly issues, they also deliver up-to-the-minute bug alerts, exposing and validating today's nastiest software goofs and glitches.

Cisco Network Security Solutions
Articles, advice, and more from Cisco.

Common Vulnerabilities  
A brief summary of common system vulnerabilities and what to do about them.

Fyodor's Exploit World at  
Links to hacks and exploits on various operating systems

Known NT Exploits 
A well done site with vulnerability explanations by category.

L0pht Advisories
The latest security holes from the brilliant crew that brought you Lophtcrack

Microsoft's Security Advisor  
By the time it's posted here, it's old news to the Internet. But this is still where you need to go to get the patches, workarounds, and "official" advice.

Netcraft Security Diary  
A list of the most recent security alerts from several sources.

NT BugTraq 
A mailing list for the discussion of security exploits and bugs in Windows NT by Russ Cooper.

NT Exploit(ed) Page
A personal list of favorite NT Exploits by Donald Meyer

NT Security News 
This page should be a daily stop for all NT Admins. Very up to date. Great information specific to Windows NT. Find out about the latest vulnerabilities and fixes.  
Security alerts, vulnerabilities, news and more.

Shake Vulnerability Database  
If you're serious about keeping up to date on system vulnerabilities, this is one of the best and largest databases around - but it ain't cheap!.($3,000/year)

Addressing DoS Vulnerabilities
Last month, Microsoft published an article that documents five registry modifications you can use to reduce Windows 2000's TCP vulnerability to a variety of Denial of Service (DoS) attacks. These guidelines are appropriate for Win2K systems connected to a WAN or to the Internet and for sites that operate under strict security controls. Source: Windows & .NET Magazine (Feb 2002)

Barbarians at the Gate: An Introduction to Distributed Denial of Service Attacks
This article will explain the concept of DDoS attacks, how they work, how to react if you become a target, and how the security community can work together to prevent them. Source: SecurityFocus (December 2002)

Big Risks to Windows-based Networks
Columnist Mark Edwards discusses what he thinks are the biggest software-related risks to a Windows-based network. Source: Windows & .NET Magazine (June 2000)

Hacking Techniques  
An excellent primer on common techniques from

IP Spoofing: An Introduction
IP spoofing allows an attacker to gain unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by ©spoofing? the IP address of that machine. In this article, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it. Source: SecurityFocus (March 2003)

How DNS Can Divulge Sensitive Information
An indispensable directory service may be giving away your secrets. Source: Network Magazine (March 1999)

Keeping SNMP's Secrets Safe
A useful network service can also prove useful to attackers. Source: Network Magazine (April 1999)

NT Vulnerabilities  
By Paul E. Proctor Windows NT Systems Magazine. November 1998

Security Threats: Motives and Methods.  
An overview of general network threats by Diane Levine in Planet IT, Oct. 1999

Social Engineering Fundamentals, Part I: Hacker Tactics
Security is all about trust. Trust in protection and authenticity. Generally agreed upon as the weakest link in the security chain, the natural human willingness to accept someone at his or her word leaves many of us vulnerable to attack. Many experienced security experts emphasize this fact. No matter how many articles are published about network holes, patches, and firewalls, we can only reduce the threat so much... and then it©s up to Maggie in accounting or her friend, Will, dialing in from a remote site, to keep the corporate network secured.
Source: SecurityFocus (Dec 2001)

Source Address Spoofing
Source address spoofing is often misunderstood, and therefore a cause for concern. Learn more about what to do to protect yourself. Source: Microsoft TechNet

The Dangers of PPP 
Summary: PPP means you don't need a cable or DSL modem to be vulnerable to hacking. Find out what the dangers are and how to protect yourself.

The Evolution of an Exploit
A quick look at how security holes are discovered, reported, and exploited. Source: Network Computing (April 2000)

Think You're Safe from Sniffing?
Columnist Mark Edwards talks about a handful of available tools that might make your network traffic vulnerable to sniffing. Source: Windows & .NET Magazine (June 2000)

UNC Path Can Be Used to Start Programs by Using .chm Files
Microsoft Knowledge Base Article: 259166 - The HTML Help facility provides the ability to start code by using shortcuts included in HTML Help files. If a compiled HTML Help (.chm) file were referenced by a malicious Web site, it could be used to start code on a visiting user's computer. 

Unofficial NT Hack FAQ  
An FAQ for Hackers on how to break NT security. A useful primer for SysAdmins. From Simple Nomad.

Entire contents
© 1999-2003 and TechTarget
All rights reserved

This site and its contents are Copyright 1999-2003 by Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with The products referenced in this site are provided by parties other than makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.