The Microsoft Virtual Machine (VM) code in all Windows platforms (and in many versions of Microsoft Internet Explorer—IE) is vulnerable to security breaches. During the past year, Microsoft published several updates that address security problems in the VM component, and the April 14 Microsoft Security Bulletin MS03-011 (Flaw in Microsoft VM Could Enable System Compromise) adds yet another VM hotfix to the list. The newest patch addresses a vulnerability in the procedure that Java uses to examine executable code when the processor loads a Java applet. A malicious user can exploit this loophole by constructing an applet that loads code of the attacker's choice. The code activates when the system executes the Java applet at a Web site or when you read HTML-formatted email that contains the malicious Java code. This vulnerability is mitigated by the fact that a malicious user can run code only in the context of the logged-on user but not with full system privileges.
All VM versions including version 3810 and earlier are vulnerable to this exploit. To determine the current VM version, open a command prompt and type
You should see text similar to the lines below. The current version appears at the end of the first line of the output. In this example, the VM version number is 5.00.3809.
Java Version 5.00.3809 Copyright (C)
Microsoft Corp 1996-2000. All rights reserved.
The Windows 2000 hotfix is 2.3MB and contains a new version of eight files that implement Java applications. You can obtain the Win2K version at the Microsoft download center and the Windows Update catalog. If you use the download center link, be sure you select the language version appropriate for your systems. To use the catalog, click the Catalog link in the left hand pane at the Windows Update page, select the platform for which you want to download the hotfix, click Advanced search options, and enter 816093 as the search string. For other platforms, including Windows XP, Windows NT, and Windows 9x, you must download the platform-specific hotfix through the Windows Update catalog.
To install the hotfix in one operation, double-click the download file or type the name of the download file at a command prompt. Alternatively, you can expand the hotfix with the /c and /t options to a temporary directory such as e:\q816093, change to the e:\q816093\update folder, and run update.exe at a command prompt. This method starts the Win2K Setup Wizard. If you run the Jview command after you install the hotfix but before you reboot, Jview displays the new version number 5.00.3810. However, the actual file replacement doesn't occur until you restart the system. If you use the Setup Wizard to install the hotfix, be aware that the wizard doesn't force a reboot, so you’ll need to restart the system manually. As with most VM updates, this hotfix isn't removable.
Computer Account Password Fix
If you use the password filter to force users to select complex passwords, the filter can interfere with setting the password for a computer account in situations such as when you add a system to a domain. The password filter is supposed to ensure users select more secure passwords. The filter algorithm requires all passwords to contain a minimum of eight characters, including one nonalphanumeric character such as a punctuation mark. If you run the password filter (password.dll) and you see the error message 0xc000006c (Password Restriction) when you create a computer account, the password filter is most likely causing the problem. Although the documentation lacks details, it does state that Win2K incorrectly invokes the filter when you create a computer account. Microsoft Product Support Services (PSS) has a bug fix that resolves this problem. The fix updates 24 key files, including Kerberos, SAM, and DNS components; the newest files in this update have a file release date of March 6. When you call PSS, cite the Microsoft article "Computer Account Password Causes Error Message '0xc000006c (Password Restriction)'" at as a reference.
Remote Registry Service Bug Fix
The remote registry service lets you query and modify the registry on a remote system (as compared with running a registry editor locally). You access this service every time you load the registry of a remote system into a registry editor, when you remotely alter systems with script that writes values to the registry, and when you run Performance Monitor on a remote system. According to the Microsoft article "Multiple Memory Leaks in Remote Registry Service", when you run Performance Monitor to monitor a remote system, the remote registry service leaks memory every time you load and unload performance counters. If this problem occurs on systems you support, you might be able to release the memory by restarting the remote registry service, and a reboot will clear up the problem. To permanently correct the problem, you need to install the fix Microsoft released last week, which contains new versions of 11 OS components, the most recent of which have an April 8 file release date.