Microsoft VM builds prior to build 3318 allow access to ActiveX controls that should not be available (discovered in Oct 2000). See Q275609 and MS00-075 for background on the vulnerability. There are upgraded versions of the VM for all OS versions supporting IE.

No big deal but there is a new trojan that does significant damage to the Windows registry IF you have windows scripting host (which W2K does and NT if you installed it):

Trojan horse breaks Windows PCs

McAfee

Synamtec

To see if you are vulnerable and need to upgrade your VM in IE:

• Click Start
• Click Run
• Type cmd and hit the enter key
• At the command prompt, type jview and hit the enter key

The version information will be at the right of the topmost line. It will have a format like "5.00.xxxx", where the "xxxx" is the build number. When I run this on my W2K commandline running IE6, I see:

Microsoft (R) Command-line Loader for Java Version 5.00.3802

Thus my build number is 3802. OK, now I know the build number. How do I tell if I'm affected? Any build 2000-2441 is vulnerable as well as obsolete where as any builds 3000-3187 are vulnerable. If your VM is vulnerable, download a non-vulnerable VM

defines problems and follows up with concise, detailed solutions

Keywords: windows 2000 tip, windows nt, IE, Internet Explorer,jview, windows xp, vm, bug, virtual machine, upgrade, vulnerability, activeX controls, malicious program, masquerades, Web page, HTML e-mail