Mexico Connect
Forums  > Specific Focus > Technical Mexico


DavidMcL


Feb 11, 2003, 11:07 AM

Post #1 of 4 (1648 views)

Shortcut

Security updates for Win XP-pro - they scare me . . .

Can't Post | Private Reply
I am using a wireless connection.
Some of Billie's security updates have destroyed my wireless connection settings.

I am now faced with some more.
Should I install these or not:

1. SECURITY: Flaw in SMB Signing in Windows XP


The SMB (Server Message Block) is a file-sharing protocol that can be digitally signed in Windows 2000 and XP. A flaw exists in the Windows XP implementation of the SMB protocol that would allow a malicious user to send unsigned information between a server and client machine. Microsoft rates this vulnerability as being a moderate security risk.

2. SECURITY: Unchecked Buffer in Windows Redirector


Microsoft has released a patch eliminating a security vulnerability in Windows XP. A security vulnerability exists in the implementation of the Windows Redirector in Windows XP because an unchecked buffer is used to receive parameter information. By providing malformed data to the Windows Redirector, an attacker could cause the system to fail, or if the data was crafted in a particular way, could run code of the attacker’s choice. After downloading and applying this patch, your computer will no longer be susceptible to this vulnerability.


3. SECURITY: Unchecked Buffer in Windows XP SP1 Shell


Microsoft has released a patch eliminitating a security vulnerability in Windows XP. An unchecked buffer exists in one of the functions used by the Windows Shell to extract custom attribute information from audio files. The security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw. After downloading and installing this patch, affected computers will no longer be susceptible to this vulnerability.


Any concrete advice will be welcomed.

David

(This post was edited by davidmcl on Feb 11, 2003, 11:10 AM)



DavidMcL


Feb 17, 2003, 1:50 PM

Post #2 of 4 (1613 views)

Shortcut

Re: [davidmcl] Security updates for Win XP-pro - they scare me . . .

Can't Post | Private Reply

In Reply To
I am using a wireless connection.
Some of Billie's security updates have destroyed my wireless connection settings.

I am now faced with some more.
Should I install these or not:

1. SECURITY: Flaw in SMB Signing in Windows XP -ANSWER = NO

2. SECURITY: Unchecked Buffer in Windows Redirector -ANSWER = YES

3. SECURITY: Unchecked Buffer in Windows XP SP1 Shell -Answer = YES

I know I am answering my own question, but this is the info I was given privately.

David
David McL
WebJefe


DavidMcL


Feb 17, 2003, 5:44 PM

Post #3 of 4 (1595 views)

Shortcut

Re: [davidmcl] Security updates for Win XP-pro - they scare me . . .

Can't Post | Private Reply
No problems - for once!
Thanks!
David McL
WebJefe


Mike Riley

Feb 18, 2003, 1:19 PM

Post #4 of 4 (1590 views)

Shortcut

Re: [davidmcl] Security updates for Win XP-pro - they scare me . . .

Can't Post |
Dave: You will be interested in this Windows newsletter, that weekly (and sometimes more often) touches on all the latest patches and security issues, telling us which ones we should trust and why:

http://www.w2knews.com/

In fact, here's a blurb on the SMB flaw:




Really Urgent Patch - Do This Now

I'm not sure if you are aware of the Sunbelt sponsored NTSYSADMIN list. There are about 5,000 front-line, in-the-trenches network and system admins on this list that warn each other for threats and discuss admin problems. August 27, a thread was started up that is urgent and you need to take action right away.

Why? The old "WinNuke" from the evil days of Win95 has reincarnated for NT/W2K/XP and .NET (WinNuke allowed you to shut a system down remotely with about three clicks). Our techies in Sunbelt downloaded it and sure enough we could blow systems up with it. Here is a snippet off the NTSYSADMIN list (which in itself came off another list called ntbugtraq).

Subject: MS02-045 exploit is out

Hi all,

I haven't seen much noise on this list about MS02-045 (Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)), but the implications are very nasty. Any unpatched WinNT/2K/XP or .NET machine on your network that's listening on port 139 and/or 445 can be crashed in about two seconds with a malformed SMB packet. I highly disagreed with Microsoft's assessment that this was only a "moderate" threat level to intranet and desktop systems because the exploit is so easy to perform.

It was bad enough in theory, but now a script-kiddie friendly GUI version of the exploit has been posted on PacketStorm, and it works against all of the above. We worked through the weekend to get a large percentage of our boxes patched - you may have to do the same. You can try for yourself at:
http://www.w2knews.com/rd/rd.cfm?id=020902RN-PacketStorm
[Editor's note] The fact this thing is out now with a GUI and can sit on a desktop as an icon makes it really dangerous. More over, it is infected with the hacktool virus as well, so we tool this link out.

The Patch is here (MS02-45):
http://www.w2knews.com/rd/rd.cfm?id=020902RN-Patch
 
 
Search for (advanced search) Powered by Gossamer Forum v.1.2.4