September 2004 - Posts
Microsoft Learning offers free security clinics and hands on labs all online at:
https://www.microsoftelearning.com/security/
Current clinics include Security Guidance Training I & II and Security Guidance Training for Developers.
Current hands on labs include: Applying Microsoft Security Guidance Training
See site for details.
September 14, 2004
Today Microsoft released the following Security Bulletins.
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletin Summaries:
September Summary
http://www.microsoft.com/technet/security/Bulletin/ms04-sep.mspx
Critical Bulletins:
MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx
Important Bulletins:
MS04-027 - Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)
http://www.microsoft.com/technet/security/Bulletin/MS04-027.mspx
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
I haven't seen a lot of talk about this recently but I recall several months or even a year or so ago that this was a hot topic with all of the new USB flash drives hitting the market. I had some conversations with MVPs and members of the product teams about this. At the time, we didn't have any plans to tighten things down and give the ability to block users from writing to these types of devices but with our SP2 security push, lots of plans got changed.
So, the ability to turn USB storage devices in to ReadOnly devices has been implemented in SP2 through a registry setting.
|
WriteProtect |
HKEY_LOCAL_MACHINE\System\
CurrentControlSet\Control \StorageDevicePolicies |
DWORD=0 |
0 - Disabled
1 - Enabled |
More information here:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2otech.mspx#XSLTsection127121120120
Many of the new features in SP2 can be easily controlled through Group Policy Settings. The following download is a reference for the Group Policy Settings in SP2. Have a look!
Overview
This spreadsheet lists the full set of Group Policy settings described in Administrative Template (.adm) files that shipped with Windows XP SP2. This includes all policy settings supported on the following operating systems: Microsoft Windows Server™ 2003, Windows XP Professional with SP2 or earlier service packs, and Microsoft Windows 2000 with Service Pack 4 or earlier service packs. The spreadsheet includes separate worksheets for each of the .adm files that shipped in Windows XP SP2 , a consolidated worksheet for easy searching, and an Update History worksheet that lists policy settings that have been added since the Windows Server 2003 operating systems were released. Using column filters, you can easily filter the information in the spreadsheet by operating system, component, or machine/user configuration. You can also search for information by using text or keywords. Note: This page will be updated with the latest .adm files associated with pre-release or beta versions of the Windows operating system.
http://www.microsoft.com/downloads/details.aspx?familyid=ef3a35c0-19b9-4acc-b5be-9b7dab13108e&displaylang=en
As you may or may not know, we have implemented a method that will allow corporations to block their systems from downloading SP2 from either Windows Update or Automatic Update. See the following link for details:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2aumng.mspx
Originally this mechanism was only going to be in place for 120 days. This has been extended to 240 days or April 12, 2005 in order to allow customers more time for deployment testing.
The “mechanism” in question is a registry setting that WU/AU looks for. After the 240 period ends, WU/AU will no longer check for that setting.
Share your insights about security with Mike Nash, Vice President for the Microsoft Security Business Unit, and his team of security experts in a candid Q&A session. Ask your tough questions! Tell us what is going well and what needs improvement on September 9, 2:00 P.M. PST, 5:00 P.M. EST, 21:00 UTC/GMT.
Add to calendar: http://www.microsoft.com/communities/chats/vcs/Security_in_Microsoft_sept9.ics
More information: http://www.microsoft.com/communities/chats/exec/default.mspx