December 2004 - Posts
December 14, 2004
Today Microsoft released the following Security Bulletin(s).
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletin Summary:
http://www.microsoft.com/technet/security/Bulletin/ms04-dec.mspx
Important Bulletins:
Vulnerability in WordPad Could Allow Code Execution (885836)
http://www.microsoft.com/technet/security/Bulletin/ms04-041.mspx
Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service (885249)
http://www.microsoft.com/technet/security/Bulletin/ms04-042.mspx
Vulnerability in HyperTerminal Could Allow Code Execution (873339)
http://www.microsoft.com/technet/security/Bulletin/ms04-043.mspx
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)
http://www.microsoft.com/technet/security/Bulletin/ms04-044.mspx
Vulnerability in WINS Could Allow Remote Code Execution (870763)
http://www.microsoft.com/technet/security/Bulletin/ms04-045.mspx
Re-released Bulletins:
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
http://www.microsoft.com/technet/security/Bulletin/ms04-028.mspx
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
As with Windows XP SP2, Windows Server 2003 SP1 will focus heavily on security. Here are the top 10 reasons to apply the update:
Reduce your servers attack surface.
Security Configuration Wizard (SCW), one of the new features added to Windows Server 2003 in Service Pack 1 (SP1), uses an intuitive, role-based process to guide administrators through reducing the attack surface. With SCW you can disable unused services easily and quickly, block unnecessary ports, modify registry values, and configure audit settings.
Help protect newly installed servers.
In today's security environment there is a continual search for new and potentially exploitable system vulnerabilities. Post-Setup Security Updates (PSSU), another new feature of Windows Server 2003 SP1, blocks all incoming traffic to newly installed servers until the latest patches to Windows Server 2003 are downloaded and applied. PSSU also guides configuration of Automatic Updates when you first log on.
Get firewall protection from startup to shutdown.
Windows Firewall, the same core firewall technology in Windows XP Service Pack 2, is built into Windows Server 2003 SP1. Windows Firewall in Windows Server 2003 SP1 allows granular control over server and client computers through the use of Group Policy. Moreover, Windows Firewall provides boot-time protection, lowering the risk of attack just after a server is started up and while it is shutting down.
Bolster your defenses with "no execute" hardware support and software.
Data execution prevention (DEP) is a set of hardware and software technologies that performs additional checks on memory to help protect against exploitation of your system by malicious code. Windows Server 2003 SP1 fully utilizes the DEP capabilities built into servers by many manufacturers and further augments those capabilities with DEP software of its own.
Help protect your system services with stronger default settings and reducing privileges.
Services such as remote procedure call (RPC) and DCOM are integral to Windows Server 2003 and make an attractive target for hackers. By requiring greater authentication for calls of these services, Windows Server 2003 Service Pack 1 helps establishe a minimum threshold of security for all applications that use these services, even if they possess little or no inherent security.
Isolate out-of-date virtual private network (VPN) assets.
VPN Quarantine automatically provides the means for limiting network access for machines on virtual private networks that are not current with regards to security updates. This prevents you from having to write your own ad hoc scripts to affect this facet of sound network security.
Monitor and audit your Internet Information Services (IIS) configuration settings.
The metabase is the XML-based, hierarchical store of configuration information for Internet Information Services 6.0. The ability to audit this store allows network administrators to see which user accessed the metabase in case it becomes corrupted.
Leverage the power of 64-bit extended systems.
Windows Server 2003 SP1 extends Windows Server 2003 security capabilities to 64-bit hardware, making Windows Server 2003 the OS for the next generation of servers.
Help Secure Internet Explorer.
Internet Explorer now contains many enhancements to help secure Windows Server 2003. Among them, Internet Explorer more effectively stops downloads of spurious files and prevents Web pages from accessing cached objects.
Avoid potentially unsafe e-mail.
Windows Server 2003 SP1 includes additional refinements to protect the network. With Outlook Express you can now open mail in plain-text mode, preventing HTML messages from running malicious code. Outlook Express prevents e-mail from downloading external content, stopping a means by which spam senders can validate your e-mail address. Outlook Express also checks e-mail attachments with Attachment Manager, eliminating the need for your own custom code to do so.
Note that I personally don't really count these last two. While these are good improvements to IE and OE, web browsing and checking email are not things one should be doing on ones server.
You can get more info on the RC here:
http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/default.mspx
This document describes changes in functionality:
http://www.microsoft.com/downloads/details.aspx?familyid=c3c26254-8ce3-46e2-b1b6-3659b92b2cde&displaylang=en
The following KB article has been updated with more information on how to configure IPSec filters in regards to this issue as well as a link to a script that can be used to configure these IPSec filters:
http://support.microsoft.com/kb/890710
Overview
This Hector Protector™ button has been created by the NetSafe® Programme of New Zealand to help keep children safe online. The function of this button is to give a child the ability to quickly cover the screen of the computer with a screensaver of Hector Protector™ when they encounter material that frightens or upsets them. With a click of the button, the problem is covered over by Hector until a trusted adult can come and deal with the situation. Hector also gives children very positive feedback for using the button and talking with an adult about the problem.
Download here:
http://www.microsoft.com/downloads/details.aspx?familyid=633b69e8-e64f-4bd9-8498-3875c5b5e741&displaylang=en
Today Microsoft released the following Security Bulletin(s).
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletin Summaries:
Windows : http://www.microsoft.com/technet/security/bulletin/ms04-dec.mspx
Critical Bulletins:
MS04-040 - Cumulative Security Update for Internet Explorer (889293)
http://www.microsoft.com/technet/security/bulletin/MS04-040.mspx
This DOES NOT represent our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.