May 2005 - Posts
May 10, 2005
Today Microsoft released the following Security Bulletin(s).
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletin Summary:
http://www.microsoft.com/technet/security/Bulletin/ms05-may.mspx
Important Bulletins:
Vulnerability in Web View Could Allow Remote Code Execution (894320)
http://www.microsoft.com/technet/security/Bulletin/ms05-024.mspx
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
Wi-Fi Protected Access 2 (WPA2) support now available.
KB article with full details:
http://support.microsoft.com/kb/893357
Download location:
http://www.microsoft.com/downloads/details.aspx?familyid=662bb74d-e7c1-48d6-95ee-1459234f4483&displaylang=en
Windows XP SP2 is required and your wireless access point also has to support WPA2 so you may want to check your vendors site for new firmware.
Update: thanks to Eric Cross (Networking MVP) for pointing out this excellent article on WPA2 by our own Cable Guy:
http://www.microsoft.com/technet/community/columns/cableguy/cg0505.mspx
Just released on the download center. There is some great information here on assessing network security, security risk management and a two part presentation on thinking like a hacker.
http://www.microsoft.com/downloads/details.aspx?familyid=a171f0e2-cfbe-47a8-8d84-fc8399ac1f6c&displaylang=en
This is a very easy to follow high level overview of the Windows Firewall for home users.
It has a quick intro explaining very simply what a firewall does, information on how to adjust the firewall settings and using the exceptions tab.
By now, I'm sure most people know that the Windows Firewall does not do any outbound blocking. Just to refresh, the only thing besides inbound connections that gets blocked are attempts by applications to open a port and listen on it for inbound connections.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
A friend of mine, Sanjay Puri, who used to be part of the Security Business & Technology Unit (SBTU) is on the team that released this new connector for MBSA. This connector allows you to view the results of an MBSA scan in a Visio network diagram. Kind of cool! Check it out here:
http://www.microsoft.com/downloads/details.aspx?familyid=8ea27d78-32b5-4f37-a7fd-99ee2aa76c62&displaylang=en