Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft News Update

Posted by ryuzaki0 on from the fun-for-the-whole-family dept.

Microsoft news of the past few days: Media Player 9 is the subject of a few articles, including one on its integrated digital restrictions and one on changes in its privacy options. Microsoft is releasing certain API's, and is releasing a service pack for Windows XP, under the requirements of its antitrust settlement with the Federal Gov't. On the downside, code to crash any modern Windows machine with NetBIOS enabled is now floating around the net, and there's been more publicity of the vulnerabilities in Microsoft IIS/SSL.

14 of 498 comments (clear)

  1. Also by asv108 · · Score: 5, Informative

    According to this article anyone using cracked WPA activation or certain serial numbers will not be allowed to use windows update or install SP1. This will apparently not affect the OEM copies that have been floating around for month before the windows XP release date.

  2. MS02-045, patch available? by edgrale · · Score: 5, Informative

    Are we talking about MS02-045 ? If you really MUST supply a link to the attack tool you should AT LEAST supply a link to the fix as well!

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    1. Re:MS02-045, patch available? by Kraegar · · Score: 4, Informative

      And MS02-045 is part of the "critical updates" so any machine that is up to date with Microsoft's security patches is already protected against this fix. I tested it out here at the office against several machines, patched and unpatched.

  3. Why not add a link to the patch as well, Slashdot? by Otis_INF · · Score: 5, Informative

    http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/bulletin/MS02-045.asp

    But I assume it's 'better' to let people suffer instead of helping them out, is it? You dont have to post links to security bulletins, but if you post a link to a DoS tool, why not supply the link to the patch as well, to let the reader decide if he/she wants to be vulnerable or not.

    (good system administrators have already disabled TCP/IP over Netbios (disable Tcp/IP over NetBios helper service) of course and stopped the server service as well, on online systems, among other netbios related crap which is not needed on the internet (NetBios package: "whohoo a router, what's that!")

    --
    Never underestimate the relief of true separation of Religion and State.
  4. 11 components of XP automatically download by burgburgburg · · Score: 4, Informative

    According to the Microsoft whitepaper found here, there are 11 components of XP that automatically download material from the Internet. If you've ever clicked the "always trust Microsoft" box (something unlikely here, I realize, but many have), then things like Media Player will download and install new media codecs without any notice, for example. Another thing that we're all concerned with relate to DRM: a built in feature of XP will silently download and install "revocation lists", which list programs that are not allowed to play DRM-encoded content.

  5. Re:Oh that's very responsible of you, SlashDot by Your_Mom · · Score: 3, Informative

    You mean like the fix that was out August 22nd?

    --
    Objects in the blog are closer then they ap
  6. About that NetBIOS over IP exploit by Anonymous Coward · · Score: 5, Informative

    From Russ at BugTraq:

    Before too many more messages;

    1. SMBDie = RedButton = Wow, incredibly talented programmer. This sure was a tool we needed.

    2. If RestrictAnonymous is set, non-authenticated users can't use it, any authenticated user can.

    3. If you're in an environment where any old computer connected to your network can use TCP139/TCP445, set up a sniffer (Network Monitor works) and watch for the source of the traffic. Then beat that person over the head with their PC. Do that either before or after you patch your systems with MS02-045. If more testing of the patch is required, beat them a little every day until your testing is complete.

    4. If you're in an environment where you have TCP139/TCP445 open to the Internet, you don't need NTBugtraq, you need Dr. Phil. Buy a $50 Linksys router and put it in front of your machine and use it to block all but those few you really want open (which doesn't include those two).

    5. Randy Hinders suggests that disabling NetBIOS over TCPIP works, I'm not yet 100% convinced. Either way, it should be easier to apply the patch than disabling NetBIOS over TCPIP.

    The MS Security Bulletin honestly did do a great job of explaining all of this, more people should read it more carefully.

    Cheers,
    Russ - NTBugtraq Editor

  7. Re:Roblimo I Am Calling You Out by Sludge · · Score: 5, Informative

    I have to second this. I've been reading slash since 1997 (user ID underscores the fact that I recall the day users were added), and Michael is the reason that I've started paying attention to the fact that slashdot has different editors at all (with the exception of Katz, whom I appreciate from time to time).

  8. Re:Uhhh.... by ThePilgrim · · Score: 3, Informative

    Actually no,

    Hide and remove are diffrent concepts. Just because the IE icon is not on the desktop does not meen that my program can't pullin the IE HTML render object, because the code will still be there on the box

    --
    Wouldn't it be nice if schools got all the money they wanted and the army had to hold jumble sales for guns
  9. Re:No, that's wrong. by stubear · · Score: 3, Informative

    Windows needs it so they ship it with Windows already. IE the application can be removed. IE the underlying HTML rendering engine is intertwined with Windows and third party applications such that its removal would break applcations. The nine states are using the courts to dictate tehcnology Microsoft's competitors don't agree with. There is nothing that preculdes me from using Mozilla on my Windows XP system and completely ignore the existence of IE.

  10. Re:My MS Activation Story: True Story. by dacetone · · Score: 3, Informative

    Yeah. It happens. MSDN subscribers were the bane of working for MPA (product activation) because they cause the most problems, and expect us to fix them. We don't generate keys. We don't know how to, or get paid enough to troubleshoot. All we do is get read a string of numbers, and read one back. When we get an error, we read from a script. We don't even work for Microsoft.

    --
    Just follow the day, and reach fo
  11. Re:Oh that's very responsible of you, SlashDot by bhsx · · Score: 4, Informative

    I just installed a fresh w2k last night, after not being able to get my ATI All in Wonder Radeon 7500 to work with XF86 (what's with that? btw... tried RH7.3, Mdk8.2, and Lycoris to no avail, although they all recognized the card). The only things installed thus far are the OS and the ATI drivers/apps (for running the USB remote and such). I can assure you that this binary took the box out as quick as I could hit enter.

    --
    put the what in the where?
  12. NetBIOS, not NetBEUI by fizbin · · Score: 3, Informative

    NetBIOS (I admit that the name has meant a few different things as it evolved) is not the same as NetBEUI. NetBEUI is a layer 2 protocol, and is not propogated by most routers. (unless the "router" is really an ethernet bridge in disguise)

    NetBIOS is a programming interface implemented as a bunch of packet types which can be sent out either over NetBEUI or over IP. (sitting mostly on top of TCP, though I think some packets are sent out with UDP). IP is extremely routable.

  13. Re:Netbios... by Jeremy+Allison+-+Sam · · Score: 3, Informative

    Yeah but the design of Samba is such that if you do this you only irritate yourself. If you do this on a Windows box you irritate everyone else using it as a fileserver.

    Jeremy Allison,
    Samba Team.