Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft News Update

Posted by ryuzaki0 on from the fun-for-the-whole-family dept.

Microsoft news of the past few days: Media Player 9 is the subject of a few articles, including one on its integrated digital restrictions and one on changes in its privacy options. Microsoft is releasing certain API's, and is releasing a service pack for Windows XP, under the requirements of its antitrust settlement with the Federal Gov't. On the downside, code to crash any modern Windows machine with NetBIOS enabled is now floating around the net, and there's been more publicity of the vulnerabilities in Microsoft IIS/SSL.

8 of 498 comments (clear)

  1. Also by asv108 · · Score: 5, Informative

    According to this article anyone using cracked WPA activation or certain serial numbers will not be allowed to use windows update or install SP1. This will apparently not affect the OEM copies that have been floating around for month before the windows XP release date.

  2. MS02-045, patch available? by edgrale · · Score: 5, Informative

    Are we talking about MS02-045 ? If you really MUST supply a link to the attack tool you should AT LEAST supply a link to the fix as well!

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    1. Re:MS02-045, patch available? by Kraegar · · Score: 4, Informative

      And MS02-045 is part of the "critical updates" so any machine that is up to date with Microsoft's security patches is already protected against this fix. I tested it out here at the office against several machines, patched and unpatched.

  3. Why not add a link to the patch as well, Slashdot? by Otis_INF · · Score: 5, Informative

    http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/bulletin/MS02-045.asp

    But I assume it's 'better' to let people suffer instead of helping them out, is it? You dont have to post links to security bulletins, but if you post a link to a DoS tool, why not supply the link to the patch as well, to let the reader decide if he/she wants to be vulnerable or not.

    (good system administrators have already disabled TCP/IP over Netbios (disable Tcp/IP over NetBios helper service) of course and stopped the server service as well, on online systems, among other netbios related crap which is not needed on the internet (NetBios package: "whohoo a router, what's that!")

    --
    Never underestimate the relief of true separation of Religion and State.
  4. 11 components of XP automatically download by burgburgburg · · Score: 4, Informative

    According to the Microsoft whitepaper found here, there are 11 components of XP that automatically download material from the Internet. If you've ever clicked the "always trust Microsoft" box (something unlikely here, I realize, but many have), then things like Media Player will download and install new media codecs without any notice, for example. Another thing that we're all concerned with relate to DRM: a built in feature of XP will silently download and install "revocation lists", which list programs that are not allowed to play DRM-encoded content.

  5. About that NetBIOS over IP exploit by Anonymous Coward · · Score: 5, Informative

    From Russ at BugTraq:

    Before too many more messages;

    1. SMBDie = RedButton = Wow, incredibly talented programmer. This sure was a tool we needed.

    2. If RestrictAnonymous is set, non-authenticated users can't use it, any authenticated user can.

    3. If you're in an environment where any old computer connected to your network can use TCP139/TCP445, set up a sniffer (Network Monitor works) and watch for the source of the traffic. Then beat that person over the head with their PC. Do that either before or after you patch your systems with MS02-045. If more testing of the patch is required, beat them a little every day until your testing is complete.

    4. If you're in an environment where you have TCP139/TCP445 open to the Internet, you don't need NTBugtraq, you need Dr. Phil. Buy a $50 Linksys router and put it in front of your machine and use it to block all but those few you really want open (which doesn't include those two).

    5. Randy Hinders suggests that disabling NetBIOS over TCPIP works, I'm not yet 100% convinced. Either way, it should be easier to apply the patch than disabling NetBIOS over TCPIP.

    The MS Security Bulletin honestly did do a great job of explaining all of this, more people should read it more carefully.

    Cheers,
    Russ - NTBugtraq Editor

  6. Re:Roblimo I Am Calling You Out by Sludge · · Score: 5, Informative

    I have to second this. I've been reading slash since 1997 (user ID underscores the fact that I recall the day users were added), and Michael is the reason that I've started paying attention to the fact that slashdot has different editors at all (with the exception of Katz, whom I appreciate from time to time).

  7. Re:Oh that's very responsible of you, SlashDot by bhsx · · Score: 4, Informative

    I just installed a fresh w2k last night, after not being able to get my ATI All in Wonder Radeon 7500 to work with XF86 (what's with that? btw... tried RH7.3, Mdk8.2, and Lycoris to no avail, although they all recognized the card). The only things installed thus far are the OS and the ATI drivers/apps (for running the USB remote and such). I can assure you that this binary took the box out as quick as I could hit enter.

    --
    put the what in the where?