Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft News Update

Posted by ryuzaki0 on from the fun-for-the-whole-family dept.

Microsoft news of the past few days: Media Player 9 is the subject of a few articles, including one on its integrated digital restrictions and one on changes in its privacy options. Microsoft is releasing certain API's, and is releasing a service pack for Windows XP, under the requirements of its antitrust settlement with the Federal Gov't. On the downside, code to crash any modern Windows machine with NetBIOS enabled is now floating around the net, and there's been more publicity of the vulnerabilities in Microsoft IIS/SSL.

5 of 498 comments (clear)

  1. Also by asv108 · · Score: 5, Informative

    According to this article anyone using cracked WPA activation or certain serial numbers will not be allowed to use windows update or install SP1. This will apparently not affect the OEM copies that have been floating around for month before the windows XP release date.

  2. MS02-045, patch available? by edgrale · · Score: 5, Informative

    Are we talking about MS02-045 ? If you really MUST supply a link to the attack tool you should AT LEAST supply a link to the fix as well!

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  3. Why not add a link to the patch as well, Slashdot? by Otis_INF · · Score: 5, Informative

    http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/bulletin/MS02-045.asp

    But I assume it's 'better' to let people suffer instead of helping them out, is it? You dont have to post links to security bulletins, but if you post a link to a DoS tool, why not supply the link to the patch as well, to let the reader decide if he/she wants to be vulnerable or not.

    (good system administrators have already disabled TCP/IP over Netbios (disable Tcp/IP over NetBios helper service) of course and stopped the server service as well, on online systems, among other netbios related crap which is not needed on the internet (NetBios package: "whohoo a router, what's that!")

    --
    Never underestimate the relief of true separation of Religion and State.
  4. About that NetBIOS over IP exploit by Anonymous Coward · · Score: 5, Informative

    From Russ at BugTraq:

    Before too many more messages;

    1. SMBDie = RedButton = Wow, incredibly talented programmer. This sure was a tool we needed.

    2. If RestrictAnonymous is set, non-authenticated users can't use it, any authenticated user can.

    3. If you're in an environment where any old computer connected to your network can use TCP139/TCP445, set up a sniffer (Network Monitor works) and watch for the source of the traffic. Then beat that person over the head with their PC. Do that either before or after you patch your systems with MS02-045. If more testing of the patch is required, beat them a little every day until your testing is complete.

    4. If you're in an environment where you have TCP139/TCP445 open to the Internet, you don't need NTBugtraq, you need Dr. Phil. Buy a $50 Linksys router and put it in front of your machine and use it to block all but those few you really want open (which doesn't include those two).

    5. Randy Hinders suggests that disabling NetBIOS over TCPIP works, I'm not yet 100% convinced. Either way, it should be easier to apply the patch than disabling NetBIOS over TCPIP.

    The MS Security Bulletin honestly did do a great job of explaining all of this, more people should read it more carefully.

    Cheers,
    Russ - NTBugtraq Editor

  5. Re:Roblimo I Am Calling You Out by Sludge · · Score: 5, Informative

    I have to second this. I've been reading slash since 1997 (user ID underscores the fact that I recall the day users were added), and Michael is the reason that I've started paying attention to the fact that slashdot has different editors at all (with the exception of Katz, whom I appreciate from time to time).