Yet Another Critical Windows Flaw

Dynamoo writes "Microsoft released yesterday a whole bunch of critical security updates. Out of these, MS03-043 is a flaw in the Windows Messenger Service (not MSN Messenger) with the possibility of a remote attacker gaining complete control of a Windows NT/2000/XP/2003 based PC remotely. If this sounds like another possible vector for a worm to spread, you'd probably be right. Microsoft's recommendation is to 'disable the Messenger Service immediately and evaluate their need to deploy the patch'. Of course a firewall will offer some protection but shouldn't be relied on. At least administrators can disable the Messenger Service remotely. Of course this is another headache for admins still patching for last month's RPC flaw."

Windows SUS

[GangstaLean]

Admins on sites exceeding 10 or so workstations may want to look into Windows SUS, Software Update Services (SUS) gives the capability of integrated patch management and centralized patch distribution. This is sort of along the lines of RHN with a centralized console for distributing through a domain.

It's useful.

Re:Windows SUS

[mr_z_beeblebrox]

Any ideas anyone?

Read this over and be sure that you understand what it does before you try it, better yet see if you can find it independently. Applying a registry patch from /. would be silly in the extreme. Here is the registry entry:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi ndows\WindowsUpdate]
"WUServer"="http://your.server.com"
"WUStatusServer"="http://your.server.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi ndows\WindowsUpdate\AU]
"RescheduleWaitTime"=dword:00000005
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"NoAutoUpdate"=dword:00000000
"AUOptions"=dword:00000004
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
"UseWUServer"=dword:00000001

Save that to a file called wu.reg or whatever.reg and then merge it with your registry.

Re:Too bad it's such a pain in the ass...

[general_re]

It could probably be somewhat simpler to disable it, but it's not all that bad. What they could do better is making sure that people know the difference between the Messenger service and the MSN Messenger app, as you seem to suggest.

Anyway, in case anyone's reading this and doesn't know how to disable Messenger, go to Start -> Settings -> Control Panel -> Administrative tools -> Services. Right-click on Messenger and pull up the properties sheet. On the "general" tab, select "disabled" for "Startup type". Then hit the "Stop" button right under that on the "general" tab to stop the service if it's currently running. That's for 2K - I assume XP is similar.

Re:Slashdot Moderation

[Jellybob]

They're having problems with some of their machines, including the one which distributes mod points, running slow.

Which means that mod points aren't being given to as many people, which means there's less around to take things to +5.

More details in Taco's Journal.

Re:Yet Another Critical Linux Flaw!

[jweatherley]

Kernel32.dll is not the Windows kernel - that would be ntoskrnl.exe. Kernel32.dll contains the Win32 functions.

Another rabid submitter gets it wrong

[Call+Me+Black+Cloud]

Microsoft released yesterday a whole bunch of critical security updates.

Their new policy is to release monthly updates unless an exploit already exists, in which case a patch is immediately released.

Out of these, MS03-043 is a flaw in the Windows Messenger Service ... Of course a firewall will offer some protection but shouldn't be relied on

You don't know what you're talking about, submitter Dynamoo. Please, tell us why one shouldn't rely on a firewall? If you read the technical documentation about the flaw you see "If users have blocked the NetBIOS ports (ports 137-139) - and UDP broadcast packets using a firewall, others will not be able to send messages to them on those ports." (under "Technical Descriptions"). I think I'll ignore your advice and keep a firewall in place, no matter what OS I'm using.

Slashdot

As much as I like slashdot, as a critical thinker, I have to entirely disregard its claim to be "news" when it is so obviously biased. This is not news, this is propaganda, worse than FOX news at times. Showing MS as a Borg Gates is hardly objective, which ought to be the goal of any self respecting news organization. How about we change the Linux penguin to him molesting small animals or children? That would be just as ludricous as this purported "news" about MS.
Oh, BTW, I *do* use and run Linux (dyneBolic CD), so all you haters can shove it up you know where. One other thing -- I am a programmer, so I know what open source and that is all about, I like it, but I can see its flaws as well, unlike all you other zealots.
I used to like this site more. Too bad its bias ruins its integrity in my eyes, just like FOX news "Fair and Balanced" BS.

Re:What?

[Call+Me+Black+Cloud]

a firewall is not a perfect measure for protecting against this attack...Because some other machine behind the same firewall might become infected

Good point - I was unclear. I should have quoted Microsoft's technical documentation. They specify configuring Windows' built-in firewall to block those ports. If the ports are blocked at each machine then an infected machine behind a hardware firewall will not infect other machines on the LAN.