Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yet Another Critical Windows Flaw

Posted by michael on from the keep-bailing dept.

Dynamoo writes "Microsoft released yesterday a whole bunch of critical security updates. Out of these, MS03-043 is a flaw in the Windows Messenger Service (not MSN Messenger) with the possibility of a remote attacker gaining complete control of a Windows NT/2000/XP/2003 based PC remotely. If this sounds like another possible vector for a worm to spread, you'd probably be right. Microsoft's recommendation is to 'disable the Messenger Service immediately and evaluate their need to deploy the patch'. Of course a firewall will offer some protection but shouldn't be relied on. At least administrators can disable the Messenger Service remotely. Of course this is another headache for admins still patching for last month's RPC flaw."

3 of 511 comments (clear)

  1. Windows SUS by GangstaLean · · Score: 4, Informative
    Admins on sites exceeding 10 or so workstations may want to look into Windows SUS, Software Update Services (SUS) gives the capability of integrated patch management and centralized patch distribution. This is sort of along the lines of RHN with a centralized console for distributing through a domain.


    It's useful.

    --
    -- Bird in the Bush: The Renewable Energy Blog http://www.birdinthebush.org
  2. Re:Too bad it's such a pain in the ass... by general_re · · Score: 4, Informative
    It could probably be somewhat simpler to disable it, but it's not all that bad. What they could do better is making sure that people know the difference between the Messenger service and the MSN Messenger app, as you seem to suggest.

    Anyway, in case anyone's reading this and doesn't know how to disable Messenger, go to Start -> Settings -> Control Panel -> Administrative tools -> Services. Right-click on Messenger and pull up the properties sheet. On the "general" tab, select "disabled" for "Startup type". Then hit the "Stop" button right under that on the "general" tab to stop the service if it's currently running. That's for 2K - I assume XP is similar.

    --
    ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
  3. Re:Slashdot Moderation by Jellybob · · Score: 4, Informative

    They're having problems with some of their machines, including the one which distributes mod points, running slow.

    Which means that mod points aren't being given to as many people, which means there's less around to take things to +5.

    More details in Taco's Journal.