Another day, another security concern for Microsoft operating systems. CNET is reporting that Microsoft is issuing patches to squash security holes that are frequently exploited by hackers:

On Tuesday, the software giant released a fix for a networking flaw that affects every computer running Windows NT, Windows 2000, Windows XP or Windows Server 2003. If left unpatched, the security hole could allow a worm to spread quickly throughout the Internet, causing an incident similar to the MSBlast attack last summer.


"There are more attack vectors and more people that could be affected by this," said Marc Maiffret, chief hacking officer for eEye Digital Security, the software firm that warned Microsoft of the vulnerability more than six months ago.


This is the second time this month that Microsoft has warned users of a security flaw. The company has a new policy of announcing vulnerabilities and releasing patches on the second Tuesday of each month, unless a critical flaw needs to be released immediately.


Last week, the software maker revealed a security flaw in Internet Explorer and issued a patch.

Get the full story here:

Microsoft warns of widespread Windows flaw (http://news.com.com/2100-7355_3-5156647.html?tag=nefd_lede)

Richard

Oh deep joy... :mad: note the "extensive" list of Windows versions that are affected.

* Microsoft Windows NT Server 4.0 SP6a
* Microsoft Windows NT Server 4.0 Terminal Server Edition SP6
* Microsoft Windows NT Workstation 4.0 SP6a
* Microsoft Windows 2000 Advanced Server
* Microsoft Windows 2000 Professional
* Microsoft Windows 2000 Server
* Microsoft Windows Server 2003, 64-Bit Datacenter Edition
* Microsoft Windows Server 2003, 64-Bit Enterprise Edition
* Microsoft Windows Server 2003, Datacenter Edition
* Microsoft Windows Server 2003, Enterprise Edition
* Microsoft Windows Server 2003, Standard Edition
* Microsoft Windows Server 2003, Web Edition
* Microsoft Windows XP 64-Bit Edition
* Microsoft Windows XP 64-Bit Edition Version 2003
* Microsoft Windows XP Home Edition
* Microsoft Windows XP Media Center Edition
* Microsoft Windows XP Professional
* Microsoft Windows XP Tablet PC Edition

Given that NT4 is affected, I wouldn't be at all surprised to discover that 98 and ME are too (but I don't know htat for sure)

The link to the security bulleting is here (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms04-007.asp) :uhoh:

I downloaded the fix (at least I think it was the right fix) yesterday. Took about five minutes.

Aren't versions of Windows starting with NT "non-DOS-based"?

Thus I would hope that "DOS-based" version, those through ME, Would not be affected.

IIRC Microsoft is still supporting these earlier versions, at least for this sort of security disaster. I would hope they would be on the list IF they were affected.

sc

If you have a good firewall and up-to-date virus checker is there still a risk? In other words, is it only those who have left ALL the doors open that could be affected.

Ant,

Certainly if you have an external firewall (i.e. a hardware one in your ADSL modem or use one of the free software ones to turn an old PC into a firewall www.smoothwall.org (http://www.smoothwall.org/) , www.ipcop.org (http://www.ipcop.org/) or www.freesco.org (http://www.freesco.org/) for example) you should be pretty safe.

The problem with this vulnerability is that it affects some very low-level code in the network stack. Which in turn means that it potentially could affect almost anything that "does" networking on the PC, including XP's own builtin firewall, or a third-party's offering unless that TP offering goes to great lengths to only use it's own trusted version of that software. And even then the possibility exists that at the point that the TP firewall hooks into Windows there could still be a problem.

There is still some confusion (read FUD) about all of this, thanks in no small part ot Microsoft's "lack of transparency" (they've been sitting on this "unusually serious security problems with its Windows software" for at least 6 months, possibly longer [Microsoft quote -- one wonders what they consider "usually serious" to be...] but if the problem is as described in the various advisories, it should be straightforward to patch (simply replacing a DLL) but with MS, who knows...

This is why I and others on the forum constantly stress the value of using an external firewall (external to your PC that is) and not trusting your security to software that is running on top of a gernal-purpose operating system with a dubious security track-record at best... :rolleyes:

If you don't have an external firewall, you need to patch ASAP. If you do have a stateful external FW you should be OK, but should patch anyway.

I'm sure others on this forum will be updating this thread as we try to separate the wood from the trees...

[The software firewalls mentioned above all use stripped-down versions of their respective unix-based operating systems to (a) ensure that there isn't anything lying around that isn't needed -- which helps to protect against vulnerabilities in unecessary code; and (b) makes it a whole lot easier to secure what left. All three of these products will run on hadware that most people wouldn't even use as a doorstop -- I setup one installation for a friend on a 486 with 16MB of memory :D works like a charm on a 56K dialup at least. ]

RomeoTangoFoxtrotMike

Hmmm. I'm starting to worry now.

We recently set up a second internet-based bank account and to maximise security I purchased Zonealarm Pro. We also enabled XP Home's built-in firewall (surprisingly the two don't clash and hopefully what one misses the other will catch). At the back of one's mind is the possibility of password theft, key logging etc. so I'm wondering how Zonealarm Pro measures up to Smoothwall, Ipcop and Freesco in the overall security stakes.

Also, you speak highly of external firewalls. Are these likely to be proof against present and (almost inevitablly) future MS vulnerabilities, and are they in all cases better than software solutions?

Thanks.

Ant,

As a hardware firewall will stop the traffic before it gets to your computer it should protect against any inbound attacks, no matter what operating system or security holes there are. The software firewalls, with the exception of Windows XP's built-in firewall, will stop any viruses or other malicious programs from getting out. To be as secure as possible you should have both. Most low end hardware routers have a built-in firewall, and will also allow you to share your internet connection, should you so desire.

goates

Ant,

In the words of HHGG , Don't Panic :cool: The risk of exploitation has up to now been relatively small. (By relatively here I mean we're trusting the staff at MS and EEYE et al not to exploit the head-start they've had on the problem; but we're also assuming that nobody else has discovered this or it somehow hasn't leaked out. There's no evidence of this yet) So up to now, there's a reasonable chance that thise weakenss hasn't been exploited.

HOWEVER this is all about to change. Now that the details of the vulnerability are out, there are going to be people trying to exploit it. The good news is that there IS a patch. It's essential that people apply it. My big concern over local software firewalls, which I didn't get over very well in my first post is that people who [i]think that because they have a firewall and therfore are not as diligent in applying the patch, could come seriously unstuck :ooh:

A security maxim is "defense in depth" which is just another way of saying "don't put all your eggs in one basket". You need up-to-date patches, anti-virus softwar and a firewall to keep you systems secure... :rolleyes:

One security consultant puts it like this: A firewall defined:

A device which explicitly controls network access to your computer network.

A device which allows you to monitor the type of traffic passing in and out of your network and react accordingly.

A firewall is not:

A complete security management strategy

A guarantee of security

A power base


:uhoh:

Anyone know what this Microsoft Patch Number is?

I managed to update Windows XP - 2 Critical updates tonight but, the supplied link above - Gateway times out every time. I guess their servers are working overtime!

Hopefully one of the two critical updates included this patch but, If anyone knows the number I can make sure!

Thanks.. :suspect:

KB828028 :8

Hey Rustle - Thanks for that!

In that case I've got the patch..

Cheers!:D

Will the built in fire-wall in XP Pro and Zone Alarm Pro actually work together or will they cancel each other out?

I have ZA Pro installed and disabled the XP one but I believe in SP2, due out shortly, the XP fire wall switches on automatically? Can it/should it be disabled?

Thanks, in anticipation:D

BlueEagle,

With ZA, switch the Windows ICF off. I am sure ZA will still do a much better job. ;)

Take Care,

Richard

I have a foolproof way of protecting against hackers getting their hands on my banking information. I keep all my financials on an old 486 that isn't connected to the internet and front up personally at the bank for all transactions. It's a bit inconvenient sometimes though.

Does anyone else think it's about time that the death penalty was introduced for computer crime?

For non-experts who simply connect their WinXPPro machines to the net, could anyone confirm that with 'autoupdate' enabled, the latest MS patches will probably have been downloaded during this week?

Connected to the Net using a fast Vodafone wi-fi connection in the LH lounge at FRA on Wednesday and found 'new updates' ready to be installed, then again at home yesterday. No problems - all worked as advertised.

Should that now mean that I've received the relevant patches?

BEags, it sounds unlikely but you can check if you have ANY fixes installed by entering Control Panel>Add or Remove Programmes and looking for Windows (XP Pro) Hotfix K******** number. The one you are interested in right now is KB828028

It is there that they are set. If there are none there you haven't got them installed.

Hope that helps.

PPP

Paranoia rules ok here

Maybe so! But those who take the precaution will be feeling a whole lot better than you will if you get hacked wouldn't you say?

Thank you, PPRuNe Pop. I do indeed have KB828028 - and KB828035 even more recently, plus others in the past.

Seems that the autoupdate works exactly as it says on the tin!

That will teach me to disable 'automatic windows update' then. But I do visit 'updates' quite often and choose the ones I think I need.

Glad it helped anyhow.