| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: sbradcpa at pacbell.net (Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]) Subject: RE: Microsoft Baseline Security Analyzer no t seeing KB887742 and KB886185 Ping Microsoft.. they were not classified as Security patches [not assigned 05-### numbers ergo they aren't on MBSA] As Richard stated, they aren't security bulletins. Heck I'd LOVE to get 835734 for the SBS 2003 platform merely on Windows Update and honestly I can't wait for WUS or whatever. Right now there are tons of unpatched SBS boxes that are spam machines. http://www.sbslinks.com/popconnector.htm I know at least 886185 is on Windows update so count your blessings. Randal, Phil wrote: >KB887742: "A computer that is running Microsoft Windows XP Service Pack >2 (SP2), Microsoft Windows XP Tablet PC Edition 2005, or Microsoft >Windows Server 2003 unexpectedly stops. Additionally, the following Stop >error message appears on a blue screen: Stop 0x05 >(INVALID_PROCESS_ATTACH_ATTEMPT)". > >That's a denial of service. There are security implications there. > >KB886185: "After you set up Windows Firewall in Microsoft Windows XP >Service Pack 2 (SP2), you may discover that anyone on the Internet can >access resources on your computer when you use a dial-up connection to >connect to the Internet." > >That looks like a major security hole to me. > >Cheers, > >Phil > >---- >Phil Randal >Network Engineer >Herefordshire Council >Hereford, UK > > > >>-----Original Message----- >>From: full-disclosure-bounces@...ts.netsys.com >>[mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf >>Of Threlkeld, Richard >>Sent: 15 February 2005 00:19 >>To: James Lay; BuqtraqNT (E-mail); BugtraqSecurity (E-mail); >>Full-Disclosure (E-mail) >>Subject: [Full-Disclosure] RE: Microsoft Baseline Security >>Analyzer not seeing KB887742 and KB886185 >> >>These are not security updates. KB887742 is for a stop error >>(http://support.microsoft.com/kb/887742) and KB886185 is an >>update for network scope on the Windows Firewall >>(http://support.microsoft.com/default.aspx?scid=kb;en-us;886185) . >> >>The MBSA scans for Security Updates only, not every hotfix >>ever released. Note that a "Critical" patch is not >>necessarily a "Security" >>patch. You may be thinking of the "Maximum severity" levels >>of the MS*-xxx security bulletins which are not the same thing. >> >>Best, >> >>Richard Threlkeld >>Microsoft MVP - SMS >>http://myitforum.techtarget.com/blog/rthrelkeld/ >> >> >> >>-----Original Message----- >>From: James Lay [mailto:jlay@...riben.com] >>Sent: Monday, February 14, 2005 10:24 AM >>To: BuqtraqNT (E-mail); BugtraqSecurity (E-mail); Full-Disclosure >>(E-mail) >>Subject: Microsoft Baseline Security Analyzer not seeing KB887742 and >>KB886185 >> >>Subject line says it all....just did a fresh install of WinXP >>SP2....was using MBSAFU to make sure it would patch...which >>it did. However Windows Update shows still needing KB887742 >>and KB886185. MBSA shows no critical patches need updated. >>Systeminfo shows that both KB887742 and >>KB886185 are NOT installed. I'm using latest MBSA. Anyone >>else see this? Kinda sucks :( >> >>James Lay >>Network Manager/Security Officer >>AmeriBen Solutions/IEC Group >>Deo Gloria!!! >> >> >>_______________________________________________ >>Full-Disclosure - We believe in it. >>Charter: http://lists.netsys.com/full-disclosure-charter.html >> >> >> > > > -- An open letter to the Security Community:: http://msmvps.com/bradley/archive/2004/12/12/23540.aspx
Powered by blists - more mailing lists