lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B580465603B@isabella.herefordshire.gov.uk>
Date: Tue, 15 Feb 2005 10:09:10 -0000
From: "Randal, Phil" <prandal@...efordshire.gov.uk>
To: "BuqtraqNT (E-mail)" <NTBUGTRAQ@...tserv.ntbugtraq.com>,
        "BugtraqSecurity (E-mail)" <Bugtraq@...urityfocus.com>,
        "Full-Disclosure (E-mail)" <full-disclosure@...ts.netsys.com>
Subject: RE: RE: Microsoft Baseline Security Analyzer no
	t seeing KB887742 and KB886185


KB887742: "A computer that is running Microsoft Windows XP Service Pack
2 (SP2), Microsoft Windows XP Tablet PC Edition 2005, or Microsoft
Windows Server 2003 unexpectedly stops. Additionally, the following Stop
error message appears on a blue screen: Stop 0x05
(INVALID_PROCESS_ATTACH_ATTEMPT)".

That's a denial of service.  There are security implications there.

KB886185: "After you set up Windows Firewall in Microsoft Windows XP
Service Pack 2 (SP2), you may discover that anyone on the Internet can
access resources on your computer when you use a dial-up connection to
connect to the Internet."

That looks like a major security hole to me.

Cheers,

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: full-disclosure-bounces@...ts.netsys.com 
> [mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf 
> Of Threlkeld, Richard
> Sent: 15 February 2005 00:19
> To: James Lay; BuqtraqNT (E-mail); BugtraqSecurity (E-mail); 
> Full-Disclosure (E-mail)
> Subject: [Full-Disclosure] RE: Microsoft Baseline Security 
> Analyzer not seeing KB887742 and KB886185
> 
> These are not security updates.  KB887742 is for a stop error
> (http://support.microsoft.com/kb/887742) and  KB886185 is an 
> update for network scope on the Windows Firewall
> (http://support.microsoft.com/default.aspx?scid=kb;en-us;886185) .
> 
> The MBSA scans for Security Updates only, not every hotfix 
> ever released.  Note that a "Critical" patch is not 
> necessarily a "Security"
> patch.  You may be thinking of the "Maximum severity" levels 
> of the MS*-xxx security bulletins which are not the same thing.
> 
> Best,
> 
> Richard Threlkeld
> Microsoft MVP - SMS
> http://myitforum.techtarget.com/blog/rthrelkeld/
> 
> 
> 
> -----Original Message-----
> From: James Lay [mailto:jlay@...riben.com]
> Sent: Monday, February 14, 2005 10:24 AM
> To: BuqtraqNT (E-mail); BugtraqSecurity (E-mail); Full-Disclosure
> (E-mail)
> Subject: Microsoft Baseline Security Analyzer not seeing KB887742 and
> KB886185
> 
> Subject line says it all....just did a fresh install of WinXP 
> SP2....was using MBSAFU to make sure it would patch...which 
> it did.  However Windows Update shows still needing KB887742 
> and KB886185.  MBSA shows no critical patches need updated.  
> Systeminfo shows that both KB887742 and
> KB886185 are NOT installed.  I'm using latest MBSA.  Anyone 
> else see this?  Kinda sucks :(
> 
> James Lay
> Network Manager/Security Officer
> AmeriBen Solutions/IEC Group
> Deo Gloria!!!
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ