lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4212E29F.3060700@pacbell.net>
Date: Tue, 15 Feb 2005 22:05:19 -0800
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@...bell.net>
To: "Randal, Phil" <prandal@...efordshire.gov.uk>
Cc: "BuqtraqNT \(E-mail\)" <NTBUGTRAQ@...tserv.ntbugtraq.com>,
        "BugtraqSecurity \(E-mail\)" <Bugtraq@...urityfocus.com>,
        "Full-Disclosure \(E-mail\)" <full-disclosure@...ts.netsys.com>
Subject: Re: RE: Microsoft Baseline Security Analyzer no
	t seeing KB887742 and KB886185


Ping Microsoft.. they were not classified as Security patches [not 
assigned 05-### numbers ergo they aren't on MBSA]

As Richard stated, they aren't security bulletins.

Heck I'd LOVE to get 835734 for the SBS 2003 platform merely on Windows 
Update and honestly I can't wait for WUS or whatever.  Right now there 
are tons of unpatched SBS boxes that are spam machines.  
http://www.sbslinks.com/popconnector.htm

I know at least 886185 is on Windows update so count your blessings.

Randal, Phil wrote:

>KB887742: "A computer that is running Microsoft Windows XP Service Pack
>2 (SP2), Microsoft Windows XP Tablet PC Edition 2005, or Microsoft
>Windows Server 2003 unexpectedly stops. Additionally, the following Stop
>error message appears on a blue screen: Stop 0x05
>(INVALID_PROCESS_ATTACH_ATTEMPT)".
>
>That's a denial of service.  There are security implications there.
>
>KB886185: "After you set up Windows Firewall in Microsoft Windows XP
>Service Pack 2 (SP2), you may discover that anyone on the Internet can
>access resources on your computer when you use a dial-up connection to
>connect to the Internet."
>
>That looks like a major security hole to me.
>
>Cheers,
>
>Phil
>
>----
>Phil Randal
>Network Engineer
>Herefordshire Council
>Hereford, UK  
>
>  
>
>>-----Original Message-----
>>From: full-disclosure-bounces@...ts.netsys.com 
>>[mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf 
>>Of Threlkeld, Richard
>>Sent: 15 February 2005 00:19
>>To: James Lay; BuqtraqNT (E-mail); BugtraqSecurity (E-mail); 
>>Full-Disclosure (E-mail)
>>Subject: [Full-Disclosure] RE: Microsoft Baseline Security 
>>Analyzer not seeing KB887742 and KB886185
>>
>>These are not security updates.  KB887742 is for a stop error
>>(http://support.microsoft.com/kb/887742) and  KB886185 is an 
>>update for network scope on the Windows Firewall
>>(http://support.microsoft.com/default.aspx?scid=kb;en-us;886185) .
>>
>>The MBSA scans for Security Updates only, not every hotfix 
>>ever released.  Note that a "Critical" patch is not 
>>necessarily a "Security"
>>patch.  You may be thinking of the "Maximum severity" levels 
>>of the MS*-xxx security bulletins which are not the same thing.
>>
>>Best,
>>
>>Richard Threlkeld
>>Microsoft MVP - SMS
>>http://myitforum.techtarget.com/blog/rthrelkeld/
>>
>>
>>
>>-----Original Message-----
>>From: James Lay [mailto:jlay@...riben.com]
>>Sent: Monday, February 14, 2005 10:24 AM
>>To: BuqtraqNT (E-mail); BugtraqSecurity (E-mail); Full-Disclosure
>>(E-mail)
>>Subject: Microsoft Baseline Security Analyzer not seeing KB887742 and
>>KB886185
>>
>>Subject line says it all....just did a fresh install of WinXP 
>>SP2....was using MBSAFU to make sure it would patch...which 
>>it did.  However Windows Update shows still needing KB887742 
>>and KB886185.  MBSA shows no critical patches need updated.  
>>Systeminfo shows that both KB887742 and
>>KB886185 are NOT installed.  I'm using latest MBSA.  Anyone 
>>else see this?  Kinda sucks :(
>>
>>James Lay
>>Network Manager/Security Officer
>>AmeriBen Solutions/IEC Group
>>Deo Gloria!!!
>>
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>>    
>>
>
>  
>

-- 
An open letter to the Security Community:: 
http://msmvps.com/bradley/archive/2004/12/12/23540.aspx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ