lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <016f01c513f5$708e5ae0$0a01a8c0@anchorsign.com>
Date: Tue, 15 Feb 2005 23:02:12 -0800
From: "Thor \(Hammer of God\)" <thor@...merofgod.com>
To: "Randal, Phil" <prandal@...efordshire.gov.uk>,
        "BuqtraqNT \(E-mail\)" <NTBUGTRAQ@...tserv.ntbugtraq.com>,
        "BugtraqSecurity \(E-mail\)" <Bugtraq@...urityfocus.com>,
        "Full-Disclosure \(E-mail\)" <full-disclosure@...ts.netsys.com>
Subject: Re: RE: Microsoft Baseline Security Analyzer not
	seeing KB887742 and KB886185


Actually, the KB article is incorrect.  Only other users from the same 
dial-up ISP given IP's considered in the same "local" subnet would be able 
to have NBT traffic considered local and thus pass through the firewall.  It 
is not "anyone on the Internet" as the KB states.  They would still need a 
username and password to access the resource.  Additionally, one should note 
that on non-domain member systems, administrators would have to explicitly 
allow FPS exceptions after the fact for this to be an issue in the first 
place, and even so, only after going in and manually binding FPS to the 
dial-up interface which is disabled by default.  You really have to go 
around your gluteus maximus to present this as an issue.  So, IMO, it is not 
a major security hole.

The Invalid_Process_Attach_Attempt bug does not have security implications, 
though in particular configurations a DOS does condition exists.  DOS != 
security vulnerability in this case.

But, not withstanding the above caveats, I agree with you that 886185 is 
still a potential security issue, and for that reason, should be checked by 
MBSA.

T

----- Original Message ----- 
From: "Randal, Phil" <prandal@...efordshire.gov.uk>
To: "BuqtraqNT (E-mail)" <NTBUGTRAQ@...tserv.ntbugtraq.com>; 
"BugtraqSecurity (E-mail)" <Bugtraq@...urityfocus.com>; "Full-Disclosure 
(E-mail)" <full-disclosure@...ts.netsys.com>
Sent: Tuesday, February 15, 2005 2:09 AM
Subject: RE: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer not 
seeing KB887742 and KB886185


> KB887742: "A computer that is running Microsoft Windows XP Service Pack
> 2 (SP2), Microsoft Windows XP Tablet PC Edition 2005, or Microsoft
> Windows Server 2003 unexpectedly stops. Additionally, the following Stop
> error message appears on a blue screen: Stop 0x05
> (INVALID_PROCESS_ATTACH_ATTEMPT)".
>
> That's a denial of service.  There are security implications there.
>
> KB886185: "After you set up Windows Firewall in Microsoft Windows XP
> Service Pack 2 (SP2), you may discover that anyone on the Internet can
> access resources on your computer when you use a dial-up connection to
> connect to the Internet."
>
> That looks like a major security hole to me.
>
> Cheers,
>
> Phil
>
> ----
> Phil Randal
> Network Engineer
> Herefordshire Council
> Hereford, UK
>
>> -----Original Message-----
>> From: full-disclosure-bounces@...ts.netsys.com
>> [mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf
>> Of Threlkeld, Richard
>> Sent: 15 February 2005 00:19
>> To: James Lay; BuqtraqNT (E-mail); BugtraqSecurity (E-mail);
>> Full-Disclosure (E-mail)
>> Subject: [Full-Disclosure] RE: Microsoft Baseline Security
>> Analyzer not seeing KB887742 and KB886185
>>
>> These are not security updates.  KB887742 is for a stop error
>> (http://support.microsoft.com/kb/887742) and  KB886185 is an
>> update for network scope on the Windows Firewall
>> (http://support.microsoft.com/default.aspx?scid=kb;en-us;886185) .
>>
>> The MBSA scans for Security Updates only, not every hotfix
>> ever released.  Note that a "Critical" patch is not
>> necessarily a "Security"
>> patch.  You may be thinking of the "Maximum severity" levels
>> of the MS*-xxx security bulletins which are not the same thing.
>>
>> Best,
>>
>> Richard Threlkeld
>> Microsoft MVP - SMS
>> http://myitforum.techtarget.com/blog/rthrelkeld/
>>
>>
>>
>> -----Original Message-----
>> From: James Lay [mailto:jlay@...riben.com]
>> Sent: Monday, February 14, 2005 10:24 AM
>> To: BuqtraqNT (E-mail); BugtraqSecurity (E-mail); Full-Disclosure
>> (E-mail)
>> Subject: Microsoft Baseline Security Analyzer not seeing KB887742 and
>> KB886185
>>
>> Subject line says it all....just did a fresh install of WinXP
>> SP2....was using MBSAFU to make sure it would patch...which
>> it did.  However Windows Update shows still needing KB887742
>> and KB886185.  MBSA shows no critical patches need updated.
>> Systeminfo shows that both KB887742 and
>> KB886185 are NOT installed.  I'm using latest MBSA.  Anyone
>> else see this?  Kinda sucks :(
>>
>> James Lay
>> Network Manager/Security Officer
>> AmeriBen Solutions/IEC Group
>> Deo Gloria!!!
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>>
>
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ