I came across this news while surfing the NTCompatible website.
Microsoft has acknowledged that it is working on a patch for a potentially serious security hole in fully patched versions of Windows XP Service Pack 2.
The software maker's confirmation follows public disclosure of the vulnerability by a private security researcher who goes by the moniker "badpack3t."
In an advisory posted at SecurityProtocols.com, the researcher described the issue as a remote kernel denial-of-service flaw affecting XP SP2, with the default firewall turned on.
"I have been working with Microsoft to get a patch out for this. I notified them 5/4/2005 about the flaw, and they have been working on it since then. Microsoft told me the patch was going to be released in August," he added in the advisory.
Security alerts aggregator Secunia Inc. has flagged the issue as "moderately critical" and confirmed the reports that the integrated firewall does not protect against the flaw.
View: Full Article @ eWeek
Microsoft has acknowledged that it is working on a patch for a potentially serious security hole in fully patched versions of Windows XP Service Pack 2.
The software maker's confirmation follows public disclosure of the vulnerability by a private security researcher who goes by the moniker "badpack3t."
In an advisory posted at SecurityProtocols.com, the researcher described the issue as a remote kernel denial-of-service flaw affecting XP SP2, with the default firewall turned on.
"I have been working with Microsoft to get a patch out for this. I notified them 5/4/2005 about the flaw, and they have been working on it since then. Microsoft told me the patch was going to be released in August," he added in the advisory.
Security alerts aggregator Secunia Inc. has flagged the issue as "moderately critical" and confirmed the reports that the integrated firewall does not protect against the flaw.
View: Full Article @ eWeek
Features of X-Setup Pro:
- Covers and works on all available Windows 32-bit platforms: Windows 95, Windows 98 (SE), Windows NT 4.0, Windows 2000, Windows ME, Windows XP and Windows 2003 Server
- X-Setup Pro is the most complete "hacker" ever available: more than 850 hidden functions can be controlled with some simple button clicks (e.g. Windows, Internet Explorer, Instant Messaging, Office, Explorer appearance, Server options, Network settings, Security...)
- By using an Explorer-like layout and the famous back and next buttons (you already know from your Internet browser) navigation is very simple.
- It's extremely easy to use: With wizards you can change your system in a step-by-step process - that's as easy as A-B-C
- With Record Mode activated, nearly all changes from a plug-in or wizard are recorded to a REG file. This file can then be easily applied to thousands of machines without needing to install X-Setup Pro on them.
- If you often change the same settings, you can easily define Favorites for as many plug-ins as you wish. With Favorites, you simply pick the item from the Favorites menu and X-Setup Pro will directly active it.
- With Version History, it's easy to determine the changes between the different versions of X-Setup. It will exactly tell you which plug-ins have changed and with a click, you will jump directly to that plug-in.
- Clutter free: X-Setup Pro is ready for your wishes in about five seconds and needs only at about 5 MB RAM. Also, it does not install any automatically launched "helper" apps like many other programs. If you exit X-Setup Pro, it is gone and there's nothing running in the background that would bog down your system.
- With the Search function you can easily search all plug-ins for the setting you are looking for. If you think you found what you are searching for, just click on it and X-Setup will directly activate that plug-in for you.
- Because you can do a lot, but not everything with X-Setup Pro, it includes a configurable Programs menu. X-Setup Pro brings a lot of useful programs links with it, but you can also define your own.
- X-Setup Pro can also write a very detailed log file that includes every change it has made to your configuration and you can choose where to store this file.
- Because the settings X-Setup Pro controls change often and fast, it's entirely driven by plug-ins. They are very small and don't have a user interface, instead they use the user interface of X-Setup Pro. Using this technique, X-Setup Pro is infinitely extensible and expandable and you can even integrate your own plug-ins or wizards.
- X-Setup Pro includes Automatic Updates that allows you to download the newest plug-ins directly from our server to your X-Setup Pro installation with some simple clicks - you don't need to download and unzip any files to stay updated.
- You can view the source code of ANY plug-in directly from X-Setup Pro, before the the plug-in is allowed to change anything. This way, you can always see what the plug-in will do.
- It is wherever you need it: either in Start -> Programs or Settings -> Control Panel
- Contains an detailed explanation how to install it on a network share - entire setup only takes five seconds in this case.
Can anyone recommend to me a good firewall? My main concern is that it doesn't need to be constantly fiddled with through normal usage (i.e. if a program needs access a window pops up, like the XP firewall).
http://www.netveda.com
IF that's a little to advanced for you, try something from www.zonelabs.com
I personaly don't recomend ZoneAlarm, but it is very popular with the beginer-to-intermediate crowd.
How would you know? Oh, you must not be connected to the internet.
Oh wait. Then how did he type up that post if he ain't connected to the Internet?
He probably browses sites that aren't full of spy crap and viruses.
p.s. dave, could you tell me please, the name of your antivirus software which tells you about viruses only when your computer has already been infected?
If you have enabled Remote Desktop, then you are likely competent enough to reconfigure the XP firewall to only allow Remote Desktop connections from known Subnets, IP ranges, or even specific IP addresses. This will keep you safe.
Link: How to use the Remote Desktop feature of Windows XP Professional
Link: How to configure the Windows Firewall feature in Windows XP Service Pack 2
if you want to be pedantic and talk numbers, compare the amount of bugfixes and security patches resolved in sp2 to the one new flaw outlined here.
Thats right. Updates are available daily. No waiting until the convenient time of the month like microsoft.
Now, I have to ask. How many of you actually thought XP and then SP2, were actually going to be bug free with no security risks. How many of you are thinking the same thing about LongDong, I mean Longhorn? It isn't going to ever happen!! So, get used to having to constantly update/patch!!
you have really instructed us newbies
please continue
ROFLMAO!!
Check Paul Thurrott's site for details on how to make a XPsp2 Slipstream CD.
http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp
It is good advice. What I found funny is that it's advice that's nearly impossible to follow by the people most in need of it: your ordinary citizens who have a hard enough time installing a video game without triggering a complete system failure.
Slipstream a service pack into an OS and then reinstall that OS? For most people that's like telling them that if their car is burning oil they should tear down their engines and replace their piston rings and valve guides. While that would almost certainly fix the problem, how many non-mechanics are actually capable of doing it?
I love oxymorons.
Hes just putting home users in danger, just so he can get some fame?
If that is the case, I quite frankly think hes a moron.
Originally Tommy boy, AKA Badpack3t was not going to release the POC (Proof of Concept) until the second week of Aug., that's when Microsoft said they would have a patch for it. But someone cunning may have already known about half of the possiblity, put two and two together, and viola, POC. Hopefully not many folks will be affected by this, so if you get asked to start a remote session... deny, deny, deny. The only thing we have to worry about now is what some1 else will figure out.
Start>Settings>Control Panel>Admin Tools>Services
^will list the services installed on the local machine. From that list you can chack to see which ones are enabled, which start automaticly, which are unable to start becasue of a broken dependencyies chain, and so on. Well, it's supposed to work like that, anyways; it doesn't always work like it's supposed to, but that's usualy due to a malicious peice of code or a messed up registry hack.
I sometimes like to blame small furry gremlins that like to chew on the kernal, but that's only after I've had way too much coffee and not enough sleep.
www.microsoftflaws.com
flaws are in all firewalls around the world,so stop bitching!
patch!!!
Unless you're a complete noob, one of the first things you do after a new install of XP is to turn off the Remote Desktop feature. (becasue it is [1] semi-useless and [2] a huge security risk)
However, since the article said "...the integrated firewall does not protect against the flaw." a whole lot of you seem to have stoped reading at that point and started your Trolling.
You should have continued to read to the point where it says "...the flaw resides in the Windows "Remote Desktop" feature..."
Now look sad and say "Duh'oh!"
I use it all the time, but whenever I install (or reinstall) an OS, half the time I forget to enable it, and then wonder why I can't connect to that desktop. Which is the point where I slap myself in the forehead for being such a noob and then drive back across town to the remote site to turn the damned thing on.
Last edited by 115639 on 17 Jul 2005 - 19:46
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.