[ISN] Security UPDATE--Windows XP SP2 Help--August 18, 2004

InfoSec News isn at c4i.org
Thu Aug 19 12:00:26 EDT 2004


==== This Issue Sponsored By ====

Qualys - The Leader in On Demand Vulnerability Management

Free Security White Paper from Postini


1. In Focus: Windows XP SP2 Help

2. Security News and Features
   - Recent Security Vulnerabilities
   - News: Microsoft Issues August Security Fixes
   - Feature: Cleaning Up After Classified Email

3. Security Matters Blog
   - How to Temporarily Disable Installation of Windows XP SP2
   - It Had to Happen Sooner or Later, Part 2
   - What Are You Exposing in Your Word, Excel, and PowerPoint Files?

4. Security Toolkit
   - FAQ

5. New and Improved
   - Updated Patch Management Solution
   - Secure Your Compressed Attachments


==== Sponsor: Qualys ====
   Find network weaknesses before the next worm finds you. 80% of
vulnerability exploits are available within 60 days of the
vulnerability release. Take preemptive action by eliminating the
weakness first. Run a free security check today to detect and
eliminate security risks in your network BEFORE they can be
   - Discover and map your entire network.
   - Scan for over 3,500 unique security threats on routers, switches,
     hubs, firewalls, desktop computers, wireless access points and
     other network appliances.
   - Get detailed vulnerability information on affected hosts, the
     security risk posed and potential consequences if exploited.
   - Get links to validated patches and fixes.
   Leading organizations scan their critical assets for
vulnerabilities weekly. Click on the link below to run your free
security check.


==== 1. In Focus: Windows XP SP2 Help ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

Certainly you know by now that Windows XP Service Pack 2 (SP2) has
been released. As anticipated, some systems have had problems after
installation of the new service pack. But many people report that
their installations have been successful and without incident.

Some of you might want to wait until later to install SP2. If you use
Microsoft Software Update Services (SUS) or Automatic Updates, you'll
probably need to disable SP2 installation until you're ready for it.
Microsoft has released two tools to help: "Toolkit to Temporarily
Block Delivery of Windows XP SP2 to a PC Through Automatic Updates and
Windows" (at the first URL below) and "Executable to Un-block Delivery
of Windows XP SP2 to a PC Through Automatic Updates and Windows
Update" (at the second URL below).

If you want to slipstream SP2 into your XP installation packages,
Adrian Earnshaw posted a link in the NTBugtraq mailing list (at the
first URL below) that points to an article on the Windows-Help.NET Web
site that describes step-by-step how to create a slipstream package
(at the second URL below).

Some people might have difficulty with Microsoft Systems Management
Server (SMS) after installing SP2. Rod Trent posted a link in the
PatchManagement.org mailing list (at the first URL below) that points
to an FAQ on the myITforum.com Web site. The FAQ (at the second URL
below) tells how to correct certain problems with SP2 and SMS that
might relate to Distributed COM (DCOM) and access through port 135.

If you're looking for information and tools from Microsoft related to
SP2, try the search engine at the Microsoft Download Center. If you
select Windows XP as the Product/Technology and enter the keywords
"Service Pack 2," you'll find lots of articles, tools, and reference
material to help you.

The Microsoft Developer Network (MSDN) also has a Web page--the
Microsoft Security Developer Center--that lists lots of security
resources for developers, including a course, "Windows XP Service Pack
2 Training for Developers," which provides "awareness of the
implications in the deployment of Service Pack 2 on computers running
on the Windows XP Professional and Windows XP Home Editions and how
the application developer will be affected by them."

At Microsoft's support site, you'll find a Web page that contains lots
of links to a few known issues, as well as troubleshooting,
step-by-step help, and more. You'll also find a link to an upcoming
Webcast, "Understanding Microsoft Windows XP Service Pack 2," which is
scheduled for August 19, 10:00 A.M. Pacific Time.

One more resource you might find helpful is the "Windows XP Service
Pack 2 Experiences" Web forum hosted by the SANS Institute's Internet
Storm Center. The forum has classified posts according to the poster's
experience with SP2--that is, whether he or she had "no problems,"
"small problems," "big problems, but solvable," "big problems, could
not use/install," "had to rebuild system," or "no opinion." If you're
having trouble with SP2, you might read the forum's posts or use its
search engine to see whether anyone had similar trouble and found a


==== Sponsor: Free Security White Paper from Postini ====
   The Shifting Tactics of Spammers: What You Need to Know about New
Email Threats
   As the incidence of spam and malicious emails carrying viruses and
worms continues to increase, conventional content filtering anti-spam
solutions fail to keep pace. This paper will describe the latest email
threats, how spam filters typically operate and how spammers are
attempting to defeat conventional software and appliance content
filtering technologies. You'll see how spammers are moving beyond hash
busting and Bayesian poisoning and learn how spammers are stealing
addresses from your email directory with "directory harvest
attacks"—compromising and even bringing down your email servers.
Download this free white paper now!


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries

News: Microsoft Issues August Security Fixes
   Microsoft issued just one new fix in its August collection of
security bulletins. The fix is a security bulletin that has a moderate
severity rating and affects Microsoft Exchange Server 5.5. One fix is
a far cry from July's monthly updates, which included eight bulletins.
Two weeks ago, however, Microsoft released a set of Microsoft Internet
Explorer (IE) fixes out of sync with its monthly security updates; the
fixes patched IE flaws that were discovered in June.

Feature: Cleaning Up After Classified Email
   Los Alamos National Laboratory (LANL), the birthplace of the atomic
bomb and one of the most secretive places in the United States, has
had several security breaches, including the sending of classified
messages over the lab's unclassified email system. LANL's problems got
Paul Robichaux thinking about the technical challenges of "cleaning"
an ordinary email system through which someone has sent confidential
or sensitive information. It's no easy task. Read what he has to say
in this article on our Web site.


==== Announcements ====
   (from Windows & .NET Magazine and its partners)

Take our Salary Survey, and Enter to Win $500!
   We need your help! Windows & .NET Magazine is launching its first
Windows IT Pro Industry Salary Survey, and we want to know all about
you and what makes you happy as an IT professional. When you complete
the survey (about 15 minutes of your time), you'll be entered in a
drawing for one of two $500 American Express gift certificates. Look
for the survey results--and how you stack up against your peers--in
our December 2004 issue. To take the survey, go to

Microsoft Exchange Connections October 24-27 in Orlando, FL
   Microsoft and Windows & .NET Magazine team up to produce the
essential conference for network administrators and IT managers on
Exchange Server and Outlook technology. Register early, and attend
sessions at concurrently run Windows Connections for free. See the
complete conference brochure online or call 800-505-1201 for more

Harness the Power of Active Directory Provisioning
   Join NetIQ for Part 1 of this two-part, live, interactive Web
seminar series. Discover the benefits of user provisioning in Active
Directory to establish a complete user account life-cycle management
solution without the expense of a full-blown identity management
solution. Register today!

Get 2 Sample Issues of Windows & .NET Magazine (soon to be Windows IT
   In September, Windows & .NET Magazine will become Windows IT Pro!
Act now to get our special charter issue that shows you how to plug
DNS holes and select the best scripting editor, plus learn more about
the business side of IT. And discover the top 10 PC trends we think
you need to keep an eye on. Get two risk-free new and improved issues
and a subscription at 40% off the cover price at


==== 3. Security Matters Blog ====
   by Mark Joseph Edwards, http://www.winnetmag.com/securitymatters

Check out these recent entries in the Security Matters blog:

How to Temporarily Disable Installation of Windows XP SP2
   Microsoft offers a few ways to postpone Windows XP Service Pack 2
(SP2) installation for those who use Windows Update and Automatic

It Had to Happen Sooner or Later, Part 2
   Somebody has released a malicious Windows CE worm that inserts a
back door into the OS.

What Are You Exposing in Your Word, Excel, and PowerPoint Files?
   Microsoft recently released an update to its Remove Hidden Data
tool (rhdtool.exe) that cleans hidden and collaboration data out of
Office 2003 and Office XP files.

==== 4. Security Toolkit ====

FAQ: I have an internal firewall between sections of my network. What
ports must I open to allow user and computer account authentication?
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. Basic authentication on a network consists of several steps. First,
the client locates a domain controller (DC), which requires DNS
connectivity--UDP and TCP ports 53. Next, the client performs a
connectivity test by using a Lightweight Directory Access Protocol
(LDAP) Ping--UDP port 389. Then, the client uses Kerberos (UDP and TCP
ports 88) and Server Message Block (SMB--UDP and TCP ports 445) to
complete the authentication to the DC. Therefore, you must enable all
these ports.


==== Events Central ====
   (A complete Web and live events directory brought to you by Windows
& .NET Magazine: http://www.winnetmag.com/events )

We're Bringing the Experts Directly to You with 2 New IT Pro Workshop
Series On Security and Exchange
   Don't miss two intense workshops designed to give you simple and
free tools to better secure your networks and Exchange servers.
Discover how to prevent hackers from attacking your network and how to
perform a security checkup on your Exchange deployment. Get a free
12-month subscription to Windows & .NET Magazine and enter to win an
Xbox! Register now!


==== 5. New and Improved ====
   by Renee Munshi, products at winnetmag.com

Updated Patch Management Solution
   St. Bernard Software announced version 6.2 of its patch management
solution UpdateEXPERT. The new version has expanded support for
portable workstations and laptops, letting you patch these devices
when they make a network connection and accommodate their slower speed
connections from remote locations. UpdateEXPERT 6.2 also lets you
assign a network share as a patch repository so that you can optimize
storage and better control patch distribution. Prices start at $840
for a 1-year subscription to support 1 to 50 workstations. For more
information, visit

Secure Your Compressed Attachments
   PKWARE announced SecureZIP for Windows, the first offering in
PKWARE's cross-platform SecureZIP product family, which covers all
major computing platforms. SecureZIP combines encryption and digital
signature capabilities with ZIP file compression. Users can secure and
compress email attachments from within Microsoft Outlook or IBM Lotus
Notes or directly from the desktop with one mouse click. SecureZIP
encryption algorithms support Triple DES (3DES) and Advanced
Encryption Standard (AES), and SecureZip users can use either
passwords or digital certificates for encryption. PKWARE provides the
free ZIP Reader tool for viewing any zipped, encrypted, or digitally
signed files. For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot at winnetmag.com.


==== Sponsored Links ====

   Comparison Paper: The Argent Guardian Easily Beats Out MOM

   Free Download--New - Launch NetOp Remote Control from a USB Drive


Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and
solutions in the Security Administrator print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rsecadmin at winnetmag.com. If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.


==== Contact Us ====

About the newsletter -- letters at winnetmag.com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products at winnetmag.com
About your subscription -- securityupdate at winnetmag.com
About sponsoring Security UPDATE -- emedia_opps at winnetmag.com


==== Contact Our Sponsors ====

Primary Sponsor:
   Qualys -- https://www.qualys.com -- 1-800-745-4355

Secondary Sponsor:
   Postini -- http://www.postini.com -- 1-888-584-3150


This email newsletter is brought to you by Windows & .NET Magazine,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.

You received this email message because you asked to receive
additional information about products and services from the Windows &
.NET Magazine Network. To unsubscribe, send an email message to
mailto:Security-UPDATE_Unsub at list.winnetmag.com. Thank you!

View the Windows & .NET Magazine privacy policy at

Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

More information about the ISN mailing list