KB887742: "A computer that is running Microsoft Windows XP Service Pack
2 (SP2), Microsoft Windows XP Tablet PC Edition 2005, or Microsoft
Windows Server 2003 unexpectedly stops. Additionally, the following Stop
error message appears on a blue screen: Stop 0x05
(INVALID_PROCESS_ATTACH_ATTEMPT)".
That's a denial of service. There are security implications there.
KB886185: "After you set up Windows Firewall in Microsoft Windows XP
Service Pack 2 (SP2), you may discover that anyone on the Internet can
access resources on your computer when you use a dial-up connection to
connect to the Internet."
That looks like a major security hole to me.
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: full-disclosure-bounces (at) lists.netsys (dot) com [email concealed]
> [mailto:full-disclosure-bounces (at) lists.netsys (dot) com [email concealed]] On Behalf
> Of Threlkeld, Richard
> Sent: 15 February 2005 00:19
> To: James Lay; BuqtraqNT (E-mail); BugtraqSecurity (E-mail);
> Full-Disclosure (E-mail)
> Subject: [Full-Disclosure] RE: Microsoft Baseline Security
> Analyzer not seeing KB887742 and KB886185
>
> These are not security updates. KB887742 is for a stop error
> (http://support.microsoft.com/kb/887742) and KB886185 is an
> update for network scope on the Windows Firewall
> (http://support.microsoft.com/default.aspx?scid=kb;en-us;886185) .
>
> The MBSA scans for Security Updates only, not every hotfix
> ever released. Note that a "Critical" patch is not
> necessarily a "Security"
> patch. You may be thinking of the "Maximum severity" levels
> of the MS*-xxx security bulletins which are not the same thing.
>
> Best,
>
> Richard Threlkeld
> Microsoft MVP - SMS
> http://myitforum.techtarget.com/blog/rthrelkeld/
>
>
>
> -----Original Message-----
> From: James Lay [mailto:jlay (at) ameriben (dot) com [email concealed]]
> Sent: Monday, February 14, 2005 10:24 AM
> To: BuqtraqNT (E-mail); BugtraqSecurity (E-mail); Full-Disclosure
> (E-mail)
> Subject: Microsoft Baseline Security Analyzer not seeing KB887742 and
> KB886185
>
> Subject line says it all....just did a fresh install of WinXP
> SP2....was using MBSAFU to make sure it would patch...which
> it did. However Windows Update shows still needing KB887742
> and KB886185. MBSA shows no critical patches need updated.
> Systeminfo shows that both KB887742 and
> KB886185 are NOT installed. I'm using latest MBSA. Anyone
> else see this? Kinda sucks :(
>
> James Lay
> Network Manager/Security Officer
> AmeriBen Solutions/IEC Group
> Deo Gloria!!!
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
2 (SP2), Microsoft Windows XP Tablet PC Edition 2005, or Microsoft
Windows Server 2003 unexpectedly stops. Additionally, the following Stop
error message appears on a blue screen: Stop 0x05
(INVALID_PROCESS_ATTACH_ATTEMPT)".
That's a denial of service. There are security implications there.
KB886185: "After you set up Windows Firewall in Microsoft Windows XP
Service Pack 2 (SP2), you may discover that anyone on the Internet can
access resources on your computer when you use a dial-up connection to
connect to the Internet."
That looks like a major security hole to me.
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: full-disclosure-bounces (at) lists.netsys (dot) com [email concealed]
> [mailto:full-disclosure-bounces (at) lists.netsys (dot) com [email concealed]] On Behalf
> Of Threlkeld, Richard
> Sent: 15 February 2005 00:19
> To: James Lay; BuqtraqNT (E-mail); BugtraqSecurity (E-mail);
> Full-Disclosure (E-mail)
> Subject: [Full-Disclosure] RE: Microsoft Baseline Security
> Analyzer not seeing KB887742 and KB886185
>
> These are not security updates. KB887742 is for a stop error
> (http://support.microsoft.com/kb/887742) and KB886185 is an
> update for network scope on the Windows Firewall
> (http://support.microsoft.com/default.aspx?scid=kb;en-us;886185) .
>
> The MBSA scans for Security Updates only, not every hotfix
> ever released. Note that a "Critical" patch is not
> necessarily a "Security"
> patch. You may be thinking of the "Maximum severity" levels
> of the MS*-xxx security bulletins which are not the same thing.
>
> Best,
>
> Richard Threlkeld
> Microsoft MVP - SMS
> http://myitforum.techtarget.com/blog/rthrelkeld/
>
>
>
> -----Original Message-----
> From: James Lay [mailto:jlay (at) ameriben (dot) com [email concealed]]
> Sent: Monday, February 14, 2005 10:24 AM
> To: BuqtraqNT (E-mail); BugtraqSecurity (E-mail); Full-Disclosure
> (E-mail)
> Subject: Microsoft Baseline Security Analyzer not seeing KB887742 and
> KB886185
>
> Subject line says it all....just did a fresh install of WinXP
> SP2....was using MBSAFU to make sure it would patch...which
> it did. However Windows Update shows still needing KB887742
> and KB886185. MBSA shows no critical patches need updated.
> Systeminfo shows that both KB887742 and
> KB886185 are NOT installed. I'm using latest MBSA. Anyone
> else see this? Kinda sucks :(
>
> James Lay
> Network Manager/Security Officer
> AmeriBen Solutions/IEC Group
> Deo Gloria!!!
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
[ reply ]