Microsoft News Update

Microsoft news of the past few days: Media Player 9 is the subject of a few articles, including one on its integrated digital restrictions and one on changes in its privacy options. Microsoft is releasing certain API's, and is releasing a service pack for Windows XP, under the requirements of its antitrust settlement with the Federal Gov't. On the downside, code to crash any modern Windows machine with NetBIOS enabled is now floating around the net, and there's been more publicity of the vulnerabilities in Microsoft IIS/SSL.

Also

[asv108]

According to this article [theregister.co.uk] anyone using cracked WPA activation or certain serial numbers will not be allowed to use windows update or install SP1. This will apparently not affect the OEM copies that have been floating around for month before the windows XP release date.

MS02-045, patch available?

[edgrale]

Are we talking about MS02-045 [microsoft.com] ? If you really MUST supply a link to the attack tool you should AT LEAST supply a link to the fix as well!

Why not add a link to the patch as well, Slashdot?

[Otis_INF]

http://www.microsoft.com/technet/treeview/default. asp?url=/technet/security/bulletin/MS02-045.asp [microsoft.com]

But I assume it's 'better' to let people suffer instead of helping them out, is it? You dont have to post links to security bulletins, but if you post a link to a DoS tool, why not supply the link to the patch as well, to let the reader decide if he/she wants to be vulnerable or not.

(good system administrators have already disabled TCP/IP over Netbios (disable Tcp/IP over NetBios helper service) of course and stopped the server service as well, on online systems, among other netbios related crap which is not needed on the internet (NetBios package: "whohoo a router, what's that!")

11 components of XP automatically download

[burgburgburg]

According to the Microsoft whitepaper found here [microsoft.com], there are 11 components of XP that automatically download material from the Internet. If you've ever clicked the "always trust Microsoft" box (something unlikely here, I realize, but many have), then things like Media Player will download and install new media codecs without any notice, for example. Another thing that we're all concerned with relate to DRM: a built in feature of XP will silently download and install "revocation lists", which list programs that are not allowed to play DRM-encoded content.

Re:Oh that's very responsible of you, SlashDot

[Your_Mom]

You mean like the fix [microsoft.com] that was out August 22nd?

About that NetBIOS over IP exploit

[Anonymous Coward]

From Russ at BugTraq:

Before too many more messages;

1. SMBDie = RedButton = Wow, incredibly talented programmer. This sure was a tool we needed.

2. If RestrictAnonymous is set, non-authenticated users can't use it, any authenticated user can.

3. If you're in an environment where any old computer connected to your network can use TCP139/TCP445, set up a sniffer (Network Monitor works) and watch for the source of the traffic. Then beat that person over the head with their PC. Do that either before or after you patch your systems with MS02-045. If more testing of the patch is required, beat them a little every day until your testing is complete.

4. If you're in an environment where you have TCP139/TCP445 open to the Internet, you don't need NTBugtraq, you need Dr. Phil. Buy a $50 Linksys router and put it in front of your machine and use it to block all but those few you really want open (which doesn't include those two).

5. Randy Hinders suggests that disabling NetBIOS over TCPIP works, I'm not yet 100% convinced. Either way, it should be easier to apply the patch than disabling NetBIOS over TCPIP.

The MS Security Bulletin honestly did do a great job of explaining all of this, more people should read it more carefully.

Cheers,
Russ - NTBugtraq Editor

Re:Roblimo I Am Calling You Out

[Sludge]

I have to second this. I've been reading slash since 1997 (user ID underscores the fact that I recall the day users were added), and Michael is the reason that I've started paying attention to the fact that slashdot has different editors at all (with the exception of Katz, whom I appreciate from time to time).

Re:I hate Windows Media Player...

[dknj]

What are you talking about? [winamp.com]

Re:Uhhh....

[ThePilgrim]

Actually no,

Hide and remove are diffrent concepts. Just because the IE icon is not on the desktop does not meen that my program can't pullin the IE HTML render object, because the code will still be there on the box

Re:MS02-045, patch available?

[Kraegar]

And MS02-045 is part of the "critical updates" so any machine that is up to date with Microsoft's security patches is already protected against this fix. I tested it out here at the office against several machines, patched and unpatched.

Re:No, that's wrong.

[stubear]

Windows needs it so they ship it with Windows already. IE the application can be removed. IE the underlying HTML rendering engine is intertwined with Windows and third party applications such that its removal would break applcations. The nine states are using the courts to dictate tehcnology Microsoft's competitors don't agree with. There is nothing that preculdes me from using Mozilla on my Windows XP system and completely ignore the existence of IE.

Re:Oh that's very responsible of you, SlashDot

[billatq]

Installed, but not enabled.

Oh, it is indeed installed and enabled. NetBios is the protocol used for windows machines to acquire each others ip addresses and names without using DNS.

Re:My MS Activation Story: True Story.

[dacetone]

Yeah. It happens. MSDN subscribers were the bane of working for MPA (product activation) because they cause the most problems, and expect us to fix them. We don't generate keys. We don't know how to, or get paid enough to troubleshoot. All we do is get read a string of numbers, and read one back. When we get an error, we read from a script. We don't even work for Microsoft.

Re:Oh that's very responsible of you, SlashDot

[bhsx]

I just installed a fresh w2k last night, after not being able to get my ATI All in Wonder Radeon 7500 to work with XF86 (what's with that? btw... tried RH7.3, Mdk8.2, and Lycoris to no avail, although they all recognized the card). The only things installed thus far are the OS and the ATI drivers/apps (for running the USB remote and such). I can assure you that this binary took the box out as quick as I could hit enter.

Re:Crash Windows

[nrd907s]

Come watch my system BSOD all day and you'll understand why programmers hate windows.

START DEVILSADVOCATE
At home I use windows XP pro and to date I've had only had one crash that caused me to have to reboot the machine
At work (I'm also a developer) we use windows 2000 pro, and reboots due to bad code (on my end) have been few and far between.
END DEVILSADVOCATE

Yes, there are bugs out there that haven't been fixed, but on the whole I think the latest releases of windows (2000, XP Pro) are very stable. Granted the older releases (9X, ME) are complete Sheit and I cringe every time I get a 'bug' reported in our software and it turns out to be they're running 9X/ME. In those cases I usually want to personally go and shoot bill gates in the head.

Agreed, you have some very good points, and I do agree microsoft could be more timely with their bug fixes/fix the longstanding existing bugs, but overall I think they're finally doing a good job with their windows products (2000/XP pro). I think most of the slashdot community who haven't tried XP Pro and have given up on windows in the past might change their minds just a little if they only tried it.

NetBIOS, not NetBEUI

[fizbin]

NetBIOS (I admit that the name has meant a few different things as it evolved) is not the same as NetBEUI. NetBEUI is a layer 2 protocol, and is not propogated by most routers. (unless the "router" is really an ethernet bridge in disguise)

NetBIOS is a programming interface implemented as a bunch of packet types which can be sent out either over NetBEUI or over IP. (sitting mostly on top of TCP, though I think some packets are sent out with UDP). IP is extremely routable.

Re:Netbios...

[Jeremy Allison - Sam]

Yeah but the design of Samba is such that if you do this you only irritate yourself. If you do this on a Windows box you irritate everyone else using it as a fileserver.

Jeremy Allison,
Samba Team.

You want BSOD,

[Corporate Gadfly]

I'll give you a simple way to BSOD. Any Win2000 installation before SP3, any WinNT4 and WinXP instatlation before SP1 can be made to crash by printing a particular sequence of characters. Its called the CSRSS Backspace bug.

The CSRSS Backspace Bug is a bug in the Win32 subsystem server process (csrss.exe) in Windows NT. It is particularly notable for several reasons:

• It crashes the entire operating system.
• One does not have to have administrator privileges in order to trigger it.
• One does not even need to execute programs in order to trigger it.

If you don't believe me, then check it out for yourself [zappadoodle.com]. BTW, M$ has fixed this [microsoft.com] in Win2k SP3 and WinXP SP1 but since WinNT4 will have no more Service Packs [www.microsoft.com], this is a permanent bug in WinNT4.

Re:Oh that's very responsible of you, SlashDot

[Anonymous Coward]

No, I think this is a good direction for Slashdot. I expect a link to some binaries for the new Webmin exploit to be posted this afternoon too. Maybe Slashdot can beat out the IRC crowd as the new 5(r1p+ k1dD13 home. In fact, I've been hankering to take out some bind 9 installations, maybe Michael could do a quick scan of bugraq and anticode and come up with a solution?