Security UPDATE: Microsoft Releases XP Update Rollup 1


==== This Issue Sponsored By ====

Exchange & Outlook Administrator


1. In Focus: Keep Windows XP and SQL Server Secure

2. Announcements

- RSA Conference 2003, RAI Congress Centre, Amsterdam, November 3-5, 2003

- COMDEX Las Vegas 2003

3. Security News and Features

- Recent Security Vulnerabilities

- News: Microsoft Releases XP Update Rollup 1, First Monthly Security Fixes

- Review: 11 Port Enumerators

- Feature: The Art of Interpreting Netstat

4. Security Toolkit

- Virus Center

- Virus Alert: Esepor.A

- FAQ: How Can I Stop Web Sites from Accessing My Local Clipboard?

- Featured Thread: Possible Attempt to Compromise Security

5. Event

- The Secret Costs of Spam

6. New and Improved

- Enforce Your Password Policy

- Tell Us About a Hot Product and Get a T-Shirt

7. Contact Us

See this section for a list of ways to contact us.


==== Sponsor: Exchange & Outlook Administrator ====

Get a Sample Issue of Exchange & Outlook Administrator

Exchange & Outlook Administrator, the monthly print newsletter from Windows & .NET Magazine, gives you the in-depth articles you need to secure, maintain, and troubleshoot your messaging environment. Try an issue of Exchange & Outlook Administrator, and discover for yourself what our expert authors know that you don't. Click here!


==== 1. In Focus: Keep Windows XP and SQL Server Secure ====

by Mark Joseph Edwards, News Editor, [email protected]

Three weeks ago, I mentioned in a news story (see the URL below) that Microsoft had released a copy of its Security Rollup Package 1 (SRP1) for Windows XP to beta testers. Late last week, the company released the package to the public, but under a different name. Update Rollup 1 for Microsoft Windows XP is now available from the company's Windows Update Web site and through Microsoft Software Update Services (SUS).

Update Rollup 1 contains 22 hotfixes in one installable package. The Microsoft article "Update Rollup 1 for Windows XP Is Available" (URL below) describes the hotfixes the package contains and provides a link for direct package download. The standard version of the update is about 9MB in size and can be installed on XP systems that don't have Service Pack 1 (SP1); the smaller express version of the update requires SP1.

Update Rollup 1 contains all the previously released security patches for XP, with a few important exceptions. Microsoft released seven new Security Bulletins last week regarding problems that affect Windows and Microsoft Exchange Server platforms. Five of the bulletins pertain to XP, and their accompanying patches didn't make it into the Update Rollup 1 package. So in addition to loading Update Rollup 1, you should consider loading the patches associated with Microsoft Security Bulletins MS03-041 (Vulnerability in Authenticode Verification Could Allow Remote Code Execution), MS03-042 (Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution), MS03-043 (Buffer Overrun in Messenger Service Could Allow Code Execution), MS03-044 (Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise), and MS03-045 (Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution) to completely update your XP systems. You can find details about those problems on our Web site at the URL below. Be sure to read the news item that I point to in Section 3 below for a few more details about Update Rollup 1 as well as an interesting tidbit about the upcoming XP SP2.

If you manage Microsoft SQL Server platforms, you're probably glad that hotfixes for that platform aren't required nearly as often as for the underlying Windows OS. Even so, staying on top of the latest SQL security threats and vulnerabilities is important. Yahoo! Groups hosts a moderated SQL Server Security mailing list that was started in March, is open to anyone, and has 344 subscribers. The list traffic is low, so keeping up with it is easy. Instructions for joining are at the URL below.

Last week, I wrote about Microsoft CEO Steve Ballmer's talk at the company's recent partner conference. I mentioned that Microsoft would continue to support Windows 2000 systems with SP2 and Windows NT Workstation 4.0 with SP6a until June 2004. A few readers found that statement confusing and wondered whether Microsoft would no longer support Win2K after next June.

That's certainly not the case, and I offer my apologies for the confusion. To clarify the matter, Win2K with SP2 will in fact become unsupported. However, two other service packs (SP3 and SP4) have followed SP2. To continue receiving support, Win2K users must upgrade their systems to one of the newer service packs.

==== 2. Announcements ====

(from Windows & .NET Magazine and its partners)

RSA Conference 2003, RAI Congress Centre, Amsterdam, November 3-5, 2003

Whether you are deploying, developing, or investigating data security or cryptography products, make sure you attend Europe's leading information security conference and exhibition! To register or for more information, please click here.

COMDEX Las Vegas 2003

At COMDEX, you'll have the opportunity to learn the ins and outs of the most prominent platform of the enterprise, data center, and desktop. Key elements include in-depth sessions on Windows Server 2003, Exchange Server 2003, reducing spam with Exchange Server 2003 and Outlook 2003. Come to Las Vegas this November 16-20 and take charge.;6362173;8504794;q?


==== Sponsor: Virus Update from Panda Software ====

Check for the latest anti-virus information and tools, including weekly virus reports, virus forecasts, and virus prevention tips, at Panda Software's Center for Virus Control.

Viruses routinely infect "fully protected" networks. Is total protection possible? Find answers in the free guide HOW TO KEEP YOUR COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter networks, what they do, and the most effective weapons to combat them. Protect your network effectively and permanently - download today!


==== 3. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

News: Microsoft Releases XP Update Rollup 1, First Monthly Security Fixes

Microsoft unveiled Update Rollup 1 for Windows XP (an integrated set of the critical security fixes and other software updates released since XP Service Pack 1--SP1) and the first set of monthly security fixes for various Windows versions in accordance with the company's recent decision to switch to more predictable product updates. XP Update Rollup 1 is a response, of sorts, to customer complaints that arose in the wake of news that the software giant was delaying XP SP2 from late 2003 to early 2004; customers had asked the software giant for an easier way to install the cavalcade of security patches that have been released since last year's XP SP1.

Review: 11 Port Enumerators

One of the most frequently fielded questions among security analysts is, "Do I have a Trojan horse program if I've found a port open on my computer?" Variations of this question litter security mailing lists, but the answer is always the same: Trace the port number to the program that's opening the port, and investigate the program. The process of tracing an open port to its causative agent is called port enumeration (or port mapping). Of course, the answer assumes that you have an adequate understanding of port numbers, a good port-enumeration tool, and the ability to research whether the found program is malicious. Roger A. Grimes takes a look at port enumeration in general, then reviews 11 Windows port enumerators.

Feature: The Art of Interpreting Netstat

Reading Netstat's five-column output is something of an art. Roger A. Grimes explains Netstat's output and lends some insight into how to interpret the data.

==== 4. Security Toolkit ====

Virus Center

Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.

Virus Alert: Esepor.A

Esepor.A is a Trojan horse program that downloads a file from the Internet. This file adds a plugin to Microsoft Internet Explorer (IE) that displays advertisements of adult content without the user's permission. For more information about this Trojan horse, be sure to read Panda's report:

FAQ: How Can I Stop Web Sites from Accessing My Local Clipboard?

contributed by John Savill,

A. The dynamic HTML component in Microsoft Internet Explorer (IE) 5.0 and later lets Web sites access and write to the clipboard unless you use the High security setting. To avoid having to use the High security setting, perform the following steps:

1. Start IE.

2. From the Tools menu, select Internet Options.

3. Select the Security tab.

4. Select Internet, then click Custom Level.

5. Scroll down to the Scripting section.

6. Under "Allow paste operations via script," set to Disable or Prompt, then click OK.

7. Close all dialog boxes.

You should perform the same steps for the "Restricted sites" zone and any other security zones you think you might need (e.g., the "Local intranet" zone).

Featured Thread: Possible Attempt to Compromise Security

(19 messages in this thread)

A forum user writes that his network runs Windows XP Professional Edition with Service Pack 1 (SP1), Microsoft Office XP with SP1, Windows 2000 Server with SP3, Exchange 2000 Server with SP3, and Internet Security and Acceleration (ISA) Server 2000 with SP1. A user on his network receives the message "The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you" in Microsoft Word when the user attempts to browse a mapped network drive. The user can't access the server and his account is locked out. Lend a hand or read the responses:

==== 5. Event ====

The Secret Costs of Spam

Do you really know spam's hidden costs? In this free Web seminar, you'll learn how to identify and quantify spam's costs by exploring how organizations define and combat spam, and how spam affects your bandwidth, storage, and server processing costs. Don't be left in the dark, register now!

==== 6. New and Improved ====

by Jason Bovberg, [email protected]

Enforce Your Password Policy

Little cat Z released Password Defender 2.2c, a password-policy enforcement tool for Windows networks. Password Defender automates the steps a security consultant might take to enforce a Windows password policy. It combines password cracking (to find existing weak passwords) and password filtering (to prevent users from setting weak passwords in the future). Password Defender comes with a standard dictionary that contains millions of easily guessed passwords, including foreign-language words, jargon, and movie titles, and version 2.2c adds support for high-speed custom dictionaries, so you can define custom filters. The product is policy based, so you can apply different password-strength rules to different Windows 2000 or Windows NT groups. You can also schedule automatic password audits. For information about pricing, contact Little cat Z on the Web.

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]


==== Sponsored Links ====


Free Download - NEW NetOp 7.6 - faster, more secure, remote support;5930423;8214395;j?


Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.;6080289;8214395;q?


==== 7. Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing Windows and related technologies. Subscribe today.

Copyright 2003, Penton Media, Inc.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.