Security UPDATE--Windows XP SP2 Help--August 18, 2004


To make sure that your copy of Security UPDATE isn't mistakenly blocked by antispam software, add [email protected] to your list of allowed senders and contacts.


==== This Issue Sponsored By ====

Qualys – The Leader in On Demand Vulnerability Management

Free Security White Paper from Postini


1. In Focus: Windows XP SP2 Help

2. Security News and Features

- Recent Security Vulnerabilities

- News: Microsoft Issues August Security Fixes

- Feature: Cleaning Up After Classified Email

3. Security Matters Blog

- How to Temporarily Disable Installation of Windows XP SP2

- It Had to Happen Sooner or Later, Part 2

- What Are You Exposing in Your Word, Excel, and PowerPoint Files?

4. Security Toolkit


5. New and Improved

- Updated Patch Management Solution

- Secure Your Compressed Attachments


==== Sponsor: Qualys ====

Find network weaknesses before the next worm finds you. 80% of vulnerability exploits are available within 60 days of the vulnerability release. Take preemptive action by eliminating the weakness first. Run a free security check today to detect and eliminate security risks in your network BEFORE they can be compromised.

- Discover and map your entire network.

- Scan for over 3,500 unique security threats on routers, switches, hubs, firewalls, desktop computers, wireless access points and other network appliances.

- Get detailed vulnerability information on affected hosts, the security risk posed and potential consequences if exploited.

- Get links to validated patches and fixes.

Leading organizations scan their critical assets for vulnerabilities weekly. Click on the link below to run your free security check.


==== 1. In Focus: Windows XP SP2 Help ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

Certainly you know by now that Windows XP Service Pack 2 (SP2) has been released. As anticipated, some systems have had problems after installation of the new service pack. But many people report that their installations have been successful and without incident.

Some of you might want to wait until later to install SP2. If you use Microsoft Software Update Services (SUS) or Automatic Updates, you'll probably need to disable SP2 installation until you're ready for it. Microsoft has released two tools to help: "Toolkit to Temporarily Block Delivery of Windows XP SP2 to a PC Through Automatic Updates and Windows" (at the first URL below) and "Executable to Un-block Delivery of Windows XP SP2 to a PC Through Automatic Updates and Windows Update" (at the second URL below).

If you want to slipstream SP2 into your XP installation packages, Adrian Earnshaw posted a link in the NTBugtraq mailing list (at the first URL below) that points to an article on the Windows-Help.NET Web site that describes step-by-step how to create a slipstream package (at the second URL below).

Some people might have difficulty with Microsoft Systems Management Server (SMS) after installing SP2. Rod Trent posted a link in the mailing list (at the first URL below) that points to an FAQ on the Web site. The FAQ (at the second URL below) tells how to correct certain problems with SP2 and SMS that might relate to Distributed COM (DCOM) and access through port 135.

If you're looking for information and tools from Microsoft related to SP2, try the search engine at the Microsoft Download Center. If you select Windows XP as the Product/Technology and enter the keywords "Service Pack 2," you'll find lots of articles, tools, and reference material to help you.

The Microsoft Developer Network (MSDN) also has a Web page--the Microsoft Security Developer Center--that lists lots of security resources for developers, including a course, "Windows XP Service Pack 2 Training for Developers," which provides "awareness of the implications in the deployment of Service Pack 2 on computers running on the Windows XP Professional and Windows XP Home Editions and how the application developer will be affected by them."

At Microsoft's support site, you'll find a Web page that contains lots of links to a few known issues, as well as troubleshooting, step-by-step help, and more. You'll also find a link to an upcoming Webcast, "Understanding Microsoft Windows XP Service Pack 2," which is scheduled for August 19, 10:00 A.M. Pacific Time.

One more resource you might find helpful is the "Windows XP Service Pack 2 Experiences" Web forum hosted by the SANS Institute's Internet Storm Center. The forum has classified posts according to the poster's experience with SP2--that is, whether he or she had "no problems," "small problems," "big problems, but solvable," "big problems, could not use/install," "had to rebuild system," or "no opinion." If you're having trouble with SP2, you might read the forum's posts or use its search engine to see whether anyone had similar trouble and found a solution.


==== Sponsor: Free Security White Paper from Postini ====

The Shifting Tactics of Spammers: What You Need to Know about New Email Threats

As the incidence of spam and malicious emails carrying viruses and worms continues to increase, conventional content filtering anti-spam solutions fail to keep pace. This paper will describe the latest email threats, how spam filters typically operate and how spammers are attempting to defeat conventional software and appliance content filtering technologies. You'll see how spammers are moving beyond hash busting and Bayesian poisoning and learn how spammers are stealing addresses from your email directory with "directory harvest attacks"—compromising and even bringing down your email servers. Download this free white paper now!


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

News: Microsoft Issues August Security Fixes

Microsoft issued just one new fix in its August collection of security bulletins. The fix is a security bulletin that has a moderate severity rating and affects Microsoft Exchange Server 5.5. One fix is a far cry from July's monthly updates, which included eight bulletins. Two weeks ago, however, Microsoft released a set of Microsoft Internet Explorer (IE) fixes out of sync with its monthly security updates; the fixes patched IE flaws that were discovered in June.

Feature: Cleaning Up After Classified Email

Los Alamos National Laboratory (LANL), the birthplace of the atomic bomb and one of the most secretive places in the United States, has had several security breaches, including the sending of classified messages over the lab's unclassified email system. LANL's problems got Paul Robichaux thinking about the technical challenges of "cleaning" an ordinary email system through which someone has sent confidential or sensitive information. It's no easy task. Read what he has to say in this article on our Web site.


==== Announcements ====

(from Windows & .NET Magazine and its partners)

Take our Salary Survey, and Enter to Win $500!

We need your help! Windows & .NET Magazine is launching its first Windows IT Pro Industry Salary Survey, and we want to know all about you and what makes you happy as an IT professional. When you complete the survey (about 15 minutes of your time), you'll be entered in a drawing for one of two $500 American Express gift certificates. Look for the survey results--and how you stack up against your peers--in our December 2004 issue. To take the survey, go to

Microsoft Exchange Connections October 24-27 in Orlando, FL

Microsoft and Windows & .NET Magazine team up to produce the essential conference for network administrators and IT managers on Exchange Server and Outlook technology. Register early, and attend sessions at concurrently run Windows Connections for free. See the complete conference brochure online or call 800-505-1201 for more information.

Harness the Power of Active Directory Provisioning

Join NetIQ for Part 1 of this two-part, live, interactive Web seminar series. Discover the benefits of user provisioning in Active Directory to establish a complete user account life-cycle management solution without the expense of a full-blown identity management solution. Register today!

Get 2 Sample Issues of Windows & .NET Magazine (soon to be Windows IT Pro)!

In September, Windows & .NET Magazine will become Windows IT Pro! Act now to get our special charter issue that shows you how to plug DNS holes and select the best scripting editor, plus learn more about the business side of IT. And discover the top 10 PC trends we think you need to keep an eye on. Get two risk-free new and improved issues and a subscription at 40% off the cover price at


==== 3. Security Matters Blog ====

by Mark Joseph Edwards,

Check out these recent entries in the Security Matters blog:

How to Temporarily Disable Installation of Windows XP SP2

Microsoft offers a few ways to postpone Windows XP Service Pack 2 (SP2) installation for those who use Windows Update and Automatic Updates.

It Had to Happen Sooner or Later, Part 2

Somebody has released a malicious Windows CE worm that inserts a back door into the OS.

What Are You Exposing in Your Word, Excel, and PowerPoint Files?

Microsoft recently released an update to its Remove Hidden Data tool (rhdtool.exe) that cleans hidden and collaboration data out of Office 2003 and Office XP files.

==== 4. Security Toolkit ====

FAQ: I have an internal firewall between sections of my network. What ports must I open to allow user and computer account authentication?

by John Savill,

A. Basic authentication on a network consists of several steps. First, the client locates a domain controller (DC), which requires DNS connectivity--UDP and TCP ports 53. Next, the client performs a connectivity test by using a Lightweight Directory Access Protocol (LDAP) Ping--UDP port 389. Then, the client uses Kerberos (UDP and TCP ports 88) and Server Message Block (SMB--UDP and TCP ports 445) to complete the authentication to the DC. Therefore, you must enable all these ports.


==== Events Central ====

(A complete Web and live events directory brought to you by Windows & .NET Magazine: )

We're Bringing the Experts Directly to You with 2 New IT Pro Workshop Series On Security and Exchange

Don't miss two intense workshops designed to give you simple and free tools to better secure your networks and Exchange servers. Discover how to prevent hackers from attacking your network and how to perform a security checkup on your Exchange deployment. Get a free 12-month subscription to Windows & .NET Magazine and enter to win an Xbox! Register now!


==== 5. New and Improved ====

by Renee Munshi, [email protected]

Updated Patch Management Solution

St. Bernard Software announced version 6.2 of its patch management solution UpdateEXPERT. The new version has expanded support for portable workstations and laptops, letting you patch these devices when they make a network connection and accommodate their slower speed connections from remote locations. UpdateEXPERT 6.2 also lets you assign a network share as a patch repository so that you can optimize storage and better control patch distribution. Prices start at $840 for a 1-year subscription to support 1 to 50 workstations. For more information, visit

Secure Your Compressed Attachments

PKWARE announced SecureZIP for Windows, the first offering in PKWARE's cross-platform SecureZIP product family, which covers all major computing platforms. SecureZIP combines encryption and digital signature capabilities with ZIP file compression. Users can secure and compress email attachments from within Microsoft Outlook or IBM Lotus Notes or directly from the desktop with one mouse click. SecureZIP encryption algorithms support Triple DES (3DES) and Advanced Encryption Standard (AES), and SecureZip users can use either passwords or digital certificates for encryption. PKWARE provides the free ZIP Reader tool for viewing any zipped, encrypted, or digitally signed files. For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]


==== Sponsored Links ====


Comparison Paper: The Argent Guardian Easily Beats Out MOM;6480843;8214395;q?


Free Download--New - Launch NetOp Remote Control from a USB Drive;9571671;8214395;t?


Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


==== Contact Our Sponsors ====

Primary Sponsor:

Qualys -- -- 1-800-745-4355

Secondary Sponsor:

Postini -- -- 1-888-584-3150


This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

View the Windows & .NET Magazine privacy policy at

Windows & .NET Magazine, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.