Microsoft Security Bulletins

Have you received a Microsoft security bulletin lately? If so, then you know Microsoft has changed its email bulletin style. In the past, email bulletins listed a fair amount of detail about a given security problem, but now that's changed, and probably for the better.

When you look at a new Microsoft security bulletin, you see only simple header information that names the vulnerability, the bulletin date, affected software, impact type, Microsoft bulletin ID, who discovered the problem, and a Web link to the full text of the bulletin details. The bulletins now also carry a PGP-based digital signature of authenticity.

I expect Microsoft took this new approach for two basic reasons: to better adhere to the more commonly used vulnerability report headers and to reduce the amount of resources the company uses to send bulletins via email. After all, Microsoft has more than 134,000 subscribers on its security bulletin mailing list. If the company reduces each email message by 2K, it saves 268MB of bandwidth usage! In that light, the change makes good sense.

By the way, have you read Microsoft Security Bulletin MS00-091? Microsoft issued the bulletin on November 30 in response to BindView RAZOR Team's discovery of a new Denial of Service (DoS) attack method, which it named Naptha (see the related report in the Security Risks section of this newsletter). In a nutshell, Naptha is a DoS attack method that lets an intruder attack a remote machine without exhausting the attacking system's resources. Under normal operating conditions, a system must track each network connection it handles, so the more open connections, the more system resources consumed. However, Naptha uses a custom TCP/IP stack that doesn't track its connections, so attackers have far more resources available to overpower a remote system's resources and cause a DoS.

If you've read MS00-091, then you know Microsoft has released a patch for Windows NT that protects the system's TCP port 139, which is used for NetBIOS. However, BindView's report says the problem affects all TCP/IP ports, so I think we'll soon see an updated patch associated with MS00-091 that protects all ports. And because Microsoft's recommended workaround for Windows Millennium Edition (Windows Me) and Windows 9x systems is to disable File and Print Sharing (which disables NetBIOS ports), I expect we'll see a new Naptha-related patch become available for those OSs as well. Be sure to load them! Until next time, have a great week.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.