Negative
February 14th, 2002, 04:45 PM
This list is by no means intended to be complete...
+++Windows XP+++
Universal Plug and Play.
1. What is it?
UPnP is Microsoft software that uses Internet protocols to allow devices such as computers, scanners and printers to automatically discover one another so they can communicate.
2. Technical Details.
http://news.com.com/2100-1001-277389.html?legacy=cnet
The software giant announced last week it had found two vulnerabilities in its new operating system that could leave computers running it open to hackers and at risk of being temporarily shut down from a denial-of-service attack or used in such an attack on other computers.
Under a denial-of-service attack, a server is flooded with so much Internet traffic that it is made inaccessible to legitimate traffic.
In addition to installing the security patch available from Microsoft's Web site, computer users running Windows XP should disable the "Universal Plug and Play" feature, if they are not using it, the NIPC said in its statement.
Microsoft's Universal Plug and Play software allows devices added to a network to be automatically recognized and accessed. It is installed by default on XP systems, can be switched on in Windows ME systems and installed separately on the Windows 98 operating systems.
3. Patch.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.asp
http://grc.com/unpnp/unpnp.htm
WinXP-hotkeys execute programs
1. What?
Microsoft Windows XP allows a local attacker to execute programs using hotkeys even when the system is locked. Only programs with a hotkey combination configured can be executed.
2. Technical details.
http://www.securityfocus.com/archive/1/246014
No remedy available yet. As a workaround, disable hotkeys.
File and Print-sharing
1. What?
When file and printer sharing is installed it allows users to make services available to other users on a network.
2. Technical details + patch.
http://www.winguides.com/registry/display.php/132/
Simple File Sharing
1. What?
By disabling Simple File Sharing, you can specify an Access Control List (ACL) for each shared disk or folder. The ACL specifies which users are allowed to have access.
2. Technical details + patch.
http://www.practicallynetworked.com/sharing/xp_filesharing/whole.htm
+++Internet Explorer+++
Microsoft Security Bulletin MS01-058
13 December 2001 Cumulative Patch for IE
1. What?
Cumulative patch for IE 5.5 and 6 + patches 3 newly discovered vulnerabilities.
2. Technical details + patch.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-058.asp
Microsoft Security Bulletin MS02-005
11 February 2002 Cumulative Patch for Internet Explorer
1. What?
Cumulative patch for IE 5.5 and 6 + patches six newly discovered vulnerabilities.
2. Technical details + patch.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-005.asp
+++Windows Media Player+++
1. What?
If you give Windows Media Player access to the net, you're giving up your anonymity. You don't like that? Disable it!
2. Technical Details
Extra --> Options --> Player (first tab) --> Unselect 'Permit Internet-sites to assign an ID to your player'.
+++Uninstalling Messenger+++
In C:\Windows\Inf, there's a file called 'sysoc.inf'.
Open it with notepad (or another text-editor). It should look a little something like this:
[Version]
Signature = "$Windows NT$"
DriverVer=07/01/2001,5.1.2600.0
[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
...
The 'hide' option prevents you from removing the application (meaning it won't show in your Configuration --> Software screen). Use your text-editors search&replace-function to replace every hide with a ,
Safe the file, go back to your Configuration --> Software-screen, and remove whatever application you want.
FBI on WinXP Security Flaws: seen from The Lite Side: http://www.lowendmac.com/lite/01/1226pf.html
http://www.bigfix.com/website/consumer/overview.html
The longer you own your PC, the more likely it is to fail. The makers of computer gear know that printers, cameras, PDAs, LANs, software programs and Internet plug-ins can all cause conflicts, glitches and complete system hang-ups. The BigFix Consumer Client can proactively reduce the number of problems that affect your computer. The BigFix Consumer Client automatically downloads and reads technical support information and alerts you if it applies to your PC and offers an automated fix.
+++Windows XP+++
Universal Plug and Play.
1. What is it?
UPnP is Microsoft software that uses Internet protocols to allow devices such as computers, scanners and printers to automatically discover one another so they can communicate.
2. Technical Details.
http://news.com.com/2100-1001-277389.html?legacy=cnet
The software giant announced last week it had found two vulnerabilities in its new operating system that could leave computers running it open to hackers and at risk of being temporarily shut down from a denial-of-service attack or used in such an attack on other computers.
Under a denial-of-service attack, a server is flooded with so much Internet traffic that it is made inaccessible to legitimate traffic.
In addition to installing the security patch available from Microsoft's Web site, computer users running Windows XP should disable the "Universal Plug and Play" feature, if they are not using it, the NIPC said in its statement.
Microsoft's Universal Plug and Play software allows devices added to a network to be automatically recognized and accessed. It is installed by default on XP systems, can be switched on in Windows ME systems and installed separately on the Windows 98 operating systems.
3. Patch.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-059.asp
http://grc.com/unpnp/unpnp.htm
WinXP-hotkeys execute programs
1. What?
Microsoft Windows XP allows a local attacker to execute programs using hotkeys even when the system is locked. Only programs with a hotkey combination configured can be executed.
2. Technical details.
http://www.securityfocus.com/archive/1/246014
No remedy available yet. As a workaround, disable hotkeys.
File and Print-sharing
1. What?
When file and printer sharing is installed it allows users to make services available to other users on a network.
2. Technical details + patch.
http://www.winguides.com/registry/display.php/132/
Simple File Sharing
1. What?
By disabling Simple File Sharing, you can specify an Access Control List (ACL) for each shared disk or folder. The ACL specifies which users are allowed to have access.
2. Technical details + patch.
http://www.practicallynetworked.com/sharing/xp_filesharing/whole.htm
+++Internet Explorer+++
Microsoft Security Bulletin MS01-058
13 December 2001 Cumulative Patch for IE
1. What?
Cumulative patch for IE 5.5 and 6 + patches 3 newly discovered vulnerabilities.
2. Technical details + patch.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-058.asp
Microsoft Security Bulletin MS02-005
11 February 2002 Cumulative Patch for Internet Explorer
1. What?
Cumulative patch for IE 5.5 and 6 + patches six newly discovered vulnerabilities.
2. Technical details + patch.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-005.asp
+++Windows Media Player+++
1. What?
If you give Windows Media Player access to the net, you're giving up your anonymity. You don't like that? Disable it!
2. Technical Details
Extra --> Options --> Player (first tab) --> Unselect 'Permit Internet-sites to assign an ID to your player'.
+++Uninstalling Messenger+++
In C:\Windows\Inf, there's a file called 'sysoc.inf'.
Open it with notepad (or another text-editor). It should look a little something like this:
[Version]
Signature = "$Windows NT$"
DriverVer=07/01/2001,5.1.2600.0
[Components]
NtComponents=ntoc.dll,NtOcSetupProc,,4
WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7
Display=desk.cpl,DisplayOcSetupProc,,7
...
The 'hide' option prevents you from removing the application (meaning it won't show in your Configuration --> Software screen). Use your text-editors search&replace-function to replace every hide with a ,
Safe the file, go back to your Configuration --> Software-screen, and remove whatever application you want.
FBI on WinXP Security Flaws: seen from The Lite Side: http://www.lowendmac.com/lite/01/1226pf.html
http://www.bigfix.com/website/consumer/overview.html
The longer you own your PC, the more likely it is to fail. The makers of computer gear know that printers, cameras, PDAs, LANs, software programs and Internet plug-ins can all cause conflicts, glitches and complete system hang-ups. The BigFix Consumer Client can proactively reduce the number of problems that affect your computer. The BigFix Consumer Client automatically downloads and reads technical support information and alerts you if it applies to your PC and offers an automated fix.