On Tue, 11 Jan 2005 18:19:38 -0500, Andrew English <andrew@xxxxxxxxxxxxxxxxxxxxxx> wrote: > There are three new critical updates today posted on Windows Updates for > Windows 2003 Server. Might I add that if you don't want to install these on your production servers yet, you can mitigate your risk to these vulnerabilities - and many others (know and unknown) - by following these simple best practices: 1) Do no use Internet Exploiter on your servers unless you are viewing a trusted website, such as windowsupdate.microsoft.com. 2) Do not install or use email client software on any of your servers. Do not view emails on your server. 3) Do not allow untrusted (external networks/Internet) unrestricted access to any unessential UDP or TCP ports on your server. For more info read the workaround section of the recently released vulnerabilities, or just see this: Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified below. â Block the following at the firewall: â UDP ports 137 and 138 and TCP ports 139 and 445 These ports could be used to initiate a connection with the Indexing Service to perform file system based queries. Blocking them at the firewall will help prevent systems that are behind that firewall from attempts to exploit this vulnerability through these ports. We recommend that you block all unsolicited inbound communication from the Internet to help prevent attacks that may use other ports. â Use a personal firewall such as the Internet Connection Firewall, which is included with Windows XP and Windows Server 2003. If you use the Internet Connection Firewall feature in Windows XP or in Windows Server 2003 to help protect your Internet connection, it blocks unsolicited inbound traffic by default. We recommend that you block all unsolicited inbound communication from the Internet. To enable the Internet Connection Firewall feature by using the Network Setup Wizard, follow these steps: 1. Click Start, and then click Control Panel. 2. In the default Category View, click Network and Internet Connections, and then click Setup or change your home or small office network. The Internet Connection Firewall feature is enabled when you select a configuration in the Network Setup Wizard that indicates that your system is connected directly to the Internet. To configure Internet Connection Firewall manually for a connection, follow these steps: 1. Click Start, and then click Control Panel. 2. In the default Category View, click Networking and Internet Connections, and then click Network Connections. 3. Right-click the connection on which you want to enable Internet Connection Firewall, and then click Properties. 4. Click the Advanced tab. 5. Click to select the Protect my computer or network by limiting or preventing access to this computer from the Internet check box, and then click OK. Note If you want to enable the use of some programs and services through the firewall, click Settings on the Advanced tab, and then select the programs, protocols, and services that are required. â Enable advanced TCP/IP filtering on systems that support this feature. You can enable advanced TCP/IP filtering to block all unsolicited inbound traffic. For more information about how to configure TCP/IP filtering, see Microsoft Knowledge Base Article 309798. â Block the affected ports by using IPSec on the affected systems. Use Internet Protocol security (IPSec) to help protect network communications. Detailed information about IPSec and how to apply filters is available in Microsoft Knowledge Base Article 313190 and Microsoft Knowledge Base Article 813878. â Remove the Indexing Service if you do not need it: If the Indexing Service is no longer needed, you could remove it by following this procedure. To configure components and services: 1. In Control Panel, open Add or Remove Programs. 2. Click Add/Remove Windows Components. 3. Click to clear the Indexing Service check box to remove the Indexing Service. 4. Complete the Windows Components Wizard by following the instructions on the screen. â You could modify any web pages that use the Index Service to block queries longer than 60 characters. Microsoft Knowledge Base Article 890621 provides more information on how to perform these steps.