Re: 3 new crucal updates today for Server 2003

  • From: Danny <nocmonkey@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 11 Jan 2005 20:00:22 -0500

On Tue, 11 Jan 2005 18:19:38 -0500, Andrew English
<andrew@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> There are three new critical updates today posted on Windows Updates for
> Windows 2003 Server. 

Might I add that if you don't want to install these on your production
servers yet, you can mitigate your risk to these vulnerabilities - and
many others (know and unknown) - by following these simple best

1) Do no use Internet Exploiter on your servers unless you are viewing
a trusted website, such as

2) Do not install or use email client software on any of your servers.
Do not view emails on your server.

3) Do not allow untrusted (external networks/Internet) unrestricted
access to any unessential UDP or TCP ports on your server. For more
info read the workaround section of the recently released
vulnerabilities, or just see this:

Microsoft has tested the following workarounds. While these
workarounds will not correct the underlying vulnerability, they help
block known attack vectors. When a workaround reduces functionality,
it is identified below.

Block the following at the firewall:

UDP ports 137 and 138 and TCP ports 139 and 445

These ports could be used to initiate a connection with the Indexing
Service to perform file system based queries. Blocking them at the
firewall will help prevent systems that are behind that firewall from
attempts to exploit this vulnerability through these ports. We
recommend that you block all unsolicited inbound communication from
the Internet to help prevent attacks that may use other ports.

Use a personal firewall such as the Internet Connection Firewall,
which is included with Windows XP and Windows Server 2003.

If you use the Internet Connection Firewall feature in Windows XP or
in Windows Server 2003 to help protect your Internet connection, it
blocks unsolicited inbound traffic by default. We recommend that you
block all unsolicited inbound communication from the Internet.

To enable the Internet Connection Firewall feature by using the
Network Setup Wizard, follow these steps:


Click Start, and then click Control Panel.


In the default Category View, click Network and Internet Connections,
and then click Setup or change your home or small office network. The
Internet Connection Firewall feature is enabled when you select a
configuration in the Network Setup Wizard that indicates that your
system is connected directly to the Internet.

To configure Internet Connection Firewall manually for a connection,
follow these steps:


Click Start, and then click Control Panel.


In the default Category View, click Networking and Internet
Connections, and then click Network Connections.


Right-click the connection on which you want to enable Internet
Connection Firewall, and then click Properties.


Click the Advanced tab.


Click to select the Protect my computer or network by limiting or
preventing access to this computer from the Internet check box, and
then click OK.

Note If you want to enable the use of some programs and services
through the firewall, click Settings on the Advanced tab, and then
select the programs, protocols, and services that are required.

Enable advanced TCP/IP filtering on systems that support this feature.

You can enable advanced TCP/IP filtering to block all unsolicited
inbound traffic. For more information about how to configure TCP/IP
filtering, see Microsoft Knowledge Base Article 309798.

Block the affected ports by using IPSec on the affected systems.

Use Internet Protocol security (IPSec) to help protect network
communications. Detailed information about IPSec and how to apply
filters is available in Microsoft Knowledge Base Article 313190 and
Microsoft Knowledge Base Article 813878.

Remove the Indexing Service if you do not need it:

If the Indexing Service is no longer needed, you could remove it by
following this procedure.

To configure components and services:


In Control Panel, open Add or Remove Programs.


Click Add/Remove Windows Components.


Click to clear the Indexing Service check box to remove the Indexing Service.


Complete the Windows Components Wizard by following the instructions
on the screen.

You could modify any web pages that use the Index Service to block
queries longer than 60 characters. Microsoft Knowledge Base Article
890621 provides more information on how to perform these steps.

Other related posts: