-=PCTechTalk=- US-CERT Cyber Security Alert SA04-243A -- Security Improvements in Windows XP Service Pack 2
- From: "David F. Wooledge" <wooledge001@xxxxxxxx>
- To: accmail Juno <juno_accmail@xxxxxxxxxxxxx>, "@freelistts PCTechTalk" <pctechtalk@xxxxxxxxxxxxx>
- Date: Mon, 30 Aug 2004 13:34:32 -0700 (PDT)
--- US-CERT Alerts <alerts@xxxxxxxxxxx> wrote:
> Date: Mon, 30 Aug 2004 14:44:06 -0400
> From: US-CERT Alerts <alerts@xxxxxxxxxxx>
> To: alerts@xxxxxxxxxxx
> Subject: US-CERT Cyber Security Alert SA04-243A -- Security
> Improvements in Windows XP Service Pack 2
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> National Cyber Alert System
> Cyber Security Alert SA04-243A
>
>
> Security Improvements in Windows XP Service Pack 2
>
>
> Original release date: August 30, 2004
> Last revised: --
> Source: US-CERT
>
>
> Systems Affected
>
> * Microsoft Windows XP
>
>
> Overview
>
> Microsoft Windows XP Service Pack 2 (SP2) significantly improves
> your computer's defenses against attacks and vulnerabilities.
>
>
> Recommendation
>
> To help protect your Windows XP computer from attacks and
> vulnerabilities, install Service Pack 2 using Windows Update or
> Automatic Updates.
>
> Note: Service Pack 2 makes significant changes to improve the
> security of Windows XP, and these changes may have negative
> effects
> effects on some programs and Windows functionality. Before you
> install Service Pack 2, back up your important data and consult
> your computer manufacturer's web site for information about
> Service
> Pack 2.
>
>
> Description
>
> Windows XP Service Pack 2 is a major operating system update
> that
> contains a number of new security updates and features. Like
> other
> Microsoft Service Packs, Windows XP Service Pack 2 also includes
> previously released security fixes and other operating system
> updates. Following is a summary of the new security updates and
> features in Service Pack 2:
>
> * Windows Firewall
>
> Windows Firewall is enabled in almost all configurations,
> blocking
> network traffic coming into your computer. Blocking this
> traffic
> helps to protect you from worms and other malicious code that
> spread via the Internet.
>
> * Internet Explorer Local Machine Zone Lockdown
>
> New settings for Internet Explorer disable the execution of
> ActiveX controls and Active scripting in the Local Machine
> Zone.
> This protects you from attacks and vulnerabilties such as
> Download.Ject.
>
> * Additional Internet Explorer Security Changes
>
> Internet Explorer now includes a pop-up blocker, additional
> window
> restrictions, and changes in MIME type handling that better
> defend
> against social engineering and "phishing" attacks. A browser
> add-on management interface provides a way to identify and
> disable
> programs that run as part of Internet Explorer. Enhanced
> protection against security zone elevation and object caching
> vulnerabilities helps defend against malicious web scripts.
>
> * Email Handling Technologies
>
> Outlook Express now supports the ability to read and compose
> messages in plain text and to block external HTML content such
> as
> "web bugs." Security checks are now performed in a more
> consistent
> way to help prevent the execution of malicious attachments.
>
> * Security Center
>
> The Security Center "...provides a central location for
> changing
> security settings, learning more about security, and ensuring
> that
> [your] computer is up to date, with the essential security
> settings that are recommended by Microsoft."
>
> * Automatic Updates
>
> The update services and automatic update feature of Windows XP
> have been improved. US-CERT highly recommends that you enable
> Automatic Updates.
>
> * Data Execution Prevention
>
> Memory protection helps prevent attackers from executing code
> on
> your computer.
>
>
> References
>
> * Windows XP Service Pack 2 -
> <http://www.microsoft.com/windowsxp/sp2/>
>
> * What to Know Before You Download and Install Windows XP
> Service
> Pack 2 -
> <http://www.microsoft.com/windowsxp/sp2/sp2_whattoknow.mspx>
>
> * Get the Latest Updates and Information from Your PC
> Manufacturer
> Before Installing Windows XP Service Pack 2 -
> <http://www.microsoft.com/windowsxp/sp2/oemlinks.mspx>
>
> * Backing up your computer files -
> <http://www.microsoft.com/athome/security/update/backup.mspx>
>
> * Programs that are known to experience a loss of functionality
> when
> they run on a Windows XP Service Pack 2-based computer -
> <http://support.microsoft.com/?id=884130>
>
>
> _________________________________________________________________
>
> Authors: Art Manion and Mindi McDowell. Feedback can be directed
> to
> the US-CERT Technical Staff.
>
> _________________________________________________________________
>
> This document is available from:
>
> <http://www.us-cert.gov/cas/alerts/SA04-196A.html>
>
> _________________________________________________________________
>
> Copyright 2004 Carnegie Mellon University.
>
> Terms of use: <http://www.us-cert.gov/legal.html>
>
> _________________________________________________________________
>
>
> Revision History
>
> August 30, 2004: Initial release
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQFBM3O5XlvNRxAkFWARAqTCAKDoodz5PRNBBC7t6B8IPJbZt2SsSQCdFviV
> PWDxGS84QGj6gW0rKfxf1Nk=
> =xJHo
> -----END PGP SIGNATURE-----
>
>
>
=====
David F Wooledge, Chair
Erie County Community Support Program
237 Goodrich Street
Erie PA 16508-1818
814-459-0741
814-217-1920
717-441-4910 (DBSA PA)
717-441-4911 (Laptop Soft Phone)
814-602-0510 (cell)
814-217-1936 (fax)
814-456-6593 (fax MHA of NP)
wooledge001@xxxxxxxx
dwooledge@xxxxxxxx
http://www.mental-health-advocate.us
http://www.geocities.com/wooledge001_/
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
Other related posts:
- » -=PCTechTalk=- US-CERT Cyber Security Alert SA04-243A -- Security Improvements in Windows XP Service Pack 2
