Server 2003 may have "critical" flaw, MS says

Home

Newsletter

WinFind

Reviews

Polls

Contact

This issue

Past issues

Upgrade

Prefs

Unsubscribe

Windows Secrets NEWS UPDATE • Issue 138a • 2008-01-31 • Circulation: over 275,000

Contents
INTRODUCTION: Breaking news rouses us from our slumber
PATCH WATCH: Server 2003 may have "critical" flaw, MS says
YOUR SUBSCRIPTION: How to change your address or unsubscribe

For links to every topic in this issue, scroll down to the Index

ADS

Your PC doesn't have to be that slow
The more you use your computer, the slower it will get. Run the all-new, free PC Pitstop PC Optimize 2.0 scan now and in just minutes receive a custom report showing you how to keep your PC running like new. Run the FREE scan now!
www.pcpitstop.com

Backup your data with ZipBackup
Finally, a backup program that's easy to use. ZipBackup's Wizard makes backups a snap for beginners. Filtering, scheduling, and disk spanning make it a powerful tool for experts. For a limited time, Windows Secrets readers receive 25% off.
www.zipbackup.com

Get your product seen by 275,000 readers
Does your company offer a product or service? Now you can place an ad in the Windows Secrets Newsletter and be seen by more than 275,000 active buyers of PC hardware and software. Bid as much or as little as you like to get the ideal ad placement.
www.WindowsSecrets.com

See your ad here

INTRODUCTION

Breaking news rouses us from our slumber

By Brian Livingston

We're not supposed to be publishing articles this week, because we usually skip publication on any 5th Thursday that comes around (such as today).

We take occasional breaks like this so our writers can catch up on some much-needed sleep — but new information has come out about an important Microsoft upgrade, so contributing editor Susan Bradley has produced a special Patch Watch column to give you the facts you need.

Susan's great analyses of problems with Microsoft patches normally appear twice a month in our paid content. If you're not getting these crucial details on how to keep your computers healthy, now is a great time for you to upgrade. You'll receive 12 months of our paid content and be able to search everything we've ever published.

Use the following link to find out more about getting our paid content:

How to upgrade

I'd tell you more, but I just... can't keep... my eyes open... (zzz)

Computer Shopper now owned by SX2 Media Labs

Due to an editing error, our Jan. 24 story on security suites said that Computer Shopper Magazine is owned by CNET Networks. That used to be true, but the publication was sold to SX2 Media Labs in February 2006, according to a press release by Jegi.com.

Sharp-eyed reader Greg Spira will receive a gift certificate for a book, CD, or DVD of his choice for sending us a tip that we printed. Send us your tips using the Windows Secrets contact page.

Next regular issue: Feb. 7

Our special news updates have no paid version, incorporating the same information for both our free and our paid subscribers.

We routinely publish on the 1st through 4th Thursdays of each month. We skip the week of Thanksgiving and the last two weeks of August and December. Our next regular issue will be published on Feb. 7.

Thanks for your support!

Brian Livingston is editorial director of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books.

Contents

PATCH WATCH

Server 2003 may have 'critical' flaw, MS says

By Susan Bradley

In a change from its earlier statements, Microsoft now reports that some versions of Windows Server 2003 have a security flaw rated "critical" rather than merely "important."

If you didn't install security bulletin MS08-001 after its release on Jan. 8 — because you didn't feel you really needed it when it first came out — you should make time now to test your box and install the patch.

In my opinion, all versions of Windows Server 2003, including Microsoft's Small Business Server 2003, should be considered potentially vulnerable. According to Microsoft, some versions of Windows 2000, XP, Vista, and the new Windows Home Server are also affected, but those machines should already have been notified of the patch by Automatic Updates, which would have installed MS08-001 if authorized to auto-update.

If your company uses Microsoft server software, I'll describe how you can tell whether your machine is at risk from Internet attacks — and how you can close the hole.

The vulnerability occurs if an "IP multicast group," which listens for IGMP (Internet Group Management Protocol) queries, is enabled.

Windows Server 2003 ordinarily enables only multicast group 224.0.0.1, which represents all the machines on your local subnet. IGMP queries to that group are ignored. As a result, such a server would be safe from this particular attack.

Various applications, however, can enable other IGMP queries, meaning that a machine is vulnerable to exploitation. For example, Small Business Server 2003, Microsoft's more-affordable version of Windows Server, includes Exchange Server 2003, which runs WINS (Windows Internet Naming Service). That, in turn, enables the kind of IGMP queries that are open to hackers.

To test whether a server is currently vulnerable, open a command prompt and enter the following command:

netsh int ip show joins

If any multicast group other than 224.0.0.1 is listed in the output of the command, the server is open to attack. (See Figure 1.) This vulnerability is eliminated by installing MS08-001.

Output of the netsh command

Figure 1. In this example, multicast groups other than 224.0.0.1 are running, making the affected server vulnerable to attack (if unpatched).

For more information, read the blog entry by Microsoft SVRD (Security Vulnerability Research & Defense) regarding the differences in multicast groups.

To download the patch, see security bulletin MS08-001. Microsoft modified this bulletin on Jan. 23 to acknowledge that SBS 2003 is vulnerable and then again on Jan. 25 to add Windows Home Server to the documentation. If you haven't applied the patch, do so now.

UPDATE 2008-02-01: In a previous version of this article, typographical errors in two places incorrectly referred to multicast group 224.0.0.1 as 244.0.0.1. Also, due to an editing error, IGMP (Internet Group Management Protocol) was incorrectly spelled ICMP (Internet Control Message Protocol).

The Patch Watch column reveals problems with patches for Windows and major Windows applications. Susan Bradley recently received an MVP (Most Valuable Professional) award from Microsoft for her knowledge in the areas of Small Business Server and network security. She's also a partner in a California CPA firm.

Contents

TELL A FRIEND

How you can share this information

We love it when you send your friends links to our articles. But please don't forward your copy of our e-mail newsletter to people, which subjects us to spam complaints. Instead, simply suggest that your friends visit this issue's permanent Web address, shown below. A complete index at the bottom of the Web page provides you with hyperlinks to any article you'd like to recommend.

The address of this issue is http://WindowsSecrets.com/comp/080131

EDITOR'S BOOKSHELF

Get the tips you need about Windows Vista
The all-new Windows Vista Secrets helps novices and experts alike understand Microsoft's latest operating system. "To really appreciate what is in Vista, you almost need to read through the leading book on the product, Windows Vista Secrets, by Brian Livingston and Paul Thurrott," writes Rob Enderle, principal analyst of the Enderle Group, in TechNewsWorld. "It's 595 pages of things you can do with this product — most of which you probably wouldn't have discovered for some time, let alone right at first." Check the book out now for tips you can use.
More information: United States (B&N) / Canada / Elsewhere

Spam-Proof Your E-Mail Address, 2nd Ed.
This 32-page e-book by Brian Livingston gives you step-by-step instructions that can prevent 97% of the spam that would otherwise clog an e-mail account. You could call it "Livingston's Spam Secrets." The PDF e-book is the result of months of experiments and tests we conducted. We now receive little or no spam to the addresses we used as guinea pigs. These tests show that you can make your e-mail addresses invisible to spammers, not just battle an ever-growing flood. The methods we describe work with Windows, Apple, and Linux and don't require any filters or block lists — but you can use those in addition to the book's techniques, if you wish. More info

Contents

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, plus the week of Thanksgiving and the last two weeks of August and December.

Publisher: WindowsSecrets.com LLC, Attn: #120 Editor, 1700 7th Ave., Suite 116, Seattle, WA 98101-1323 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editorial Director: Brian Livingston. Editor-at-Large: Fred Langa. Associate Editor: Scott Dunn. Contributing Editors: Susan Bradley, Mark Edwards, Woody Leonhard, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Administrative Assistant: Raef Harrison.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners.

HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period. Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,

Visit our Unsubscribe page.

Contents