By Susan Bradley
The latest SMB patch means a little bit of not-so-friendly file sharing.
Since my last Patch Watch column, the good news is that we haven’t seen any exploits or vulnerabilities targeting the Server Message Block (SMB) patch MS05-011. The bad news is there have been a few issues that have popped up, one with a resolution, one still under investigation at this time.
First up is an issue with SNAP servers that prevents connectivity when MS05-011 is installed. A possible fix was reported in the PatchManagement.org discussion list. The workaround involves going to the SNAP admin pages, Network settings, Microsoft Networking, selecting "Advanced," and then deselecting Enable NT SMBs. You may, however, prefer to simply uninstall the patch, call Microsoft Product Support and report the issue in hopes of an official fix.
The second unresolved issue is with this same patch on Windows XP SP2 machines and peer-to-peer networks and Office 2000. Users are reporting that they cannot use Save As after opening a document.
What to do: At the present time, I strongly recommend that anyone seeing this issue remove the patch. To do so, go into Add/Remove Programs and uninstall the patch labeled 885250.
Last but not least, a few reported issues with NT4 servers and the MS 05-010 patch appear to have recently arisen.
What to do:go into Add/Remove Programs and remove the patch labeled 885834.
If you have an issue that causes you to remove a security patch, I feel strongly that you should call Microsoft and report the problem. It’s the action of reporting the issue that fixes the patch.
Due to the fact that all of these problems were caused by security patches, it will be a free call to Microsoft. In the U.S., call Microsoft at 866-727-2338. In other countries, check Microsoft’s support page to look up the correct local number.
Upgrade MSN 6.x or else!
For those of you running MSN 6.x versions, you may have noticed that you were forced last week to upgrade whether your liked it or not. Anyone running the beta of MSN 7.0 however, was already protected from the PNG vulnerability that was described in MS 05-009.
Interestingly enough, my home computer was offered up the update because I was running the 4.7x version of Windows Messenger, but on the workstations at my office, Windows Messenger 5.0 users were not forced to upgrade. This WM product is the "standalone" version that plugs into Live Communication Server.
In my firm, this meant I had to use my server’s group policy ability to push out the new 5.1 version to all my workstations. You may wish to review your version of Windows Messenger to ensure you’re protected.
For many companies, this has been a wake-up call as far as who is using Instant Messenger in their offices. Just as important as technology is the "human" element of IT. The SANS.org web site has an excellent resource for Internet use policies on this subject. If you’re in charge of IT at your firm, you should review and put a policy in place regarding whether or not IM is permitted inside your firm. To totally remove Windows Messenger, you can use a script file provided by Doug Knox.
Windows Media doesn’t need a patch… oh wait, it does….
I launched Windows Media player last week and thought it a bit odd for it to prompt me to be update it.
Well, it turns out that an issue with the DRM portion of the player that could be used to download spyware was initially defined as "not a problem" by Microsoft. But the flaw actually does need a patch, which Microsoft provided on Feb. 15 in Knowledge Base article 891122.
Firefox IDN bug and IE revisited
Bill Gates last week announced a beta for a new IE 7 browser that may ship later this year. But that still means we have a lot of unpatched items on Secunia’s Internet Explorer Security shopping list. Unfortunately, IE isn’t the only browser that can have security holes.
The Firefox and Mozilla browsers are affected by spoofing and phishing attacks involving internationalized domain names (IDN), as I described in this space last issue. A hacker using IDN can make a hacking site appear to be any other Web address, such as paypal.com, in these browsers’ Address Bar.
What to do: The workaround I gave then for these “homograph” attacks — i.e., change network.enableIDN to false in Firefox’s about:config settings — has been adopted by Firefox as a temporary measure. A forthcoming 1.0.1 release of Firefox will set this option to false by default. A better solution that doesn’t totally eliminate support for IDN is expected to be included in Firefox 1.1.