|
Posted by Mike Sampieri on August 15, 2005, 9:33 am
Please log in for more thread options
Hello. I've searched quite a few resources, but I still can't find this
information, simply:
-Does the new MS05-039 Plug-n-Play Vulnerability affect Windows NT4
Server?
My NT server does indeed have a service running called "Plug and Play".
But nowhere can I find that NT has this vulnerability.
Anyone know?
And if so, can I avoid an exploit by just disabling the PNP service?
Thank you!
-Mike
--
---
*If you want to email me directly, simply remove all instances of the
letter "x" from my email address.
|
|
Posted by David H. Lipman on August 15, 2005, 12:59 pm
Please log in for more thread options
| Hello. I've searched quite a few resources, but I still can't find this
| information, simply:
|
| -Does the new MS05-039 Plug-n-Play Vulnerability affect Windows NT4
| Server?
|
| My NT server does indeed have a service running called "Plug and Play".
| But nowhere can I find that NT has this vulnerability.
|
| Anyone know?
|
| And if so, can I avoid an exploit by just disabling the PNP service?
|
| Thank you!
|
| -Mike
|
| --
| ---
| *If you want to email me directly, simply remove all instances of the
| letter "x" from my email address.
It may be but it is a dead OS and there may only be patches to those who have
paid for an
extended support contract. You really should upgrade to at least Win2K server
or better
yet, Win2003 Server.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by Roger Abell on August 15, 2005, 3:34 pm
Please log in for more thread options Good question, but observe that NT 4 did not do plug and play
and does not have the PlugPlay service.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
> Hello. I've searched quite a few resources, but I still can't find this
> information, simply:
>
> -Does the new MS05-039 Plug-n-Play Vulnerability affect Windows NT4
> Server?
>
> My NT server does indeed have a service running called "Plug and Play".
> But nowhere can I find that NT has this vulnerability.
>
> Anyone know?
>
> And if so, can I avoid an exploit by just disabling the PNP service?
>
> Thank you!
>
> -Mike
>
>
>
> --
> ---
> *If you want to email me directly, simply remove all instances of the
> letter "x" from my email address.
|
|
Posted by Mike Sampieri on August 16, 2005, 7:17 am
Please log in for more thread options Yes it does indeed. I'm running NT4 Server, SP6a, and it has a service
called "Plug & Play". I'm wondering if 1) NT4 is affected by MS05-039,
and 2) If I disable NT's PNP service, would that close this
vulnerability?
And yes, I plan to upgrade to Server2003 very soon.
Thank you...
-Mike
@TK2MSFTNGP10.phx.gbl:
> Good question, but observe that NT 4 did not do plug and play
> and does not have the PlugPlay service.
>
--
---
*If you want to email me directly, simply remove all instances of the
letter "x" from my email address.
|
|
Posted by Bigbruva on August 16, 2005, 6:52 pm
Please log in for more thread options So far it only seems to be these systems that are affected:
a.. Windows 2000 Service Pack 4
a.. Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
a.. Windows XP Professional x64 Edition
a.. Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
a.. Windows Server 2003 for Itanium-based Systems and Microsoft Windows
Server 2003 with SP1 for Itanium-based Systems
a.. Windows Server 2003 x64 Edition
From the MS Security Advisory:
"Windows 2000 systems are primarily at risk from this vulnerability. Windows
2000 customers who have installed the MS05-039 security update are not
affected by this vulnerability. If an administrator has disabled anonymous
connections by changing the default setting of the RestrictAnonymous
registry key to a value of 2, Windows 2000 systems would not be vulnerable
remotely from anonymous users. However, because of a large application
compatibility risk, we do not recommend customers enable this setting in
production environments without first extensively testing the setting in
their environment. For more information, search for RestrictAnonymous at the
Microsoft Help and Support Web site.
While not the current target of this exploit code, it's important to note
that on Windows XP Service Pack 2 and Windows Server 2003 an attacker must
have valid logon credentials and be able to log on locally to exploit this
vulnerability. The vulnerability could not be exploited remotely by
anonymous users or by users who have standard user accounts on Windows XP
Service Pack 2 or Windows Server 2003. This is because of enhanced security
built directly into the affected component. Even if an administrator has
enabled anonymous connections by changing the default setting of the
RestrictAnonymous registry key, Windows XP Service Pack 2 and Windows Server
2003 are not vulnerable remotely by anonymous users or by users who have
standard user accounts. However, the affected component is available
remotely to users who have administrative permissions.
While not the current target of this exploit code, it's important to note
that on Windows XP Service Pack 1 an attacker must have valid logon
credentials to try to exploit this vulnerability. The vulnerability could
not be exploited remotely by anonymous users. However, the affected
component is available remotely to users who have standard user accounts on
Windows XP Service Pack 1. The existing exploit code is not designed to
provide the authentication required to exploit this issue on these operating
systems. Even if an administrator has enabled anonymous connections by
changing the default setting of the RestrictAnonymous registry key, Windows
XP Service Pack 1 systems are not vulnerable remotely by anonymous users.
This issue does not affect Windows 98, Windows 98 SE, or Windows Millennium
Edition."
NOTICE how it does not mention NT!
As NT can be made to work with Plug and Play I would contact Microsoft ASAP
for clarification on this!
If you are in the US or Canada you could call the toll-free number : (866)
PCSAFETY (727-2338).
Let us know how you get on.
BB
> Yes it does indeed. I'm running NT4 Server, SP6a, and it has a service
> called "Plug & Play". I'm wondering if 1) NT4 is affected by MS05-039,
> and 2) If I disable NT's PNP service, would that close this
> vulnerability?
>
> And yes, I plan to upgrade to Server2003 very soon.
>
> Thank you...
> -Mike
>
>
> @TK2MSFTNGP10.phx.gbl:
>
>> Good question, but observe that NT 4 did not do plug and play
>> and does not have the PlugPlay service.
>>
>
>
>
>
> --
> ---
> *If you want to email me directly, simply remove all instances of the
> letter "x" from my email address.
|
| Similar Threads | Posted | | IIS vulnerability (MS06-034) | July 12, 2006, 1:46 pm |
| ISAPI Filter Vulnerability | November 7, 2006, 11:15 pm |
| Windows Media Player vulnerability in Win2K3 Server with SP2 | October 25, 2007, 2:06 pm |
| MS08-002 Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485) | February 1, 2008, 1:22 pm |
| Remote Desktop Protocol Server Private Key Disclosure Vulnerability | March 30, 2008, 9:34 am |
|
XML Sitemap