Re: Microsoft Strategic Technology Protection Program

From: Ryan Russell (ryan@SECURITYFOCUS.COM)
Date: 10/03/01 

Message-ID:  <Pine.GSO.4.30.0110031121510.9643-100000@mail>
Date:         Wed, 3 Oct 2001 11:27:49 -0600
From: Ryan Russell <ryan@SECURITYFOCUS.COM>
Subject:      Re: Microsoft Strategic Technology Protection Program
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

On Wed, 3 Oct 2001, Russ wrote:

> While there are additional things planned, the biggest thing missing
> at this stage is a re-release of the NT 4.0 Option Kit CD which
> contains;
>
> 1. Patched version of IIS 4.0 (one that's not vulnerable out of the
> box)
> 2. Patched versions of MDAC
> 3. Modifications to the samples to eliminate RDS
> 4. Modified default installation that doesn't install in a way known
> to be exploitable
> 5. Modified Setup program that doesn't re-install removed script
> mappings and other components after the user has manually removed
> them (since that's what many people have done to protect themselves)

How about what was discussed at the NTBugtraq 1st annual party, which
is a way to patch the install images? You know, be able to apply the
service pack and hotfixes to the i386 install directory, so that when you
do a new install, there is no opportunity to foget to apply the service
pack? So that when i add a new service to my install, I don't have
to re-apply the service pack or hotfixes. That's one of the big problems
with cleaning up a large enterprise. You can do a massive sweep of your
company making sure you've got all the patches installed, and the next day
someone does an install of NT, or adds dial up networking, and now you've
got a vulnerable box again.

                                        Ryan

============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&BI;=245&UL;=http://www.ant
ivirus.com/smex2000_rebate

Relevant Pages

  • RE: RRAS Wizard failure
    ... With the first part of your reply that I applied Windows Server 2003 SP! ... SBS server 2003 SP1 are you saying that the Microsoft Update service would ... To successfully install SBS 2003 SP1, ... Service Pack 1 for the Windows Server 2003 operating system ...
    (microsoft.public.windows.server.sbs)
  • Office 2004 Service Pack - Read Me
    ... Microsoft Corporation, 2004. ... relevant to Microsoft Office 2004 for Mac Service Pack 1 and is ... Microsoft Word, PowerPoint, Excel, and Entourage for Office 2004, ... Before you install the service pack, ...
    (microsoft.public.mac.office)
  • Re: Windows Server 2003 Service Pack 1 will not install
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... <Subject: Re: Windows Server 2003 Service Pack 1 will not install ...
    (microsoft.public.windows.server.sbs)
  • Re: Service pack 3
    ... install Security Update for Microsoft .NET Framework, ... "Security Update for Microsoft .NetFramework, ... install all the patches and updates for said software. ... Version 1.1 Service Pack 1...' ...
    (microsoft.public.windowsupdate)
  • RE: SBS sp1 upgrade failed
    ... MSDE 2000 Service Pack 4 did not install and fax configuration. ... Please use the following method to check the service pack level. ... Download MSDE SP4 from Microsoft Download, ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)