Re: Microsoft Strategic Technology Protection Program

From: Kayne Ian (Softlab) (Ian.Kayne@SOFTLAB.CO.UK)
Date: 10/04/01


Message-ID:  <CDD7435C5120D511870B00805F6FED1D91FA5F@birexm01.uk.softlab.net>
Date:         Thu, 4 Oct 2001 09:24:57 +0100
From: "Kayne Ian (Softlab)" <Ian.Kayne@SOFTLAB.CO.UK>
Subject:      Re: Microsoft Strategic Technology Protection Program
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

In Win2k at least, there is already the facility to slipstream servicepacks
into the installation source:

http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q271791

Ian Kayne
Technical Specialist - IT Solutions
Softlab Ltd - A BMW Company

> -----Original Message-----
> From: Ryan Russell [mailto:ryan@SECURITYFOCUS.COM]
> Sent: Wednesday, October 03, 2001 6:28 PM
> Subject: Re: Microsoft Strategic Technology Protection Program
>
>
> On Wed, 3 Oct 2001, Russ wrote:
>
> > While there are additional things planned, the biggest thing missing
> > at this stage is a re-release of the NT 4.0 Option Kit CD which
> > contains;
> >
> > 1. Patched version of IIS 4.0 (one that's not vulnerable out of the
> > box)
> > 2. Patched versions of MDAC
> > 3. Modifications to the samples to eliminate RDS
> > 4. Modified default installation that doesn't install in a way known
> > to be exploitable
> > 5. Modified Setup program that doesn't re-install removed script
> > mappings and other components after the user has manually removed
> > them (since that's what many people have done to protect themselves)
>
> How about what was discussed at the NTBugtraq 1st annual party, which
> is a way to patch the install images? You know, be able to apply the
> service pack and hotfixes to the i386 install directory, so
> that when you
> do a new install, there is no opportunity to foget to apply
> the service
> pack? So that when i add a new service to my install, I don't have
> to re-apply the service pack or hotfixes. That's one of the
> big problems
> with cleaning up a large enterprise. You can do a massive
> sweep of your
> company making sure you've got all the patches installed, and
> the next day
> someone does an install of NT, or adds dial up networking,
> and now you've
> got a vulnerable box again.
>
> Ryan
>

********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.

If you are not the intended recipient or the person responsible for
delivering to the intended recipient, be advised that you have received
this email in error and that any use of the information contained within
this email or attachments is strictly prohibited.

Internet communications are not secure and Softlab does not accept
any legal responsibility for the content of this message. Any opinions
expressed in the email are those of the individual and not necessarily
those of the Company.

If you have received this email in error, or if you are concerned with
the content of this email please notify the IT helpdesk by telephone
on +44 (0)121 788 5480.

********************************************************************

============================================================================
Delivery co-sponsored by Trend Micro, Inc.
============================================================================
BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000
Earn 5% rebate on licenses purchased for Trend Micro ScanMail for
Microsoft Exchange 2000 between October 1 and November 16. ScanMail
ensures 100% scanning of inbound and outbound traffic and provides
remote software management. For program details or to download your
30-day FREE evaluation copy:
http://www.antivirus.com/banners/tracking.asp?si=53&BI;=245&UL;=http://www.ant
ivirus.com/smex2000_rebate