RE: Windows 2000 Server hardening

• Previous message: Laura A. Robinson: "RE: Windows 2000 Server hardening"
• Maybe in reply to: Scott: "Windows 2000 Server hardening"
• Next in thread: Amer Karim: "RE: Windows 2000 Server hardening"
• Reply: Amer Karim: "RE: Windows 2000 Server hardening"
• Reply: Laura A. Robinson: "RE: Windows 2000 Server hardening"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 13 Oct 2003 14:18:58 -0500
To: focus-ms@securityfocus.com

Has anyone else heard about this - from the VigilantMinds website.

VigilantMinds has successfully validated the claims regarding the latest >>
Microsoft Remote Procedure Call (RPC) vulnerability. Specifically, >>
VigilantMinds has validated that hosts running fully patched versions of >>
the following Microsoft operating systems REMAIN subject to denial of >>
service attacks and possible remote exploitation: >> >> * Microsoft Windows
XP Professional >> * Microsoft Windows XP Home >> * Microsoft Windows 2000
Workstation >> >> Although it has not been verified at this time, other
versions of >> Microsoft Windows are also suspected to be subject to this >>
vulnerability. >> >> As with the prior RPC vulnerability (MS03-039), these
attacks can occur >> on TCP ports 135, 139, 445 and 593; and UDP ports 135,
137, 138 and 445. >>

-----Original Message-----
From: Scott [mailto:scott@cleven-mulcahy.com]
Sent: Monday, October 13, 2003 9:33 AM
To: focus-ms@securityfocus.com
Subject: RE: Windows 2000 Server hardening

Kurt was kind enough to remind me of another document. I should have sent
the link he provides below. It includes the W2K3 and XP security guides, as
well as the Threats and Countermeasures Guide.

Scott

-----Original Message-----
From: Kurt Dillard [mailto:kurtdill@microsoft.com]
Sent: Monday, October 13, 2003 2:07 AM
To: Scott
Subject: RE: Windows 2000 Server hardening

Did you see this other guide I helped to write also? Threats and
Countermeasures: Security Settings in Windows Server 2003 and Windows
XP: http://go.microsoft.com/fwlink/?LinkId=15159

---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about
network analyzers. Need to share problem information with colleagues that
do not read packets?

Download ClearSight Networks Analyzer and see a new network analysis tool
that makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_focus-ms_031006
---------------------------------------------------------------------------

This email, and any files transmitted with it are confidential and intended solely for the use of the addressee. This email may contain information protected by attorney-client privilege. If you are not the intended addressee, then you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited.

Tyson Foods, Inc. will not be held liable to any person resulting from the use of any information contained in this email. Tyson Foods, Inc. will not be liable to any person who adds or deletes information contained in this email, and will not be held liable to any person as a result of any additions or deletions of information originally contained in this email.

---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about
network analyzers. Need to share problem information with colleagues that
do not read packets?

Download ClearSight Networks Analyzer and see a new network analysis tool
that makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_focus-ms_031006
---------------------------------------------------------------------------

• Previous message: Laura A. Robinson: "RE: Windows 2000 Server hardening"
• Maybe in reply to: Scott: "Windows 2000 Server hardening"
• Next in thread: Amer Karim: "RE: Windows 2000 Server hardening"
• Reply: Amer Karim: "RE: Windows 2000 Server hardening"
• Reply: Laura A. Robinson: "RE: Windows 2000 Server hardening"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages SecurityFocus Microsoft Newsletter #176 ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #83 ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability ... Microsoft Internet Explorer History List Script Injection ... Microsoft Windows 2000 Lanman Denial of Service Vulnerability ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #242 ... MICROSOFT VULNERABILITY SUMMARY ... PostNuke Blocks Module Directory Traversal Vulnerability ... Groove Networks Groove Virtual Office COM Object Security By... ... The Microsoft Windows IPV6 TCP/IP stack is prone to a "loopback" condition initiated by sending a TCP packet with the "SYN" flag set and the source address and port spoofed to equal the destination source and port. ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #44 ... Subject: SecurityFocus Microsoft Newsletter #44 ... MS Visual Studio RAD Support Buffer Overflow Vulnerability ... Microsoft Windows 2000 SMTP Improper Authentication Vulnerability ... Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #77 ... MICROSOFT VULNERABILITY SUMMARY ... Novell GroupWise Web Root Disclosure Vulnerability ... Microsoft Windows NT Security Policy Bypass Vulnerability ... CVS Server Global Variable Denial Of Service Vulnerability ... (Focus-Microsoft)