Re: Is NT4 affected by the new MS05-039 Plug-n-Play Vulnerability?

From: Bigbruva (Richardh_at_dontusethis.ws)
Date: 08/17/05 

Date: Tue, 16 Aug 2005 18:52:47 -0700

So far it only seems to be these systems that are affected:

a.. Windows 2000 Service Pack 4
a.. Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
a.. Windows XP Professional x64 Edition
a.. Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
a.. Windows Server 2003 for Itanium-based Systems and Microsoft Windows
Server 2003 with SP1 for Itanium-based Systems
a.. Windows Server 2003 x64 Edition

>From the MS Security Advisory:

"Windows 2000 systems are primarily at risk from this vulnerability. Windows
2000 customers who have installed the MS05-039 security update are not
affected by this vulnerability. If an administrator has disabled anonymous
connections by changing the default setting of the RestrictAnonymous
registry key to a value of 2, Windows 2000 systems would not be vulnerable
remotely from anonymous users. However, because of a large application
compatibility risk, we do not recommend customers enable this setting in
production environments without first extensively testing the setting in
their environment. For more information, search for RestrictAnonymous at the
Microsoft Help and Support Web site.

While not the current target of this exploit code, it's important to note
that on Windows XP Service Pack 2 and Windows Server 2003 an attacker must
have valid logon credentials and be able to log on locally to exploit this
vulnerability. The vulnerability could not be exploited remotely by
anonymous users or by users who have standard user accounts on Windows XP
Service Pack 2 or Windows Server 2003. This is because of enhanced security
built directly into the affected component. Even if an administrator has
enabled anonymous connections by changing the default setting of the
RestrictAnonymous registry key, Windows XP Service Pack 2 and Windows Server
2003 are not vulnerable remotely by anonymous users or by users who have
standard user accounts. However, the affected component is available
remotely to users who have administrative permissions.

While not the current target of this exploit code, it's important to note
that on Windows XP Service Pack 1 an attacker must have valid logon
credentials to try to exploit this vulnerability. The vulnerability could
not be exploited remotely by anonymous users. However, the affected
component is available remotely to users who have standard user accounts on
Windows XP Service Pack 1. The existing exploit code is not designed to
provide the authentication required to exploit this issue on these operating
systems. Even if an administrator has enabled anonymous connections by
changing the default setting of the RestrictAnonymous registry key, Windows
XP Service Pack 1 systems are not vulnerable remotely by anonymous users.

This issue does not affect Windows 98, Windows 98 SE, or Windows Millennium
Edition."

NOTICE how it does not mention NT!

As NT can be made to work with Plug and Play I would contact Microsoft ASAP
for clarification on this!
If you are in the US or Canada you could call the toll-free number : (866)
PCSAFETY (727-2338).

Let us know how you get on.

BB

"Mike Sampieri" <xkmorgan6xx4@hotmail.com> wrote in message
news:%23h7rB1moFHA.1480@TK2MSFTNGP10.phx.gbl...
> Yes it does indeed. I'm running NT4 Server, SP6a, and it has a service
> called "Plug & Play". I'm wondering if 1) NT4 is affected by MS05-039,
> and 2) If I disable NT's PNP service, would that close this
> vulnerability?
>
> And yes, I plan to upgrade to Server2003 very soon.
>
> Thank you...
> -Mike
>
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in news:#IcR$leoFHA.1372
> @TK2MSFTNGP10.phx.gbl:
>
>> Good question, but observe that NT 4 did not do plug and play
>> and does not have the PlugPlay service.
>>
>
>
>
>
> --
> ---
> *If you want to email me directly, simply remove all instances of the
> letter "x" from my email address.

Relevant Pages
Quantcast