Microsoft Security Bulletins for August 9 2005

MS05-039 Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)

If your workstations are XP SP 2 and servers Windows Server 2003 SP 1, you can probably relax, this vulnerability can only be executed by users logged on locally. Provided server logons are limited to administrators it's not really an issue since administrators are already all powerful. So at worst an end user could grab administrator authority of his workstation. If you have an advanced workstation security model in which end-users do not hold administrator authority, you may be concerned about this vulnerability but keep in mind that there are no reports of proof-of-concept code being published as of this time.

If your workstations are XP SP1 you are vulnerable to remote attacks but only if by authenticated users who can access TCP ports 139 or 445. To avoid installing this update for XP SP1 computers consider using IP Security Policy to block access to those ports from all source IP addresses except computers that have legitimate reason to access the workstation remotely such as SMS servers and workstation support staff. If there's no need to access XP SP1 systems remotely for support or management you can also just enable Internet Connection Firewall and don't allow exceptions for these ports. This vulnerability can be exploited by remote, anonymous attackers Windows 2000. For Windows 2000 workstations, to avoid installing this update consider the same suggestions indicated for XP SP1. For Windows Server 2000 I see no alternative but to recommend loading the update. This update does require a restart.

Get all the tools you need in ONE newsletter!

Free log parser scripts, a clear explanation of Microsoft's latest security bulletin, helpful security tips, how-to's and more.

Your e-mail address will be held strictly confidential and you can unsubscribe at any time.