|
Microsoft Releases Baseline Security Analyzer
by Arie Slob
Hello Windows users,
 Microsoft has released a new security tool dubbed the Microsoft Baseline Security Analyzer (MBSA), that allows an individual home or corporate user or an administrator to scan one or more Windows-based computers for common security misconfigurations. Version 1.0 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000 and Windows XP systems and will scan for missing hotfixes and vulnerabilities in the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and XP.
The MBSA tool has been designed to replace the Microsoft Personal Security Advisor (MPSA) tool released last year. The MBSA tool is more extensible than the MPSA tool as it can scan multiple computers at a time and it also checks for patches related to other installed software such as SQL Server.
System Requirements
The following are requirements for a computer running the tool:
- Windows 2000 or Windows XP
- Internet Explorer 5.01 and later
- An XML parser is required (MSXML version 3.0 SP2) for the tool to function correctly. Systems not running IE 5.01 or greater will need to download and install an XML parser to run this tool. MSXML version 3.0 SP2 can be installed during tool setup, otherwise, you can download and install a standalone version of the Microsoft XML parser.
- The IIS Common Files are required on the computer on which the tool is installed if performing remote scans of IIS computers
MBSA is available for download at the Microsoft Web site [2.5MB].
A technical white paper on MBSA is also available at the Microsoft TechNet Web site, while you can find some other information such as command line switches in Microsoft Knowledge Base Article Q320454.
Windows 2000/NT Hole Leaves Systems Vulnerable
Over a month has passed since Radim Picha reported a serious security flaw he found in Windows 2000 / Windows NT to Microsoft, and still there's no fix available - at least from Microsoft.
Picha posted the alert to the NTBugtraq list on the 14th of March, and also included a link to a zip file that contains complete source code that demonstrates the problem, as well as text files that explain how the exploit works.
The exploit is known as DebPloit, and allows everyone to get a handle to any process or thread. Handles have enough access to promote everyone to system/admin (in the case target is running under LocalSystem, Administrator account). So basically even when logged in the Guest account could get you Admin. rights....
Microsoft says that they are working on a fix, but no date for its availability is given.
 During the month of April, East Bay Technologies is offering 25% off of exciting new their Internet TV program "CTube" to all Windows-Help.NET subscribers.
Watch over 400 channels of Internet TV, webcams, news and entertainment through your Internet connection. New stations are also added every month. Broadband *not* required... a dialup connection will work!
Click here for more information about this amazing new software, available for a limited time only for less than $20!
Microsoft Security
Cumulative Patch for Internet Information Services
Microsoft Corp. released a patch Wednesday to fix 10 newly discovered security flaws in its Web server software, the most serious of which could let a hacker take over someone else's server.
Affected Software Versions
- Microsoft Internet Information Server 4.0, 5.0, and 5.1
More...
Web Site Updates
These pages were added/updated in the past 2 weeks. Information on previously updated/added pages is available on the What's New? page for 1 month.
InfiniSource.com
Added: Are You Downloading Music, Thinking You're Using Their Service?
Added: Pssssst! P4's 2.4GHz Debuted...
RoseCitySoftware.com
Updated: Registry First Aid - version 2.0
Windows-Help.NET
Added: Dangerous Hole in Windows 2000 and Windows NT Leaves Systems Vulnerable
Added: Microsoft Security: Cumulative Patch for Internet Information Services
Added: Microsoft Proposes New Logo Requirements for Hardware
Added: Microsoft Releases Baseline Security Analyzer
Windows 2000
Added: Dangerous Hole in Windows 2000 and Windows NT Leaves Systems Vulnerable
Added: Microsoft Releases Baseline Security Analyzer
Windows XP
Added: Disable Windows XP Startup Screen
Added: Microsoft Posts Windows XP Application Compatibility Update (April 10, 2002)
Added: Microsoft Releases Baseline Security Analyzer
|
Highlights
Are You Downloading Music, Thinking You're Using Their Service?
Or - is that download service using you, and your computer and your bandwidth?? Parents, check your teen's computer, now!
Read Full Article
Pssssst! P4's 2.4GHz Debuted...
Yes, another notch for Intel's belt but is it worth the big bucks to have one now or should you wait for the 3GHz behemoth coming up?
Read Full Article
Webmaster list
Microsoft Posts Windows XP Application Compatibility Update (April 10, 2002)
Microsoft has posted the third "Compatibility Update" for Windows XP (applies to both Home Edition & Professional version), which is designed to add compatibility with various consumer-grade software packages.
Read Full Article
Windows XP Tip: Disable Windows XP Startup Screen
Disable Windows XP startup screen, and see some system messages at startup instead.
Read Full Article
Microsoft Proposes New Logo Requirements for Hardware
Microsoft is now working on proposed future requirements for the "Designed for Windows" logo program for the next version of the Microsoft Windows operating system (currently code-named "Longhorn").
According to Microsoft, the first review draft of the proposed logo requirements for the next version of Windows will be released at WinHEC 2002, which is to be held from April 16-18 in Seattle, Washington.
Tell a friend about this Newsletter!
Need Help with Windows? Ask questions here!
FREE Software!
Web Site
Windows-Help.NET
Support BBS
Windows 95
Windows 98
Windows Me
Windows 2000
Windows XP
InfiniSource.com
IRC Info
'Net Humor
Search Engines
Shareware Links
Software Store
TechFiles Index
Web Design
Rose City Software
RCS Summaries
Be a Beta tester
List With Us
Subscribe Free
|
13 April 2002, Vol 5 No. 15
