Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security US-CERT-Alerts
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

US-CERT Cyber Security Alert SA04-243A -- Security Improvements in Windo

from [US-CERT Alerts] Network Security [Permanent Link]
Subject: US-CERT Cyber Security Alert SA04-243A -- Security Improvements in Windows XP Service Pack 2
Date: Mon, 30 Aug 2004 14:43:58 -0400 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                      National Cyber Alert System
                     Cyber Security Alert SA04-243A


Security Improvements in Windows XP Service Pack 2


   Original release date: August 30, 2004
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows XP


Overview

     Microsoft Windows XP Service Pack 2 (SP2) significantly improves
     your computer's defenses against attacks and vulnerabilities.


Recommendation

     To help protect your Windows XP computer from attacks and
     vulnerabilities, install Service Pack 2 using Windows Update or
     Automatic Updates.

     Note: Service Pack 2 makes significant changes to improve the
     security of Windows XP, and these changes may have negative effects
     effects on some programs and Windows functionality. Before you
     install Service Pack 2, back up your important data and consult
     your computer manufacturer's web site for information about Service
     Pack 2.


Description

     Windows XP Service Pack 2 is a major operating system update that
     contains a number of new security updates and features. Like other
     Microsoft Service Packs, Windows XP Service Pack 2 also includes
     previously released security fixes and other operating system
     updates. Following is a summary of the new security updates and
     features in Service Pack 2:

     * Windows Firewall

       Windows Firewall is enabled in almost all configurations, blocking
       network traffic coming into your computer. Blocking this traffic
       helps to protect you from worms and other malicious code that
       spread via the Internet.

     * Internet Explorer Local Machine Zone Lockdown

       New settings for Internet Explorer disable the execution of
       ActiveX controls and Active scripting in the Local Machine Zone.
       This protects you from attacks and vulnerabilties such as
       Download.Ject.

     * Additional Internet Explorer Security Changes

       Internet Explorer now includes a pop-up blocker, additional window
       restrictions, and changes in MIME type handling that better defend
       against social engineering and "phishing" attacks. A browser
       add-on management interface provides a way to identify and disable
       programs that run as part of Internet Explorer. Enhanced
       protection against security zone elevation and object caching
       vulnerabilities helps defend against malicious web scripts.

     * Email Handling Technologies

       Outlook Express now supports the ability to read and compose
       messages in plain text and to block external HTML content such as
       "web bugs." Security checks are now performed in a more consistent
       way to help prevent the execution of malicious attachments.

     * Security Center

       The Security Center "...provides a central location for changing
       security settings, learning more about security, and ensuring that
       [your] computer is up to date, with the essential security
       settings that are recommended by Microsoft."

     * Automatic Updates

       The update services and automatic update feature of Windows XP
       have been improved. US-CERT highly recommends that you enable
       Automatic Updates.

     * Data Execution Prevention

       Memory protection helps prevent attackers from executing code on
       your computer.


References

     * Windows XP Service Pack 2 -
       <http://www.microsoft.com/windowsxp/sp2/>

     * What to Know Before You Download and Install Windows XP Service
       Pack 2 -
       <http://www.microsoft.com/windowsxp/sp2/sp2_whattoknow.mspx>

     * Get the Latest Updates and Information from Your PC Manufacturer
       Before Installing Windows XP Service Pack 2 -
       <http://www.microsoft.com/windowsxp/sp2/oemlinks.mspx>

     * Backing up your computer files -
       <http://www.microsoft.com/athome/security/update/backup.mspx>

     * Programs that are known to experience a loss of functionality when
       they run on a Windows XP Service Pack 2-based computer -
       <http://support.microsoft.com/?id=884130>

     _________________________________________________________________

   Authors: Art Manion and Mindi McDowell. Feedback can be directed to
   the US-CERT Technical Staff.
     _________________________________________________________________

   This document is available from:

      <http://www.us-cert.gov/cas/alerts/SA04-196A.html>
     _________________________________________________________________
 
   Copyright 2004 Carnegie Mellon University.

   Terms of use: <http://www.us-cert.gov/legal.html>
     _________________________________________________________________


   Revision History

   August 30, 2004: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBM3O5XlvNRxAkFWARAqTCAKDoodz5PRNBBC7t6B8IPJbZt2SsSQCdFviV
PWDxGS84QGj6gW0rKfxf1Nk=
=xJHo
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • US-CERT Cyber Security Alert SA04-243A -- Security Improvements in Windows XP Service Pack 2, US-CERT Alerts <=
Indexes:  [Date] [Thread] [Top] [All Lists]