The Invalid_Process_Attach_Attempt bug does not have security implications, though in particular configurations a DOS does condition exists. DOS != security vulnerability in this case.
But, not withstanding the above caveats, I agree with you that 886185 is still a potential security issue, and for that reason, should be checked by MBSA.
T
----- Original Message ----- From: "Randal, Phil" <prandal@xxxxxxxxxxxxxxxxxxxx>
To: "BuqtraqNT (E-mail)" <NTBUGTRAQ@xxxxxxxxxxxxxxxxxxxxxx>; "BugtraqSecurity (E-mail)" <Bugtraq@xxxxxxxxxxxxxxxxx>; "Full-Disclosure (E-mail)" <full-disclosure@xxxxxxxxxxxxxxxx>
Sent: Tuesday, February 15, 2005 2:09 AM
Subject: RE: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185
KB887742: "A computer that is running Microsoft Windows XP Service Pack 2 (SP2), Microsoft Windows XP Tablet PC Edition 2005, or Microsoft Windows Server 2003 unexpectedly stops. Additionally, the following Stop error message appears on a blue screen: Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)".
That's a denial of service. There are security implications there.
KB886185: "After you set up Windows Firewall in Microsoft Windows XP Service Pack 2 (SP2), you may discover that anyone on the Internet can access resources on your computer when you use a dial-up connection to connect to the Internet."
That looks like a major security hole to me.
Cheers,
Phil
---- Phil Randal Network Engineer Herefordshire Council Hereford, UK
-----Original Message----- From: full-disclosure-bounces@xxxxxxxxxxxxxxxx [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxx] On Behalf Of Threlkeld, Richard Sent: 15 February 2005 00:19 To: James Lay; BuqtraqNT (E-mail); BugtraqSecurity (E-mail); Full-Disclosure (E-mail) Subject: [Full-Disclosure] RE: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185
These are not security updates. KB887742 is for a stop error (http://support.microsoft.com/kb/887742) and KB886185 is an update for network scope on the Windows Firewall (http://support.microsoft.com/default.aspx?scid=kb;en-us;886185) .
The MBSA scans for Security Updates only, not every hotfix ever released. Note that a "Critical" patch is not necessarily a "Security" patch. You may be thinking of the "Maximum severity" levels of the MS*-xxx security bulletins which are not the same thing.
Best,
Richard Threlkeld Microsoft MVP - SMS http://myitforum.techtarget.com/blog/rthrelkeld/
-----Original Message----- From: James Lay [mailto:jlay@xxxxxxxxxxxx] Sent: Monday, February 14, 2005 10:24 AM To: BuqtraqNT (E-mail); BugtraqSecurity (E-mail); Full-Disclosure (E-mail) Subject: Microsoft Baseline Security Analyzer not seeing KB887742 and KB886185
Subject line says it all....just did a fresh install of WinXP SP2....was using MBSAFU to make sure it would patch...which it did. However Windows Update shows still needing KB887742 and KB886185. MBSA shows no critical patches need updated. Systeminfo shows that both KB887742 and KB886185 are NOT installed. I'm using latest MBSA. Anyone else see this? Kinda sucks :(
James Lay Network Manager/Security Officer AmeriBen Solutions/IEC Group Deo Gloria!!!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
