Microsoft Windows Server 2003 SP1 delayed

Its probably not real news to anyone but Windows XP SP2 has been slipping for a while now and so will Windows Server 2003 Service Pack 1 (SP1).

In last week’s post (Windows Update Services slips into 2005), I reported that the WUS slippage was as a result of using technology from Windows XP SP2, and as can be expected, the first service pack for Windows Server 2003 is closely related to the XP client service pack, with many common features and fixes.

Windows 2003 SP1, like XP SP2, will include multiple security-oriented changes, such as a Security Configuration Wizard that will use the roles-based infrastructure in Windows 2003 to automatically shut down unnecessary ports and services. It will also include any relevant security changes from XP SP2.

Microsoft confirmed that the company will delay Windows Server 2003 SP1 until the first half of 2005 as development can take place in earnest only after XP SP2 is completed.

According to Microsoft:

“We now anticipate that Windows Server 2003 SP1 and Windows Server 2003 for 64-bit Extended Systems will ship in the first half of 2005, whereas we previously estimated the release timing for both to be the end of 2004… As is the case with all Microsoft product schedules, the development cycle is driven by quality, with a focus on the needs of our customers rather than an arbitrary date.”

(Edited from the July 28 2004 WinInfo Daily Update, published by the Windows and .NET magazine network)

Windows Update Services slips into 2005

Microsoft Windows Update Services (the successor to Software Update Services) looks to have slipped into 2005. In an e-mail sent from Microsoft to registered users for the Windows Update Services Open Evaluation Program, Microsoft state that:

“There are two primary drivers behind this schedule change:

  • The March release of the Windows Update Services closed beta has spurred overwhelming interest from customers and partners evaluating the product. We have assessed this input as part of the beta cycle, and are committed to incorporating the feedback before releasing the next beta release for the Windows Update Services Open Evaluation Program.
  • The Windows Update Services team is developing a new Automatic Updates agent which will be included in XPSP2. The new agent is used both to improve the updating experience for XPSP2 users connecting directly to Windows Update and for users who will leverage Windows Update Services in their corporate environments in the future.

This decision to include the new Automatic Updates technology in XPSP2, and perform the necessary integration and testing, also contributes to the development schedule for Windows Update Services being staggered behind the XPSP2 release.”

Another interesting note in the e-mail is that:

“The final production release of Windows Update Services will include a migration toolkit that will simplify the migration from Software Update Services (SUS) 1.0 with SP1 to Windows Update Services, so if you are holding off on implementing SUS because of concerns about migrating to Windows Update Services, we encourage you to go ahead and implement SUS 1.0 with SP1”.

For further information on Windows Update Services, including a Windows Update Services (Beta Version) datasheet, refer to the Windows Update Services area on the Microsoft website.

Preventing denial of service attacks on an ADSL router

Since about April 2004, I’ve been having problems with my ADSL router at home (a Solwise SAR 110). As the hardware was just over 12 months old (and hence just out of warranty), the cynical side of me was resigned to the fact that it had just “broken”. Not wanting to lose my configuration settings through a firmware upgrade, I got used to resetting the router each day (sometimes several times a day) when it seemed to just drop off the network. Because I couldn’t access the box, I couldn’t check any logs and find out what was happening.

This all changed when I spotted a posting on my ISP’s support forum, directing me to Chris Marsh’s excellent SAR 110 and 130 Guide. Using Chris’ advice I have been able to stealth my router (as tested using the GRC Shields UP! port prober). The SAR Guide website also included interesting information on other configuration items that were not always clear from the Solwise manuals and help text.

Now that my router is no longer visible on the Internet, it seems to stay up as it did for the first year I was on ADSL (just under 13 days and counting as I write this). I can only assume that the problem was a denial of service (DoS) attack, that has now been prevented through the stealthing of the router.

Obviously, there are many types of router out there, but by following the same steps, it should be possible to stealth most ADSL routers, even if the user interface is slightly different.

Microsoft Scripting Host (Monad)

A few weeks back I published a post about Microsoft’s plans to withdraw support for VBscript. One of my clients tipped me off a couple of days back with some more information about the new Microsoft Scripting Host (MSH) shell – codenamed Monad, which will be included in the Windows Server product codenamed Longhorn.

Windows and .NET Magazine reports that:

“Monad is a new administration scripting and automation solution for Longhorn. Although the technology is roughly 2 years away from being released, Monad appears to be Microsoft’s long-awaited comprehensive, consistent, and unified systems administration model designed from the ground up for Windows IT professionals…Monad will be the technology through which Microsoft and Independent Software Vendors (ISVs) will enable their Windows applications to be managed from the command line and automated using shell scripts.”

Why physical access to a PC is so useful for a hacker

This week, I’ve been attending a (Microsoft-sponsored) training course, looking at Windows security. Now, what happens when you get a bunch of techies together in a room and talk about security? Exactly! We all start to think of ways around things. Like the classroom PCs with locked-down configurations…

…the guy sitting next to me (who will remain anonymous, as will the training provider) had a Winternals ERD Commander 2003 boot CD.

Using this, we were quickly able to reboot, launch the Locksmith utility and reset the administrator password to one of our choice, following which we had unrestricted access to the PC.

It was all just a bit of harmless fun within a classroom environment, but it goes to show why physical access is such an important part of a defence in depth strategy.