# Microsoft: No TCP/IP patches for you, XP



## lotuseclat79 (Sep 12, 2003)

Microsoft: No TCP/IP patches for you, XP.

*Microsoft late last week said it won't patch Windows XP for a pair of bugs it quashed Sept. 8 in Vista, Windows Server 2003 and Windows Server 2008.

The news adds Windows XP Service Pack 2 (SP2) and SP3 to the no-patch list that previously included only Windows 2000 Server SP4.*

-- Tom


----------



## tomdkat (May 6, 2006)

While most won't agree with this, I can certainly understand why Microsoft is doing this and I don't necessarily think they are doing the "wrong" thing.

XP can't be supported forever so people should start looking at upgrading to either Vista, 7, or maybe some future version of Windows.

Peace...


----------



## hewee (Oct 26, 2001)

You mean MS is thinking about $$$$$$$$$? 

Money...


----------



## Stoner (Oct 26, 2002)

I could use a little clarity on the article.

As I understand it, it's XP (with out SP2 or SP3 updates) and win2k that are open to the vulnerabilities mentioned because there is no default firewall in place.
The issues are there for XP SP2 and SP3, but the default firewall acts as a filter for protection.

So, wouldn't a third party firewall for win2k and upgrading XP to SP2 or SP3 be be an efficient work around?


----------



## lotuseclat79 (Sep 12, 2003)

Hi Jack,

The vulnerabilities are due to TCP/IP specifically crafted packets - not because no default firewall is in place or acts as a filter for protection, i.e. without the fix, the firewall would still be mince-meat to the attack.

Ref: MS09-048.

-- Tom


----------



## tomdkat (May 6, 2006)

Stoner said:


> I could use a little clarity on the article.
> 
> As I understand it, it's XP (with out SP2 or SP3 updates) and win2k that are open to the vulnerabilities mentioned because there is no default firewall in place.
> The issues are there for XP SP2 and SP3, but the default firewall acts as a filter for protection.
> ...


A third-party firewall should provide protection, based on this info in the article:


> In the revised advisory, Microsoft explained why it won't patch Windows XP, the world's most popular operating system. "*By default, Windows XP SP2, Windows XP SP3 and Windows XP Professional x64 Edition SP2 do not have a listening service configured in the client firewall and are therefore not affected by this vulnerability*," the company said. "Windows XP SP2 and later operating systems include a stateful host firewall that provides protection for computers against incoming traffic from the Internet or from neighboring network devices on a private network."


And then from the Microsoft security bulletin:


> This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. *The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service.* Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.


So, if you're not running the service that is used by the exploit, you're safe. If you ARE running the service but it's either not listening on the port in question or the firewall is setup to block inbound traffic on that port, you should be safe.

Peace...


----------



## Stoner (Oct 26, 2002)

lotuseclat79 said:


> Hi Jack,
> 
> The vulnerabilities are due to TCP/IP specifically crafted packets - not because no default firewall is in place or acts as a filter for protection, i.e. without the fix, the firewall would still be mince-meat to the attack.
> 
> ...


But there was this quote at that link:


> Executive Summary
> 
> This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.


It's vague to me.

and then there is this:


> Microsoft recommends that customers running Microsoft Windows 2000 Service Pack 4 use a firewall to block access to the affected ports and limit the attack surface from untrusted networks.


I get the impression that a firewall is the work around rather than a fix.

In my case, I have a NAT router acting as a firewall and a software firewall installed on my computer. The concern is for my win2k machine.



> without the fix, the firewall would still be mince-meat to the attack.


Would you please point out the reasoning for that statement concerning a firewall.


----------



## Stoner (Oct 26, 2002)

tomdkat said:


> A third-party firewall should provide protection, based on this info in the article:
> 
> And then from the Microsoft security bulletin:
> 
> ...


Thanks Tom.....just read your post after my last posting.


----------



## tomdkat (May 6, 2006)

Stoner said:


> I get the impression that a firewall is the work around rather than a fix.


Well, this is true. I mean a firewall won't change the Windows code that the patch will change, so you're right that a firewall won't actually "fix" the issue.

However, the firewall can block the attack in conjunction with your system not running the service in question. Between these two things, your system(s) should be safe.

Peace...


----------



## hewee (Oct 26, 2001)

Is there a firewall rule you can make to be sure your protected?


----------



## tomdkat (May 6, 2006)

Well, Microsoft doesn't mention which service is the target of the exploit so it will be difficult to know, for sure, how to verify your firewall configuration.

However, I would think if your firewall was configured to block ALL unsolicited inbound traffic your system would be relatively safe. I use the word "relatively" because a software firewall alone can't guarantee absolute security.

If you're on XP and have SP2 or SP3 installed, you're running at a low risk, per Microsoft's assessment. If you make sure you're not running any services you don't need, you can protect your system even more. I believe there are sites out there with suggestions or recommendations on which services can be safely disabled and I believe they provide instructions on how to disable them as well.

Peace...


----------



## hewee (Oct 26, 2001)

I got XP with SP3 and Online Armor so could ask over at there forum.


----------

