OS/400 Alert: Microsoft Previews Windows XP Service Pack 2

April 7, 2004 Shannon O'Donnell

Windows Service Packs come out so rarely that when they do it is a very big deal. The latest Service Pack from Microsoft, Service Pack 2 for Windows XP, is no exception. Microsoft has added a host of new features to this latest Service Pack and is making it available to you right now through a technology preview. Also in this issue we alert you to a cool new search tool from Google. Read on for more details.

WINDOWS XP SERVICE PACK 2 PREVIEW

If you like to be on the bleeding edge of things, and you are running Windows XP, you might be interested in the latest Windows XP Service Pack. Microsoft has released a “preview” version of this Service Pack through its Technical Preview Program. If you encounter problems after downloading the Service Pack and installing it, you can discuss them with others on Microsoft’s Windows XP SP2 NewsGroups.

If you are running Windows XP on a Tablet PC, downloading and installing this new Service Pack will automatically upgrade your Tablet PC to the newest Windows Tablet operating system, code named LoneStar. For more information on this aspect of the upgrade, Microsoft’s Web site.

PORT LOGGER MAKES TRACKING TCP/IP ACTIVITY A SNAP

One of the scariest things about TCP/IP is that you can have so many things connecting or trying to connect to your computer and you never even know it is happening. Because of these security concerns, Microsoft has created a nifty new little tool for logging TCP/IP port activity, called Port Reporter, which is available on Microsoft’s Web site.

Port Reporter logs TCP and UDP port activity on a local Windows system. Port Reporter is a small application that runs as a service on Windows 2000, Windows XP, and Windows Server 2003.

On Windows XP and Windows Server 2003 this service is able to log which ports are used, which process is using the port, whether the process is a service, which modules the process has loaded, and which user account is running the process.

On Windows 2000 systems, this service is limited to logging which ports are used and when. In both cases, the information that the service provides can be helpful for security purposes, troubleshooting scenarios, and profiling port use of systems.

THIS WEEK’S NASTY WINDOWS WORRIES

The following information is from www.symantec.com.

W32.Sober.F@mm is a variant of W32.Sober.E@mm that spreads by sending itself as an e-mail attachment using its own SMTP engine. The subject and body of the e-mail vary and are written in German.

W32HLLP.Philis.B is a variant of W32.HLLP.Philis. It prepends itself to all of the .exe files that it finds. It also tries to steal passwords from the “Legend of Mir 2” online game.

W32.Gaobot.UM is a variant of W32.Gaobot.gen. It attempts to spread through network shares that have weak passwords. It also allows attackers to access an infected computer through a predetermined IRC channel. The worm uses multiple vulnerabilities to spread, including the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135; the RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445; the WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80; and the workstation service buffer over-run vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445.

W32.Blackmal.B@mm is a minor variant of W32.Blackmal@mm. The two differ only in the size of the worm, some possible viral file names, and e-mail subjects and messages that the worm creates. The major viral behaviors of both variants are identical.

Trojan.Lyndkrew is a Trojan horse that deletes critical files.

PWSteal.Goldpay is a Trojan horse that steals passwords and system and personal information.

HackTool.Mailbomb is a hack tool that allows an attacker to launch denial-of-service attacks against e-mail accounts.

Backdoor.IRC.Aimwin is a backdoor Trojan horse that connects to Internet Relay Chat networks. This Trojan can also spread itself through the Kazaa file-sharing network, if the attacker instructs it to do so.

GOOGLE ANNOUNCES PERSONAL SEARCHING

Google, one of my favorite search engines, has announced that it now lets you create a personal search profile for Internet searches. This new beta search engine aims to make searches faster and more accurate by letting you choose the areas of interest you want to search in. By clicking a few choice boxes and then inputting a search, you can bring up a Web page that lets you further refine your search, using a simple slide bar.

MICROSOFT JVM DIAGNOSTIC TOOL

In the last issue, we alerted you that Microsoft plans to drop support for the Java Virtual Machine. You can now download a utility that will scan your system for all instances of the Microsoft JVM and applications that may use it.

PTF’S AND FIXES FOR OS/400 AND RELATED PROGRAMS

IBM released the latest cumulative package for V5R2 customers on March 29.

The latest HIPER package was released March 16.

The Database Group PTF was updated February 26.