And you should install SP2 on all XP machines ASAP. uPnP is no longer available to the network with SP2. Also note, MS changed the way all RPC calls (not Broker) work in SP2 so only authenticated users can access remote resources. (You used to be able to enumerate the target system to see what was available - that's no longer the case, you have to authenticate first.)
SP2's been out for awhile, there's no reason why you shouldn't run it. It's like running an unpatched 2.4 *nix box - why?!? Technical note - the last vunerablitiy did affect SP2 but you have to read the mitigating fators to understand that only locally logged-in authenticated users have a chance of escilating their privelages. http://www.microsoft.com/technet/security/advisory/906574.mspx /David. David Sommers, Architect | Dialog Medical -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Suchi Pande Sent: Wednesday, September 07, 2005 10:54 PM To: [email protected] Subject: Re: [Hardhats-members] Default port for CPRS GUI client Cameron Schlehuber wrote: > Yes, I know. I've been the one given the responsibility in VHA to > "register" the ports being officially used in VHA. I'm taking up this issue > with folks in VA with more expertise than I have in this area. We may or > may not have to make some changes in VA. > > Just keep in mind the new HLO process that is coming out (HL*1.6*126) > requires port 5001 for live accounts and 5026 for test accounts; and > don't forget port 5000 is for HL7. > Incidentally, port 5000 is also used by windows Universal PnP, which is an XP service open by default (at least on earlier XPs). It's had its share of vulnerabilities. It can be shut down (by third party apps last time I looked, before the current patched XP). PJ ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Hardhats-members mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/hardhats-members ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Hardhats-members mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/hardhats-members
