From: "RobertB." 

What if you don't have a W2K machine and your  NT box is connected directly
to a printer?



In article , "Geo"
 wrote:

> If anyone is still running NT4, go into services and stop then disable the
> spooler service (if you are on the internet). Don't wait. Then go into the
> registry and find
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
>
> Look for NullSessionPipes and remove spoolss from the list (use regedt32.exe
> for this)
>
> Once you removed that and rebooted it may be safe to run the spooler, if you
> don't need it then leave it disabled and do your printing thru W2K machines
> instead (use W2K for your print servers).
>
> Because MS hasn't released patches for NT4 and because it's still fairly
> common, I think there is a real good possibility of a worm hitting the net
> and attacking NT4 systems (there have to be more of these than there are SQL
> servers).
>
> Geo.
> -------------------
>
> Exploit code has been created and is circulating on the Internet for three
> of the issues raised in Microsoft's August patch release.  Specifically:
>
> MS05-038 for Internet Explorer
> MS05-039 for Windows 2000, XP, and 2003,  and
> MS05-043 for Windows 2000, XP, and 2003
>
> Both the 05-039 and 05-043 exploits stand a good chance of becoming Internet
> worms in the near future.  These worms could act in a manner similar to the
> Blaster worm.  Shavlik recommends testing and installing these patches as
> soon as possible to prevent exploitation via these vulnerabilities.
>
> [For customers running Windows NT 4 systems - patches are available from
> Microsoft for NT4 systems for these issues (if you have a Custom Support
> Agreement).  If you are part of the CSA program and have purchased these NT4
> patches, please contact your Shavlik Account Manager and we can create
> custom XML files that enable scanning and deployment for these patches.]
>
> Workarounds for MS05-039 and MS05-043 until you can apply the patches:
>
>  - Enable personal firewalls
>  - Block inbound access to TCP 135, 139, and 445 on all systems not
> protected by a firewall (ie. Traveling laptops, home machines that connect
> to other networks via VPN, etc)
>  - Read the Microsoft Security Bulletins for more specific steps that can be
> taken to mitigate the threats from these issues
>
>
> For more information about how you can get the power of Shavlik
> HFNetChkPro to protect your network, or to download a free version,
> please visit www.shavlik.com, call your Shavlik representative at
> (800) 690-6911 or +1 (612) 331-6737 (international), or email
> info{at}shavlik.com.
>
> Thank you for choosing Shavlik Technologies.
>
> The Shavlik Team
> (800) 690-6911
> info{at}shavlik.com
>
>
>

--- BBBS/NT v4.01 Flag-5