Security during unattend installation?

V

Valter Nordh

Hi!

We are doing an unattend installartion of Windows XP, with
SP1 slipstreamed into it.
We don't have a firewall, and are exposed to internet...

Does anyone have a list of which hotfixes that we need to
apply in the preinstall enviroment before the network
starts?

That means, which hotfixes are needed by the computer so
that it can be used on the internet to connect to Windows
Update and get the rest of the updates needed? .. without
getting blaster etc on the way :)

regards, Valter
 
P

Patrick J. LoPresti

For Blaster/Welchia, you need
<http://support.microsoft.com/?id=824146> (MS03-039). For XP, you
might as well use <http://support.microsoft.com/?id=826939> (the
security roll-up package) instead. This is by far the most important
patch, because as you know, existing worms are exploiting this flaw.

Sooner or later, someone will write a worm to exploit
<http://support.microsoft.com/?id=828749> (MS03-049). For XP, the
equivalent hole was plugged by
<http://support.microsoft.com/?id=828035> (MS03-043). So you probably
want to include this one, too.

For a basic workstation (no IIS), I believe these two are the only
remotely exploitable holes.

See also <http://unattended.sourceforge.net/os.html#hotfixes>.

- Pat
 
O

Oli Restorick [MVP]

Hi there

You could use Windows XP's built-in firewall. It can be configured with an
unattended answer file.

I haven't checked this out, but I'm sure it could be modified for your use.

[Homenet]
InternetConnectionFirewall = MyAdapter1

Hope this helps

Oli
 
C

Chris

You should also apply MS03-026. This is related to the Blaster. In any
case, it's very simple to script all the hotfixes you want into your
unattended install. I apply 33 MS updates - either security patches or
program updates - when my unattended CD installation runs. I then appended
it as needed.
 
P

Patrick J. LoPresti

No. MS03-026 (http://support.microsoft.com/?id=823980) was superseded
by MS03-039 (http://support.microsoft.com/?id=824146). That fix, in
turn, was bundled with Update Rollup 1 for XP
(http://support.microsoft.com/?id=826939).

The remotely exploitable holes in a basic Windows workstation (Windows
XP Service Pack 1 or Windows 2000 Service Pack 4) are the RPC service
buffer overrun and the Workstation service buffer overrun. To fix
these on XP, you want 826939 and 828035, respectively. For 2000, you
want 824146 and 828749.

I believe these two are the the only remotely exploitable flaws in
XP SP1 and 2000 SP4.

- Pat
http://unattended.sourceforge.net/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Kids Safety Software 7
Custom Installation Disc 6
Vista Unattend Installation not excepting Product Key 3
slipstreaming xp corporate files inquiry 1
How to remove a keyboard erroneously during installation 1
OEM activation on windows XP and windows 2000 platforms 6
Problem with unattended installation 1
Slipstreaming a Windows XP Pro CD/DVD 2

Top