Please be aware that as of December 31, 2004, there are no support for the SBS 4.5 platform, I can't remember a dang thing about it and the newsgroup is about dead.
Technet Webcasts has a presentation on “Threat mitigation for 98 and NT” for those that are unlucky enough to be stuck on those platforms.
Phil in the newsgroups reports that patch 05-010 wacked off the licenses in the NT platform and wanted to know the best way to proceed. Here's my suggestions:
- Uninstall the patch
- Now go into Control panel, or whereever the services is in the NT platform, disable and SHUT OFF the license logging service
With the license logging service OFF you will not be vulnerable to the security vulnerability that is addressed by 05-010 [KB885834].
Bottom line Phil, just shut the dang thing off.
Yes, you will technically be, slightly be, partially be in violation of some yellowed old EULA someplace that said we couldn't turn of the license logging service, but tough. Who cares. Your bigger issue is that you are on an unsupported, no longer patched platform. I ran my 4.5 without the license logging service on, heck I had license logging turned off on SBS 2000 because for several months Veritas and Microsoft kept fighting over the licenses until that got fixed in Windows 2000 sp2 and I lived to tell about it. SBS 2003 they've got our SBcore service tied to License logging so we can't turn it off. The good news is that I was watching that patch real closely and have seen NO issues on the SBS 2003, nor SBS 2000 platforms. There's so few SBS 4.5's left that even care about patching that you may be our only report out here.
While I commend you for still caring about that SBS 4.5 platform... stop patching it Phil. Even if they do release patches on the rare occasion in the future [if they think you as the platform attacked will also hurt others], I'd be looking in the section of the bulletins that talk about 'mitigation'.
In every bulletin there is a mitgation section, a place that talks about what to do in case there isn't a way to patch. You, sir need to start reading that section. Under “General information“, then under “vulnerability details“ then under the description of the vulnerability is the section “Mitigating factors“. Start watching that section from now on.
The good news is that Microsoft is putting some of their best folks on to more things like that. Robert [Mr. Incident] Hensing has moved over to this 'mitigation' information section of Microsoft. Look for more info from folks like him.
Phil, please, if you can, try to look at your budget and get on a platform that didn't make me cross my fingers and toes, and squint with one eye each time I rebooted that sucker, a platform that isn't built for today's environment, heck you can't do the 'tarpit' stuff on Exchange, you can't do hardly any hardening stuff that we take for granted these days. You certainly can't run the patching program you need for your desktops of WSUS on it.
And speaking of operating systems that has seen better days...Window 98 machines have no event viewer, and when they Blue Screen we hardly have anything to go on. Make your life easier... put those NTs and 98's out of their misery.
Show me a firm that is a vital, growing firm and they more than likely take a bit of their annual budget for technology. I don't know your personal situation, don't know if its because of Line of Business applications that force you to stay on NT4, don't know if it's because you are a non for profit [and other than some EU places that don't sell SBS this way] that you don't know that you can get SBS 2003 VERY reasonably priced through Techsoup.org or Softwareone.com
So if you are on NT platform.... stop patching. Start mitigation and start saving your pennies. Don't do it even if you have the patches. Start mitigation plans. Spend your time and energy instead finding the funds, finding whatever is keeping you from upgrading.
You have a server that can't be patched anymore so watch that webcast and try to focus your area on putting walls and protection on desktops so they don't 'infect' the server. You still running with Local admin rights on the desktop? See what you can do to lock down your end users so you can protect that server better.
Bottom line Phil...save your time and money and don't patch anymore....not on the NT 4 box anyway.
Sharpen that pencil if it's a budget problem.... tell the owner of the business to cut back on a martini or two.... if it's line of business software... work with that vendor and tell them to start supporting the harsh world we live in today.
If worse comes to worse, isolate yourself and ensure that you have no Internet access. Cut the RJ45 connection if need be. If you can't get on a platform that can handle today's risks, then you need to isolate that machine away from the risks.
Mitigation. Protection are the words for the NT platform.
Because you can't patch anymore.
Disabling the License Logging service helps prevent the possibility of a remote attack. Customers that have disabled this service would be at a reduced risk to attack from this vulnerability. See the “Workarounds” section for instructions that describe how to disable this service. By default, affected operating systems other than Windows Server 2003 have the License Logging service startup type set to Automatic instead of Disabled.
Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.
Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
• |
Disable the License Logging service
Disabling the License Logging service will help protect from remote attempts to exploit this vulnerability.
Note Do not perform this procedure on Small Business Server 2000 or Windows Small Business Server 2003. These operating system versions require the License Logging service. These operating system versions may fail to function correctly if the License Logging service is disabled.
You can disable the License Logging service services by following these steps:
1. |
Click Start, and then click Control Panel (or point to Settings, and then click Control Panel). |
2. |
Double-click Administrative Tools. |
3. |
|
4. |
Double-click License Logging Service. |
5. |
In the Startup type list, click Disabled. |
6. |
Click Stop, and then click OK. | |