Windows 2008 questions with SCCM, WSUS and AD Role RRS feed

  • 問題

  • HI ALL,

    Please help. Thanks.

    Issue 1 - DNS Query ID Field Prediction Cache Poisoning in SCCM Windows 2008 server

    This is a question which was identified by the auditor during the internal IT audit for the SCCM Windows 2008.

    We study related ms08-037 document but cannot confirm what action the solution for Windows 2008. Please help to find out the solution. Thanks.

    Affected Host: SCCM_Server (
    Affected Ports:  domain (53/udp)


    The remote DNS resolver does not use random ports when making queries to third party DNS servers.

    This problem might be exploited by an attacker to poison the remote DNS server more easily, and therefore divert legitimate traffic to arbitrary sites.


    Apply the patch according to

    Issue 2 – Loop hole for SCCM in Windows 2008 server with AD role.

    This is another question which was identified by the auditor during the internal IT audit.

    Please help to find out how to disable NULL BINDs in LDAP. Thanks.

    SCCM_Server (
    ldap (389/tcp)


    The LDAP server on the remote host is currently configured such that a user can connect to it without authentication - via a 'NULL BIND'.  This may result in disclosure of information that an attacker could find useful.

    Configure the LDAP server so that it does not allow NULL BINDs.


    Improperly configured LDAP servers will allow the directory BASE to be set to NULL. This allows information to be culled without any prior knowledge of the directory structure. Coupled with a NULL BIND, an anonymous user can query your LDAP server using a tool such as 'LdapMiner'.

    Disable NULL BASE queries on your LDAP server.

    Issue  3 – Microsoft Report Viewer 2008 Redistributable Required for WSUS 3.0 SP2 update in Windows 2008 server

    Microsoft Report Viewer 2005 installed for WSUS 3.0 requirement. We try to update WSUS 3.0 SP2 but installation wizard send a warning that “Microsoft Report Viewer 2008 Redistributable is required”. Is there any issue for uninstalling Report Viewer 2005 and try to install Report Viewer 2008?

    Please help. Many thanks.

    Best regards,
    2009年12月4日 上午 03:45


  • For Issue 1, You just follow the instruction to download the patch and install.

    For Issue 2, Is this an Active Directory domain controller?  If that's the case, you really -can't-, and if you could it would break your Active Directory in a very real way.  This is a case of your security scanner not really understanding AD and how it operates: AD requires anonymous binds (also referred to as RootDSE queries) to allow authenticating clients to negotiate things like:

    - LDAP protocol version to use
    - Authentication type
    - Default partition
    - etc

    Your DCs need to be secured in other ways, obviously, using firewalls and IPSec and physical security and what-have-you, but turning off null base queries isn't something you can or want to do, even if your security scanner is trying to convince you otherwise.

    For Issue 3, You can uninstall Report Viewer from Add/Remove file  

    2010年4月21日 下午 03:28