Study Report: Comprehensive Network Security and Threat Assessment Planning
Security Notices - Articles
Study Report: IT Security
Security Notices - Articles
Guide To Network Security

 

 
Security Notices - Articles

Top New Vulnerabilities in Q2, 2005 (Summary List)


***********************************************************

Microsoft Products

***********************************************************

Microsoft Internet Explorer Multiple Vulnerabilities (MS05-020 and MS05-025)
Patches:
MS05-025 available. Note that MS05-025 also includes the patches released in security update MS05-020.

Affected:
Internet Explorer 5.01 SP3/SP4, 5.5SP2, 6.0 and 6.0 SP1

Risk:
A malicious webpage can compromise a client system to install malware.

Exploits:
Multiple exploits have been publicly posted. Certain vulnerabilities have been exploited in the wild.

References:
http://www.microsoft.com/technet/security/Bulletin/MS05-020.mspx
http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx
CVE:
CAN-2005-0553
CAN-2005-0554
CAN-2005-0555
CAN-2005-1211

Top20 Category: W6 Web Browsers

*******************************************************************

Microsoft Exchange Server Extended Verb Overflow (MS05-021)
Patches:
MS05-021 available.

Affected:
Microsoft Exchange Server 2000/2003

Risk:
An unauthenticated attacker can execute code with "SYSTEM" privileges.

Exploits:
Exploit code has been publicly posted and seen in the wild.

References:
http://www.microsoft.com/technet/security/Bulletin/MS05-021.mspx

CVE:
CAN-2005-0560

Affected Ports:
25/tcp

Top20 Category: W3 Windows Remote Access Services

*******************************************************************

Windows Message Queuing Service Overflow (MS05-017)
Patches:
MS05-017 available.

Affected:
The following Windows systems running the Message Queuing Service
Windows 2000 SP3 and SP4
Windows XP SP1 (including 64-bit edition)

Risk:
An unauthenticated attacker can execute code with "SYSTEM" privileges.

Exploits:
Exploit code has been publicly posted.

References:
http://www.microsoft.com/technet/security/Bulletin/MS05-017.mspx

CVE:
CAN-2005-0059

Affected Ports:
In typical configurations 2101/tcp, 2103/tcp, 2105/tcp, 2107/tcp
The service binds to ports above 1024/tcp

Top20 Category: W3 Windows Remote Access Services

*******************************************************************

Windows SMB Protocol Processing Overflow (MS05-027)
Patches:
MS05-027 available.

Affected:
Windows 2000 SP3 and SP4
Windows XP SP1 and SP2
Windows 2003 including SP1

Risk:
An unauthenticated attacker can execute code with kernel privileges.

Exploits:
Exploit code has been included in the CORE Testing Tool.

References:
http://www.microsoft.com/technet/security/Bulletin/MS05-027.mspx

CVE:
CAN-2005-1206

Affected Ports:
139/tcp and 445/tcp

Top20 Category: W3 Windows Remote Access Services

**************************************************************************

Windows HTML Help File Parsing Overflow (MS05-026)
Patches:
MS05-026 available.

Affected:
Windows 2000 SP3 and SP4
Windows XP SP1 and SP2
Windows 2003 including SP1

Risk:
A malicious webpage can compromise a client system to install malware.

Exploits:
The technical details have been publicly posted.

References:
http://www.microsoft.com/technet/security/Bulletin/MS05-026.mspx

CVE:
CAN-2005-1208

*******************************************************************

Windows Shell Remote Code Execution (MS05-016)
Patches:
MS05-016 available.

Affected:
Windows 2000 SP3 and SP4
Windows XP SP1 and SP2
Windows XP 64-bit SP1 and 2003
Windows 2003

Risk:
A malicious document can compromise a client system to install malware. The flaw would require user-interaction to be exploited.
Exploits:
Exploit code has been publicly posted.

References:
http://www.microsoft.com/technet/security/Bulletin/MS05-016.mspx

CVE:
CAN-2005-0063

*******************************************************************

***********************************************************

Backup Software

***********************************************************

Computer Associates BrightStor ARCServe Backup Overflow
Patches:
Available.

Affected:
BrightStor ARCserve Backup 9.x, 10.x and 11.x on Windows platform

Risk:
Compromise of systems running ARCserve Backup products with Administrator privileges.

Exploits:
Available in the Metasploit project. Increased scanning activity observed for the port 6050/tcp.

References:
http://www.metasploit.com/projects/Framework/modules/exploits/cabrightstor_uniagent.pm

CVE:
CAN-2005-1018

Affected Ports:
6050/tcp

***********************************************************

Veritas Backup Software Multiple Vulnerabilities
Patches:
Available.

Affected:
Backup Exec 10.0 for Windows Servers rev. 5484
Backup Exec 9.1 for Windows Servers rev. 4691
Backup Exec 9.0 for Windows Servers rev. 4454 and 4367
Backup Exec 9.1.307/306/1154/1152.4/1152 /1151.1/1127.1/1067.3/1067.2 for NetWare Servers
Backup Exec 9.0.4202 /4174/4172/4170 /4019 for NetWare Servers

Risk:
Compromise of systems running Veritas backup software with Administrator privileges.

Exploits:
Available in the Metasploit project and seen in the wild.

References:
http://www.sans.org/newsletters/risk/display.php?v=4&i=25#widely1
http://seer.support.veritas.com/docs/276604.htm
http://seer.support.veritas.com/docs/276605.htm
http://seer.support.veritas.com/docs/276606.htm
http://seer.support.veritas.com/docs/276533.htm
http://seer.support.veritas.com/docs/276607.htm
http://seer.support.veritas.com/docs/277485.htm

CVE:
CAN-2005-0771
CAN-2005-0772
CAN-2005-0773

Affected Ports:
10000/tcp, 8099/tcp, 6106/tcp

***********************************************************

***************************************************************************************

Anti-virus, Database, Media Players and Browser Software

***************************************************************************************

Computer Associates and Zone Alarm Vet Library Overflow
Patches:
Available.

Affected:
CA InoculateIT 6.0
CA eTrust Antivirus r6.0/r7.0/r7.1
CA eTrust Antivirus for the Gateway r7.0/r7.1
CA eTrust Secure Content Manager
CA eTrust Intrusion Detection
CA BrightStor ARCserve Backup (BAB) r11.1 Windows
CA eTrust EZ Armor 2.x/3.x
Any products running CA Vet Engine version prior to 11.9.1
Zonelabs ZoneAlarm Security Suite
Zonelabs ZoneAlarm Antivirus
Other vendors who use the Vet Library

Risk:
Compromise of systems running anti-virus engines that use Vet library. The systems can be compromised via email, web, shared server etc.

Exploits:
Complete technical details have been posted.

References:
http://www.sans.org/newsletters/risk/display.php?v=4&i=21#widely1
http://www.rem0te.com/public/images/vet.pdf
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896
http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0574.html

CVE:
CAN-2005-1693

*****************************************************************************

Oracle Cumulative Update April 2005
Patches:
Available.

Affected:
Multiple Oracle products including Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-business Suite and Applications, Oracle Enterprise Manager, PeopleSoft EnterpriseONE Applications, PeopleSoft OneWorldXe/ERP8 Applications

Risk:
Compromise of database or systems running various Oracle products.

Exploits:
Proof of concept exploit code has been publicly posted.

References:
http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf
http://security-papers.globint.com.ar/oracle_security/sql_injection_in_oracle.php
http://www.red-database-security.com/wp/sql_injection_forms_us.pdf
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0017.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0016.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0015.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0014.html
http://www.argeniss.com/research.html
Problems Reported with April 2005 Update
http://archives.neohapsis.com/archives/bugtraq/2005-07/0093.html
http://archives.neohapsis.com/archives/bugtraq/2005-07/0172.html
http://archives.neohapsis.com/archives/bugtraq/2005-07/0179.html
http://archives.neohapsis.com/archives/bugtraq/2005-07/0400.html

*************************************************************************

RealNetworks RealPlayer Multiple Vulnerabilities
Patches:
Available.

Affected:
On Windows:
 RealPlayer 10.5 (6.0.12.1040-1069)
 RealPlayer 8/10
 RealOne Player v2/v1
 RealPlayer Enterprise
 Rhapsody 3 (build 0.815-0.1006)
On Mac OS:
 Mac RealPlayer 10 (10.0.0.305-331)
 Mac RealOne Player
On Linux:
 Linux RealPlayer 10 (10.0.0-4)
 Helix Player (10.0.0-4)

Risk:
Remote compromise of systems with RealNetworks media players.

Exploits:
The technical details about how to trigger the flaws have been posted.

References:
http://service.real.com/help/faq/security/050419_player/EN/
http://service.real.com/help/faq/security/050623_player/EN/

CVE:
CAN-2005-0755
CAN-2005-1277

***************************************************************************

Apple iTunes MPEG4 File Processing Overflow
Patches:
Available.

Affected:
iTunes versions prior to 4.8

Risk:
Remote compromise of systems with iTunes installed.

Exploits:
The technical details scheduled to be released by the researchers in another 2 months.

References:
http://docs.info.apple.com/article.html?artnum=301596

CVE:
CAN-2005-1248

****************************************************************************

Mozilla and Firefox Browsers Multiple Vulnerabilities
Patches:
Available.

Affected:
Firefox prior to version 1.0.5
Mozilla prior to version 1.7.9
Thunderbird prior to version 1.0.2

Risk:
A malicious webpage can compromise a client system to install malware.

Exploits:
Multiple Exploits have been publicly posted.

References:
http://www.frsirt.com/exploits/20050712.mfsa2005-49exploit.php
http://www.frsirt.com/exploits/20050712.mfsa2005-47exploit.php
http://www.frsirt.com/exploits/20050712.mfsa2005-55exploit.php
http://greyhatsecurity.org/vulntests/ffrc.htm

CVE:
CAN-2005-1476
CAN-2005-1477

****************************************************************************

***********************************************************

Mac OS

***********************************************************

Apple Cumulative Security Update 2005-005 and 2005-006
Patches:
Available.

Affected:
Mac OS X version 10.4.1 and prior
Mac OS X Server version 10.4.1 and prior

Risk:
Compromise of systems running Mac OS.

Exploits:
Exploit code has been publicly posted for some of the flaws.

References:
http://docs.info.apple.com/article.html?artnum=301528
http://docs.info.apple.com/article.html?artnum=301742

***************************************************************************** This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the way that Web View in Windows Explorer handles certain HTML characters in preview fields. By persuading a user to preview a malicious file, an attacker could execute arbitrary code in the context of the logged on user. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. However, user interaction is required to exploit this vulnerability.

The only Windows software affected by this Security Bulletin are :
• Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4... and...
• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

This bulletin does not apply to :
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
• Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems... and...
• Microsoft Windows Server 2003 x64 Edition

Click here to read more about the updated MSRT
Click here to download the updated MSRT (English Version)
( The download link for all other language versions of the MSRT can be found by Clicking Here)



Products from Microsoft, Symantec, Computer Associates, plus iTunes and other Media Players Cited in this First SANS Quarterly Update. More than 600 new Internet security vulnerabilities were discovered during the first quarter of 2005, according to the SANS Institute and a team of experts from industry and government. This group has identified the most critical vulnerabilities disclosed in Q1 that pose critical risks that need to be addressed through patching and other defensive actions. Individuals and organizations that do not correct these problems face a heightened threat that remote, unauthorized hackers will take control of their computers and use them for identity theft, for industrial espionage,
 
Click here to read the full Press Release at Tmcnet.com

Top New Vulnerabilities in Q1, 2005 (Summary List)

Microsoft Products


The Microsoft security train made its scheduled monthly stop on Tuesday, dropping off eight updates to cover 18 vulnerabilities in a range of widely deployed products. Five of the eight advisories are rated "critical" and Redmond officials are urging customers to apply at least three immediately as high-priority updates. The top three include fixes for high-risk flaws in Microsoft Corp.'s implementation of the TCP/IP stack; a cumulative patch for the Internet Explorer browser; and a patch for a remote code-execution hole in the enterprise-focused Microsoft Exchange Server. In all, Microsoft is patching five vulnerabilities in the TCP/IP stack, the most serious of which could let an attacker install programs; view, change or delete data; or create new accounts with full user rights....continued...

Click here to continue reading this synopsis at eWEEK.com



Microsoft Security Bulletin MS05-016
Vulnerability in Windows Shell that Could Allow Remote Code Execution
A vulnerability exists in Windows that could allow an attacker to take complete control of an affected system. User interaction is required for an attacker to exploit this vulnerability.
Rated as Important  Patch Available at : http://go.microsoft.com/fwlink/?LinkId=43001


Microsoft Security Bulletin MS05-017
Vulnerability in Message Queuing Could Allow Code Execution
A vulnerability exists in MSMQ that could allow an attacker to take complete control of an affected system. Message Queuing is not installed by default on the operating systems software affected by this security bulletin.
Rated as Important  Patch Available at :   http://go.microsoft.com/fwlink/?LinkId=41317


Microsoft Security Bulletin MS05-018
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service
Vulnerabilities exist in Windows that could allow an attacker to take complete control of an affected system. To exploit this vulnerability an attacker must have valid credentials and must be able to logon locally to the affected system.
Rated as Important  Patch Available at : http://go.microsoft.com/fwlink/?LinkId=39895

Microsoft Security Bulletin MS05-019
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service
Vulnerabilities exist in Windows that could allow an attacker to take complete control of an affected system.
Rated as Critical  Patch Available at : http://go.microsoft.com/fwlink/?LinkId=36661

Microsoft Security Bulletin MS05-020
Cumulative Security Update for Internet Explorer
Vulnerabilities exist in Internet Explorer that could allow an attacker to take complete control of an affected system.
Rated as Critical  Patch Available at : http://go.microsoft.com/fwlink/?LinkId=43944

Microsoft Security Bulletin MS05-021
Vulnerability in Exchange Server Could Allow Remote Code Execution
A vulnerability exists in Microsoft Exchange Server that could allow an attacker to run arbitrary code.
Rated as Critical  Patch Available at : http://go.microsoft.com/fwlink/?LinkId=45980

Microsoft Security Bulletin MS05-022
Vulnerability in MSN Messenger Could Lead to Remote Code Execution
A vulnerability exists in MSN Messenger that could allow an attacker to run arbitrary code.
Rated as Critical  Patch Available at :http://go.microsoft.com/fwlink/?LinkId=45979

Microsoft Security Bulletin MS05-23
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution
Vulnerabilities exist in Microsoft Word that could allow an attacker to take complete control of an affected system.
Rated as Critical  Patch Available at : http://go.microsoft.com/fwlink/?LinkId=45978



Rafael Nunez, a 25 year old from Venezuela, was arrested on Tuesday April 5th in the city of Miami (United States). RaFa is alleged by FBI authorities to have penetrated a military computer system back in June 2001. The military computer system that was hacked was used by the US Air Force to coordinate the training of their personnel. The hack of the computer consisted of a page appearing on the computer monitors of the Air Force staff that read
'' Kiss my rear one because yours is mine! '', and a link carried to a page featuring a hacker group called '' World of Hell''
In a news story posted back on March 25 2003 in PC News, RaFa was interviewed for a story called "Conversing with a hacker on IIS 5.0". The same vulnerabilities that were discussed in that news article were the type that had been used against the hacked US Air Force computers. Also in  that same news article Rafael Nunez confirmed that he operates in the "cyber world" under the name RaFa and that he had dedicated his life to investigating security vulnerabilities and not to exploit them or cause damage. It was his goal to share his knowledge so that those responsible for securing systems could take appropriate action to secure their systems.
 
Unfortunately it would appear that RaFa's involvement with the 'World of Hell' hacker group may prove to be his undoing. He was part of the WoH in June 2001 when they set a hacker record of 679 web site defacements in one minute. RaFa was also alleged to have been the brains behind the August 2001 theft of secret NASA documents relating to very important designs for future generation space vehicles.

Rafael was scheduled to appear before a federal Judge in Miami to determine if he would be released on bail and to hear the first listing of the charges pending against him.  He is to be delivered to the police authorities in Denver Colorado where the crimes were primarily alleged to have occurred for further processing of the case against him.



On April 12, 2005, the Microsoft Security Response Center is planning to release:

5 Microsoft Security Bulletins affecting Microsoft Windows. The greatest aggregate, maximum severity rating for these security updates is Critical. Some of these updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA).

1 Microsoft Security Bulletin affecting Microsoft Office. The greatest aggregate, maximum severity rating for these security updates is Critical. These updates will not require a restart. These updates will be detectable using MBSA.

1 Microsoft Security Bulletin affecting MSN Messenger. The greatest aggregate, maximum severity rating for these security updates is Critical. These updates may require a restart. These updates will be detectable using the Enterprise Scanning Tool (EST).

1 Microsoft Security Bulletin affecting Microsoft Exchange. The greatest aggregate, maximum severity rating for these security updates is Critical. These updates will not require a restart. These updates will be detectable using MBSA.

In addition, Microsoft will release:

An updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS).

2 NON-SECURITY High-Priority Updates for Windows on the Windows Update site. These will be distributed to Software Update Services and are not required to install the security updates.

At this time no additional information on these bulletins such as details regarding severity or details regarding the vulnerability will be made available until 12 April 2005.

Click here to read the full advance advisory at Microsoft



It's time to update the millions of Firefox 1.0 browsers that have been downloaded over the past 11 weeks. The Mozilla Foundation on Thursday released its first security update to Firefox, comprising a series of patches intended to prevent spoofing and phishing attacks and fix glitches that cause the browser to crash. The security update, Firefox 1.0.1, can be downloaded immediately at www.mozilla.org, and it will be available within a few days via Firefox's automatic update feature. "I'd encourage users to get this release, especially if they've been prone to phishing attacks or spoofing," says Chris Hofmann, director of engineering with Mozilla, a nonprofit software-development organization. "A lot of work in this release focuses on those areas."

The update covers a handful of security vulnerabilities and approximately 40 other fixes related to browser performance based on user feedback to Mozilla. The security vulnerabilities range from "moderately critical" in nature to not critical. None of them are highly critical, and there are no known exploits for any of the vulnerabilities, Hofmann says. One security patch addresses the problem of international domain name spoofing, in which a hacker could potentially spoof a Web site through the international characters in the browser. The fix involves putting "funny-looking characters" in the susceptible area of the browser, though Hofmann acknowledges it's only a temporary solution. Security firm Secunia described the IDN spoofing vulnerability in a bulletin earlier this month. The update is also meant to prevent cross-site scripting, in which an attacker gains access to data entered on a Web site by manipulating the browser....continued...

Click here to read the original article at InformationWeek.com

Click here to read the Press Release issued by the Mozilla.org folks





Microsoft Security Bulletin Summary and links issued for February, 2005

Rated as " CRITICAL "

Microsoft Security Bulletin MS05-005
Vulnerability in Office Could Allow Remote Code Execution
A critical vulnerability exists that could allow remote code execution affecting  MS Office, Project, and Visio.

Microsoft Security Bulletin MS05-009
Vulnerability in PNG Processing Could Allow Remote Code Execution
A critical public vulnerability exists that could allow remote code execution affecting  Windows Media Player, Windows Messenger, and MSN Messenger

Microsoft Security Bulletin MS05-010
Vulnerability in the License Logging Service Could Allow Remote Code Execution
A critical vulnerability exists that could allow remote code execution affecting Windows

Microsoft Security Bulletin MS05-011
Vulnerability in Server Message Block Could Allow Remote Code Execution
A critical vulnerability exists that could allow remote code execution.affecting Windows

Microsoft Security Bulletin MS05-012
Vulnerability in OLE and COM Could Allow Remote Code Execution
A critical vulnerability exists that could allow remote code execution affecting Windows

Microsoft Security Bulletin MS05-013
Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution
A critical public vulnerability exists that could allow remote code execution affecting Windows.

Microsoft Security Bulletin MS05-014
Cumulative Security Update for Internet Explorer
Critical Vulnerabilities exist in Windows & Internet Explorer that could allow remote code execution on an affected system

Microsoft Security Bulletin MS05-015
Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution
A critical vulnerability exists that could allow remote code execution affecting Windows


Rated as " IMPORTANT "

Microsoft Security Bulletin MS05-004
Vulnerability in ASP.Net May Lead to Authentication Bypass
An "Important"  vulnerability in ASP.NET that could allow an attacker to gain unauthorized access to certain parts of an ASP.NET site and affects The .NET Developer Tools and Platform

Microsoft Security Bulletin MS05-007
Vulnerability in Windows Could Allow Information Disclosure
An "important" vulnerability exists that could allow user names to be read when connected to a shared resource affecting Windows.

Microsoft Security Bulletin MS05-008
Vulnerability in Windows Shell Could Allow Remote Code Execution
An 'important" vulnerability exists that could allow remote code execution. However, user interaction is required and affects Windows.


Rated as " MODERATE "

Microsoft Security Bulletin MS05-006
Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks
A "moderate"  vulnerability exists that could allow a user to run a malicious script, spoof content, or modify caches affecting Windows and Office



On February 8, 2005, the Microsoft Security Response Center is planning to release:

  • 9 Microsoft Security Bulletins affecting Microsoft Windows. The greatest aggregate, maximum severity rating for these security updates is Critical. Some of these updates will require a restart.
  • 1 Microsoft Security Bulletin affecting Microsoft SharePoint Services and Office. The greatest aggregate, maximum severity rating for this security bulletin is Moderate. These updates may or may not require a restart.
  • 1 Microsoft Security Bulletin affecting Microsoft .NET Framework. The greatest aggregate, maximum severity rating for this security bulletin is Important. This update will require a restart.
  • 1 Microsoft Security Bulletin affecting Microsoft Office. The greatest aggregate, maximum severity rating for this security bulletin is Critical. These updates will require a restart.
  • 1 Microsoft Security Bulletin affecting Microsoft Windows, Windows Media Player, and MSN Messenger. The greatest aggregate, maximum severity rating for these security updates is Critical. These updates will require a restart.

No additional details about bulletin severities or vulnerabilities will be made available by Microsoft until February 8, 2005.

Microsoft is Offering Two Security Bulletin Webcasts in February




Microsoft Security Bulletin MS05-001
Vulnerability in HTML Help Could Allow Code Execution (890175)

If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.

Download:
Security Update for Windows 2000 | 2003 Server | WinNT | WinXP
Read About it http://www.microsoft.com/technet/security/Bulletin/MS05-001.mspx



Microsoft Security Bulletin MS05-002
Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)

An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs; view, change, or delete data; or create new accounts that have full privileges.

Download :
Windows 2000 | 2003 Server | WinNT | WinXP
Read About it : http://www.microsoft.com/technet/Security/bulletin/ms05-002.mspx


Microsoft Security Bulletin MS05-003
Vulnerability in the Indexing Service Could Allow Remote Code Execution

This update resolves a newly-discovered, privately reported vulnerability in the Indexing Service. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full privileges

Download :
Security Update for Windows 2000 | 2003 Server | WinXP
Read About it : http://www.microsoft.com/technet/security/bulletin/MS05-003.mspx




SPECIAL NOTE :Home users can use the built in auto-updating feature to snag the appropriate patches for their computers.



Microsoft Security Bulletin MS04-041
Vulnerability in WordPad Could Allow Code Execution (885836)
http://www.microsoft.com/technet/security/Bulletin/MS04-041.mspx
Severity: Important

Microsoft Security Bulletin MS04-042
Vulnerability in DHCP Could Allow Remote Code Execution and Denial of
Service (885249)
http://www.microsoft.com/technet/security/Bulletin/MS04-042.mspx
Severity: Important

Microsoft Security Bulletin MS04-043
Vulnerability in HyperTerminal Could Allow Code Execution (873339)
http://www.microsoft.com/technet/security/Bulletin/MS04-043.mspx
Severity: Important

Microsoft Security Bulletin MS04-044
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of
Privilege (885835)
http://www.microsoft.com/technet/security/Bulletin/MS04-044.mspx
Severity: Important

Microsoft Security Bulletin MS04-045
Vulnerability in WINS Could Allow Remote Code Execution (870763)
http://www.microsoft.com/technet/security/Bulletin/MS04-045.mspx
Severity: Important

Well.. its Tuesday and time to check out what the patch-elves at MS have been up to. Happy patching



MICROSOFT has issued an out-of-schedule critical patch for its Internet Explorer web browser, plugging a security hole that could allow a hacker to take control of a PC. The flaw allows the takeover of a PC via Internet Explorer 6 using specifically designed web pages. A number of different versions of the Windows operating system, from Windows 98 to Windows XP, are affected by the issue, which Microsoft has rated at its highest "critical" risk level. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges," Microsoft said in a security bulletin posted online.

"Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges," the bulletin says. Users that have installed the sizeable Service Pack 2 upgrade for the Windows XP operating system would already be protected against the patch, the company said. Windows XP 64-Bit Edition Version 2003, Windows Server 2003 and Windows Server 2003 64-Bit Edition are also unaffected by the problem. This update resolves a newly-discovered publicly reported vulnerability. A vulnerability exists in Internet Explorer that could allow remote code execution on an affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin.

If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

Click here to read the full Microsoft security bulletin MS05-040 and to determine which patch you need to download

Click here to go to Microsoft's automatic update site and let it determine which patch your IE browser needs

Affected Versions and Patch Download Links :
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1: Download the update
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows NT Server 4.0 Service Pack 6a, on Microsoft Windows NT Server 4.0 Terminal Service Edition Service Pack 6, on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Me: Download the update
  • Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition): Download the update
Microsoft recommends that customers install the update immediately and the fact that they released this patch 'out-of-schedule' tells you that they are taking this one quite seriously...PLEASE NOTE : The flaw doesn't affect users who have already installed XP SP2 and they do not need this patch



Security guru being pestered by the FBI for logs... The creator of the famous hacking tool Nmap is being hounded by the FBI for copies of web server log data from his Web site Insecure.org. Fyodor, as he is known, is a well known figure in the security world, specifically for his work with Nmap. In his blog, Fyodor said that the authorities were asking him for details but failing to give reasons of what they were up to. His message said: "FBI agents from all over the country have contacted me demanding Web server log data from Insecure.Org. They don't give me reasons, but they generally seem to be investigating a specific attacker whom they think may have visited the Nmap page at a certain time." The open-source network mapping program was designed to help security experts scan networks, services and applications. But some hackers have used the tool for malicious purposes, which Fyordor indicated he was unhappy with.

"One can argue whether helping the FBI is good or bad. Remember that they might be going after spammers, cyberextortionists, DDoS kiddies, etc. In this, I wish them the best. Nmap was designed to help security - the criminals and spammers put my work to shame!" Fyodor said he thought the FBI wanted access to his Web logs to investigate malicious hackers. "They don't give me reasons, but they generally seem to be investigating a specific attacker who they think may have visited the Nmap page at a certain time. So far, I have never given them anything. In some cases, they asked too late and data had already been purged through our data retention policy. In other cases, they failed to serve the subpoena properly. Sometimes they try asking without a subpoena and give up when I demand one....continued...

Click here to read the full story at Silicon.com




Four vendors of application security products have created an alliance to challenge the ability of large-scale vendors--such as Check Point Software Technologies, Cisco Systems, Juniper Networks, McAfee, and Symantec--to protect customers from hacker attacks and other security breaches. On Monday at the Computer Security Institute Conference in Washington, D.C., the CEOs of F5 Networks, Imperva, NetContinuum, and Teros challenged their larger rivals to join them in putting their products to the test before ICSA Labs, an independent information security product certifier. Their stated goal is to promote more consistent metrics for customers to evaluate products. The situation, as these upstarts describe it, is a growing market for Web application security--which the Yankee Group tags at $2 billion over the next five years--and suspect claims from vendors about the capabilities of their products.

In a prepared statement, the foursome suggests that some vendors are selling security short. "We are united regarding the minimum criteria that any security product must meet to provide acceptable protection for mission-critical Web applications," the companies state. "We believe these minimums are not being met by many vendors, despite marketing claims that strongly imply such protection. The result is a false sense of security that exposes consumers and corporations to a higher risk of identity theft and other similar data loss threats. Our goal is to pave the way for minimum standards that will ensure the safety of consumers as well as corporate and government environments on the Web." The application security vendors "normally don't talk to each other," says Bob Walters, CEO of Teros. "But we came together to help improve the situation." Gene Banman, CEO of NetContinuum, notes that his company and its allies have built their businesses around better Web application security....continued...

Click here to read the full story at Information Week




This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin. This is a spoofing vulnerability that exists in the affected products and that could enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site. However, an attacker would first have to persuade a user to visit the attacker’s site to attempt to exploit this vulnerability. MS recommends that customers install the update at the earliest opportunity.

This vulnerability would not allow an attacker to spoof an SSL certificate. An attacker would not be able to successfully use SSL certificates that belong to other domain names. For example, a spoofed Web site cannot use a trusted Web site’s SSL certificate to establish an SSL session with a user. If a spoofed Web site tries to do this, authentication fails and the user receives a warning message. An attacker would first have to persuade a user view content that causes a reverse lookup to occur. For example, an attacker could persuade a user to visit the attacker’s Web site by using an IP address that would cause a reverse lookup to occur. Systems that enable the default Site and Content rule permitting “All traffic” to “All Destinations” are not affected by this vulnerability. However this rule is generally disabled as a security best practice guideline and we do not recommend enabling to help mitigate this issue vulnerability....continued...

Click here to read the full security bulletin at Microsoft

For the Microsoft Proxy Server 2.0 Service Pack 1 click here for the Update from MS

For the Microsoft Internet Security and Acceleration Server 2000 Service Pack 1 and Microsoft Internet Security and Acceleration Server 2000 Service Pack 2 click here for the Update from MS




Ah the old MS patch factory was rather occupied lately getting the Service Pack II ready and out the door. But now that they have completed that task it is back to business releasing 'yet another pile of patches' for the Microsoft product line. Without further adieu... here is this months releases and their respective links to the Microsoft web site :

  • MS04-038: Cumulative Security Update for Internet Explorer (Critical)
  • MS04-037: Vulnerability in Windows Shell Could Allow Remote Code Execution (Critical)
  • MS04-036: Vulnerability in NNTP Could Allow Remote Code Execution  (Critical)
  • MS04-035: Vulnerability in SMTP Could Allow Remote Code Execution (Critical)
  • MS04-034: Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (Critical)
  • MS04-033: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (Critical)
  • MS04-032: Security Update for Microsoft Windows (Critical)
  • MS04-031: Vulnerability in NetDDE Could Allow Remote Code Execution (Important)
  • MS04-030: Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service  (Important)
  • MS04-029: Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (Important)
  • 2005 Payson Technology Group, LLC All rights reserved. Payson Technology Group, LLC  

    2005GovSecurity.orgAll rights reserved.Study Reportcns