Information Security News mailing list archives

Windows & .NET Magazine Security UPDATE--June 11, 2003


From: InfoSec News <isn () c4i org>
Date: Thu, 12 Jun 2003 02:38:53 -0500 (CDT)

====================

==== This Issue Sponsored By ====

Shavlik Technologies
http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw076e0A1

Windows & .NET Magazine
http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw06cX0AX

====================

1. In Focus: Windows 2003 Patches; Responsible Vulnerability Reporting

2. Security Risks
     - Buffer Overruns in IE

3. Announcements
     - Get Exclusive VIP Web Site Access!
     - Learn 10 Ways to Deal with Spam!

4. Security Roundup
     - News: Windows & .NET Magazine Names TechEd 2003 Best of Show
       Winners
     - News: Microsoft Adds New Security Certification Program
     - News: Microsoft and VeriSign Partner on PKI
     - Feature: IPSec Enhancements for XP and Win2K

5. Instant Poll
     - Results of Previous Poll: Windows Update and SUS
     - New Instant Poll: Certifications and Hiring

6. Security Toolkit
     - Virus Center
        - Virus Alert: Bugbear.B
     - FAQ: How Do I Ensure that GPOs Are Applied When I Move a
       Computer to a New OU?

7. Event
     - Security 2003 Road Show
 
8. New and Improved
     - Secure Your PC
     - Token User Authentication
     - Submit Top Product Ideas

9. Hot Thread
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Blocking KaZaA

10. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: Shavlik Technologies ====

Shavlik HFNetChkPro - Get 20% off in June!
   Buy HFNetChkPro in June and receive 20% off! Shavlik HFNetChkPro
4.0, the leader in automated patch management, assesses your network
for missing security patches and automatically deploys patches, saving
you thousands of hours. It includes loads of features that save time
for busy security professionals while offering greater enterprise
security. HFNetChkPro 4.0 automates patch remediation for Microsoft
Office, Windows Server 2003, Exchange, SQL, Outlook, Java Virtual
Machine and more. Now's the time to download our free HFNetChkLT
version at www.shavlik.com and take a test drive!
   http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw076e0A1

====================

==== 1. In Focus: Windows 2003 Patches; Responsible Vulnerability
Reporting ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

You're probably aware by now that Microsoft recently released security
patches for Internet Explorer (IE) 6.0, IE 5.5, and IE 5.01, including
IE 6.0 for Windows Server 2003. The problems relate to unchecked
buffers that could let arbitrary code execute on a user's machine.
Patching your machines against these problems is probably critical.
You can read about the problems in the article, "Buffer Overruns in
IE," in this issue of Security UPDATE.

The patch represents the first for the new Windows 2003 OS, and it
came less than 2 months after the initial release. It's good to know
that the company has taken care of that particular problem quickly,
but apparently another patch for the new OS might be necessary soon.

According to SecurityFocus, a user reported that Windows systems might
be vulnerable to Denial of Service (DoS) attacks under certain
conditions. If a Windows 2003, Windows XP, or Windows 2000 system has
IP version 6 (IPv6) enabled, an attacker might be able flood the
server with Internet Control Message Protocol (ICMP) packets resulting
in a DoS condition for the target system.
   http://www.securityfocus.com/bid/7788

Microsoft is undoubtedly aware of the problem, but at the time of this
writing, the company hasn't released a bulletin or patch. The problem
is probably moderate and won't affect a huge number of systems because
IPv6 isn't as widely deployed as IPv4. Nevertheless, we can probably
expect Microsoft to issue a patch soon. Both the recently patched
problems with IE and this DoS problem point out that faults found in
code used across multiple versions of products families will, more
often than not, carry over into the Windows 2003 OS, as has been the
case with previous product versions.

Speaking of newly reported vulnerabilities, the Organization for
Internet Safety (OIS) has finally released its long-awaited draft
proposal that outlines a process that security researchers and vendors
can use to coordinate their efforts to patch security vulnerabilities.

You recall that in 2001, Guardent, Foundstone, BindView, @stake, and
Internet Security Systems (ISS) established OIS, which now counts the
SCO Group, Network Associates, Oracle, and Symantec among its members.
The group initially submitted a draft proposal to the Internet
Engineering Task Force (IETF) as a Request for Comments (RFC).
However, the IETF decided its forum wasn't suited for guideline
proposals about responsible reporting. So the group struck out on its
own to finish its draft, "Security Vulnerability Reporting and
Response Process," now available to the public at the URL below.
   http://www.oisafety.org/resources.html

According to an OIS press release, the draft "provides specific,
prescriptive guidance that establishes a framework in which
researchers and vendors can collaborate to improve the speed and
quality of security investigations, thereby helping better protect
Internet users and infrastructure." OIS is offering a period of time
(until July 7) for the public to provide its own commentary about the
draft. According to OIS, it will respond to the comments as best it
can and post the comments to its Web site for everyone to read
(excluding the commentators' personal contact information, of course).

The draft proposal suggests that researchers not disclose their
findings to the public until either a patch is released or researchers
have exhausted their efforts to interact with a vendor and have
reached an irreconcilable impasse. Symantec is a member of OIS and
also owns SecurityFocus along with various mailing lists now
associated with SecurityFocus, including the popular BugTraq list.

Historically, BugTraq has offered researchers a place to openly reveal
any information they feel necessary, including demonstration code,
even if that code could lead to exploitation of a given vulnerability.
SecurityFocus also operates a mailing list called Vuln-Dev, in which
researchers can and do discuss possible security problems with various
products. The discussions sometimes include code used to test
particular would-be security problems and sometimes include
considerable detail about researcher findings.

I wonder whether the OIS proposal, which Symantec obviously supports,
will eventually affect the operation of those mailing lists and other
mailing lists operated by other entities? We'll have to wait and see.

One final note about vulnerabilities: Be sure your systems are
protected against the Bugbear.B worm. It's a nasty one. You can learn
more about it in the associated "Virus Alert" in this issue of the
newsletter.

Correction: In last week's Security UPDATE commentary, ".html" was
omitted from the URL given for more information about Bayesian
filtering. The correct URL is
   http://www.paulgraham.com/articles.html

====================

==== Sponsor: Windows & .NET Magazine ====

Insider's Guide to IT Certification eBook
   Get the eBook that will help you get certified!  The "Insider's
Guide to IT Certification," from the Windows & .NET Magazine Network,
has one goal: to help you save time and money on your quest for
certification. Find out how to choose the best study guides, save
hundreds of dollars, and be successful as an IT professional. The
amount of time you spend reading this book will be more than made up
by the time you save preparing for your certification exams. Order
your copy today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw06cX0AX

====================

==== 2. Security Risks ====
   contributed by Ken Pfeil, ken () winnetmag com

Buffer Overruns in IE
   eEye Digital Security discovered two new vulnerabilities in
Microsoft Internet Explorer (IE) that can result in the execution of
arbitrary code on the vulnerable system. The vulnerabilities are a
buffer-overrun vulnerability that results from IE improperly
determining an object type a Web server returns and a condition in
which IE doesn't implement an appropriate block on a file-download
dialog box. Microsoft has released Security Bulletin MS03-020
(Cumulative Patch for Internet Explorer) to address these
vulnerabilities and recommends that affected users immediately apply
the appropriate patch mentioned in the bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=39227

==== 3. Announcements ====
   (from Windows & .NET Magazine and its partners)

Get Exclusive VIP Web Site Access!
     The Windows & .NET Magazine VIP Site is a subscription-based
online technical resource that's chock-full of problem-solving
articles from all our publications. For a limited time, you can access
this banner-free site at which you'll find exclusive content usually
reserved for VIP Site members only. Only VIP subscribers can access
this site after June 13, so check it out today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw05Ih0AM

Learn 10 Ways to Deal with Spam!
   In this audiocast event, you'll discover simple but effective ways
to fight spam, plus learn the common tricks spammers use to get your
email address. You'll also receive a free white paper from NetIQ about
controlling spam and the chance to download a free trial of NetIQ
MailMarshal SMTP. Register today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw0BAjG0Ae

==== 4. Security Roundup ====

News: Windows & .NET Magazine Names TechEd 2003 Best of Show Winners
   Windows & .NET Magazine named Best of Show products in seven
categories as well as an overall winner at TechEd 2003 in Dallas.
Michele Crockett, Windows & .NET Magazine editor, presented awards to
Windows technology vendors and announced an overall Best of Show
winner. The field included more than 211 entries, and the judges
evaluated products based on their strategic importance in the market,
the competitive advantage they offer, and their value to the customer.
   http://www.secadministrator.com/articles/index.cfm?articleid=39225

News: Microsoft Adds New Security Certification Program
   Microsoft announced that it will offer a new security
specialization program under its Microsoft Certified Systems
Administrator (MCSA) and Microsoft Certified Systems Engineer (MCSE)
 credentials.
   http://www.secadministrator.com/articles/index.cfm?articleid=39214

News: Microsoft and VeriSign Partner on PKI
   Microsoft and VeriSign announced plans to extend interoperability
between Windows Server 2003 and VeriSign's Managed PKI Services.
   http://www.secadministrator.com/articles/index.cfm?articleid=39213

Feature: IPSec Enhancements for XP and Win2K
   Until recently, Microsoft platforms didn't support the use of Layer
Two Tunneling Protocol (L2TP) connections in combination with Network
Address Translation (NAT). To improve the interoperability of Windows
XP and Windows 2000 systems with Windows Server 2003 systems,
Microsoft recently released an update for XP and Win2K platforms that
lets clients create secure IP Security (IPSec) connections to a
Windows 2003 server when the clients are behind a firewall or a router
running NAT. Read more about the update in this article on our Web
site.
   http://www.winnetmag.com/windowsserver2003/index.cfm?articleid=39166

==== 5. Instant Poll ====

Results of Previous Poll: Windows Update and SUS
   The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question, "Do
you use either Windows Update or Software Update Services (SUS)?" Here
are the results from the 239 votes.
   - 67% Yes
   - 10% Yes--We also use a third-party update tool
   - 18% No
   -  5% No--We use only a third-party update tool

New Instant Poll: Certifications and Hiring
   The next Instant Poll question is, "Does your company hire IT
administrators based on certifications?" Go to the Security
Administrator Channel home page and submit your vote for a) We hire
based largely on certifications, b) We hire based on certifications
and experience, c) We consider certifications secondary to work
experience, or d) We hire based only on proven experience.
   http://www.secadministrator.com

==== 6. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

Virus Alert: Bugbear.B
   A new and dangerous worm, Bugbear.B, is spreading rapidly through
email and network shares. The email messages used to spread the worm
use random subjects and random file attachment names. The worm can be
triggered by simply viewing the message in a Microsoft Outlook preview
pane if the user's system isn't configured for tight security and
doesn't have the proper security patches installed. The worm tries to
disable various pieces of security-related software, installs Trojan
horse software, and logs keystrokes. For more details about the worm,
be sure to visit the URL below.
   http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=39823

FAQ: How Do I Ensure that GPOs Are Applied When I Move a Computer to a
New OU?
   by Randy Franklin Smith, rsmith () montereytechgroup com

A. You don't have to create computer accounts in the correct
organizational unit (OU) from the beginning; you can move accounts
from OU to OU at any time and expect new Group Policy Objects (GPOs)
to take effect. However, a computer checks the path of the OU in which
it resides only at boot-up. After that, whenever the computer
reapplies Group Policy, it simply checks to see whether the GPOs
applied previously have changed. If you move the computer to a new OU,
the computer doesn't recognize the move until the next reboot.
Therefore, GPOs linked to the computer's new OU won't take effect
until you reboot the computer.

==== 7. Event ====

Security 2003 Road Show
   Join Mark Minasi and Paul Thurrott as they deliver sound security
advice at our popular Security 2003 Road Show event.
   http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw07Kz0Ai

==== 8. New and Improved ====
   by Sue Cooper, products () winnetmag com

Secure Your PC
   SOFTWIN released BitDefender Professional 7.0 to provide antivirus,
active content control, Internet filtering, and data confidentiality
for Windows systems. The software blocks malicious applications,
specified URLs, ports, and IPs--and lets you to block ActiveX, Java
Applets, or Java Script code based on your configurations. BitDefender
alerts you if your system settings let inappropriate codes run or if
an application is trying to access the Internet. It filters incoming
and outgoing cookie-type files to preserve your confidentiality and
filters against viruses transmitted through Instant Messaging (IM)
software. BitDefender Professional 7.0 is available in four languages;
you can download it from the Web site listed below. The software runs
on Windows XP/2000/NT/Me/98. Prices start at $44.95 for a single
license. Contact SOFTWIN at sales () bitdefender com.
   http://www.bitdefender.com

Token User Authentication
   Pointserve Data launched Passholder, which provides two-factor
authentication (i.e., based on something you have and something you
know) for your users. The software resides on a cryptographically
protected secure USB token. The token (instead of the PC) can store a
users' name, domain, and corporate and personal passwords, which users
can retrieve when needed with their user PIN number. The token can
also store digital certificates. You can decide whether users will
manually update their Windows password to the token or whether
Passholder will automatically generate and update the password without
user intervention to comply with corporate security policy. Passholder
supports Windows XP/2000/NT. Contact Pointserve at
sales () passholder net or on the company's Web site.
   http://www.passholder.net

Submit Top Product Ideas
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

==== 9. Hot Thread ====

Windows & .NET Magazine Online Forums
   http://www.winnetmag.com/forums

Featured Thread: Blocking KaZaA
   (Three messages in this thread)

A user writes that he has a network environment of 30 sites and wants
to block the use of KaZaA. He wants to know the best way to go about
blocking peer-to-peer (P2P) file sharing on his networks. Lend a hand
or read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=59679

==== Sponsored Link ====

FaxBack
   Integrate FAX into Exchange/Outlook (Whitepaper, ROI, Trial)
   http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw0BAgm0AF

===================

==== 10. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

====================
   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing Windows and related technologies. Subscribe
today.
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.


Current thread: