Security UPDATE, July 10, 2002

[InfoSec News <isn () c4i org>]

********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Free Demo--Panda Antivirus Enterprise Suite
   http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw023o0AU

Exchange & Outlook Administrator Web Site
   http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw023p0AV
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: FREE DEMO--PANDA ANTIVIRUS ENTERPRISE SUITE ~~~~
   Panda Antivirus Enterprise Suite is a fully integrated and seamless
security solution that protects networks from all sides of attack -
from firewalls, SMTP gateways, proxy servers to Exchange Servers and
desktops. Panda not only detects and destroys more than 63,000 known
viruses, but heuristically scans and eliminates unknown malicious
code. Truly automatic updates every 24 hours. Central Administration.
24x7x365 free tech support. Disinfects virus-infected email at the
packet level. Download a FREE demo now.
   http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw023o0AU

~~~~~~~~~~~~~~~~~~~~

July 10, 2002--In this issue:

1. IN FOCUS
     - Five-Minute Security Advisor--and More
2. SECURITY RISKS
     - Multiple Vulnerabilities in WMP
     - Multiple Vulnerabilities in Commerce Server 2002 and Commerce
       Server 2000

3. ANNOUNCEMENTS
     - Get Valuable Info for Free with IT Consultant Newsletter
     - July Is Hot! Our Free Webinars Are Cool!

4. SECURITY ROUNDUP
     - News: EU Warns Microsoft About Palladium
     - Feature: External Firewall Attacks

5. INSTANT POLL
     - Results of Previous Poll: Is OSS Less Secure?
     - New Instant Poll: Credit Card Information Theft

6.SECURITY TOOLKIT
     - Virus Center
     - FAQ: Why Do I Receive the Error Message "You May Not Remove the
       Local Logon Right from the Administrators Local Group" When I 
       Edit User Rights?

7. NEW AND IMPROVED
     - End-to-End Security Solution for Small and Large Enterprises
     - Bootability Added to USB 2.0 and FireWire

8. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Mapping Drives Through ISA Server 2000

9. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* FIVE-MINUTE SECURITY ADVISOR--AND MORE

Have you seen Microsoft's "5-Minute Security Advisor" documents?
According to the company's TechNet site (where you'll find the
documents), "The 5-Minute Security Advisor series has been created to
help quickly communicate important security topics, tasks, and issues.
The advisor will point to the content necessary to go deeper into
technical details or into step-by-step, how-to guides."
   http://www.microsoft.com/technet/columns/security/5min/default.asp

The series currently includes 15 documents divided into four levels,
with each level based on users' situations, expertise, and needs.
You'll find security-related documents for small office/home office
(SOHO) and home users, power users, IT professionals, and network and
systems administrators. Available documents cover a range of subjects:
   - Simple Firewall Setup for Home Office Users
   - Protecting Your Computer Against Compromise
   - Configuring Your Computer for Multiple Users
   - Getting the Most from Windows Update (Automated Security
Assessment and Updates)
   - Essential Security Tools for Home Office and Power Users
   - Using the Encrypting File System
   - Basic Physical Security
   - Using the Internet Connection Firewall
   - The Road Warrior's Guide to Laptop Protection
   - How Windows XP Protects Your Privacy
   - How Outlook Security Works
   - Configuring Outlook Web Access
   - Choosing A Good Password Policy
   - Recovering Encrypted Data Using EFS
   - Signing Office Objects
As you can see, the list includes a variety of topics--and if you want
to see a document about a particular topic that isn't covered, you're
invited to submit that topic for the series.
 
In addition to the 5-Minute Security Advisor documents, Microsoft
maintains a long list of "Security How-Tos" that explain various tasks
you're likely to perform on Windows-based systems. On the how-to Web
page, you'll find dozens of documents that cover various aspects of
security for XP, Windows 2000 Server, Win2K Professional, Microsoft
IIS, and Microsoft Internet Security and Acceleration (ISA) Server
2000. For example, the IIS section includes information about how to
prevent mail relaying through the SMTP connector and how to use IP
Security (IPSec) to secure communications between hosts. The XP
section includes instructions for sharing encrypted files and for
preventing users from running or stopping scheduled services. The ISA
Server 2000 section includes information about how to filter Web Proxy
cache entries. Although most of the articles have been published and
available in the TechNet database for some time, they seem to have
been recently updated.
   http://www.microsoft.com/technet/itsolutions/howto/sechow.asp

Finally, have you tried Microsoft Software Update Services (SUS)? The
service (see the first URL below) is designed to audit a system and
determine which patches that system might need. You can learn more
about SUS at the first URL below, where Microsoft has posted
additional information that includes a Flash-based demo of the
service. The two versions of SUS serve individual users (see the
second URL below) as well as corporate users. I've seen complaints
about SUS posted on various mailing lists. For example, to determine
whether a specific patch is missing, SUS checks only registry keys,
whereas another Microsoft tool, HFNetChk, checks files to detect
versioning or checksum issues that SUS would miss. If you use SUS or a
third-party patch-auditing tool instead, please send me an email
message about your experience.
   http://www.microsoft.com/technet/ittasks/support/corpwu.asp
   http://windowsupdate.microsoft.com

I'm not surprised that Microsoft's emphasis on security and
trustworthy computing has led to an increased emphasis on security
resources. Let me know what you think about these resources, such as
the 5-Minute Security Advisor documents, or about other resources
you've discovered.
 
~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: EXCHANGE & OUTLOOK ADMINISTRATOR WEB SITE ~~~~
   GOT A MESSAGING PROBLEM YOU CAN'T SEEM TO FIX?
   Visit our Exchange & Outlook Administrator Web site for news,
articles, discussion forums, FAQs, and technical solutions in one,
easy-to-navigate Web site. While you're there, check out the popular
article "Is Your Exchange Server Relay-Secure?" at
   http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw02uh0AT
   http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw023p0AV

~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====

* MULTIPLE VULNERABILITIES IN WMP
   Jelmer and the Security Internals Research Team discovered multiple
vulnerabilities in Microsoft Windows Media Player (WMP), one of which
could result in an attacker executing arbitrary code on the vulnerable
system. Microsoft Security Bulletin MS02-032 (26 June 2002 Cumulative
Patch for Windows Media Player) addresses this vulnerability and
recommends that affected users download and apply the appropriate
patch mentioned in the bulletin. These patches are cumulative and
address all previously discovered WMP vulnerabilities.
   http://www.secadministrator.com/articles/index.cfm?articleid=25784

* MULTIPLE VULNERABILITIES IN COMMERCE SERVER 2002 AND 2000
   Mark Litchfield of Next Generation Security Software discovered
multiple vulnerabilities in Microsoft Commerce Server 2002 and
Commerce Server 2000, each of which can run an attacker's choice of
code. Microsoft Security Bulletin MS02-033 (Unchecked Buffer in
Profile Service Could Allow Code Execution in Commerce Server)
addresses this vulnerability and recommends that affected users
download and apply the appropriate patch mentioned in the bulletin.
These patches are cumulative and address all previously discovered
vulnerabilities in the affected product.
   http://www.secadministrator.com/articles/index.cfm?articleid=25785

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* GET VALUABLE INFO FOR FREE WITH IT CONSULTANT NEWSLETTER
   Sign up today for IT ConsultantWire, a FREE email newsletter from
Penton Media. This newsletter is specifically designed for IT
consultants, bringing you news, product analysis, project management
and business logic trends, industry events, and more. Find out more
about this solution-packed resource and sign up for FREE at
   http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw0rfb0AC

* JULY IS HOT! OUR FREE WEBINARS ARE COOL!
   Check out our latest Web seminar offerings from Windows & .NET
Magazine. "Storage, Availability, and You," sponsored by VERITAS, will
help you bring your Windows storage under control. "Easing the
Migration: 15 Tips for Your Windows 2000 Journey", sponsored by
ePresence, will help you plan and implement a successful Win2K
migration. Find out more and register today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw02lB0Ag

4. ==== SECURITY ROUNDUP ====

* NEWS: EU WARNS MICROSOFT ABOUT PALLADIUM
   Incoming European Union (EU) Competition Directorate-General Philip
Lowe warned Microsoft yesterday that its upcoming security plan,
Trustworthy Computing (code-named Palladium), shouldn't exclude the
company's competitors. Speaking at a conference sponsored by the
American Antitrust Institute, Lowe said that the EU will ensure that
"[Microsoft] competitors have the capacity to offer the range of
services they want to provide, including security. We have always
emphasized ... interoperability."
   http://www.secadministrator.com/articles/index.cfm?articleid=25774

* FEATURE: EXTERNAL FIREWALL ATTACKS
   Malicious intruders use literally hundreds of methods and tools
when they attempt to compromise PCs. Some attacks are technically
sophisticated and require the skills of a learned intruder. But more
and more often, worms and Trojan horses automate external attacks that
scour the Internet looking for vulnerable machines. Attackers use
compromised machines as a staging area for more attacks against new
machines. In this article, Roger Grimes outlines some of the more
common attack types you're likely to experience.
   http://www.secadministrator.com/articles/index.cfm?articleid=25543

5. ==== INSTANT POLL ====

* RESULTS OF PREVIOUS POLL: IS OSS LESS SECURE?
   The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question, "Do
you think that open source software (OSS) is less secure than closed
source software, such as Windows?" Here are the results (+/- 2
percent) from the 416 votes:
   - 20% Yes
   - 73% No
   -  7% Not sure

* NEW INSTANT POLL: CREDIT CARD INFORMATION THEFT
   The next Instant Poll question is, "Have you or has your company
experienced credit card information theft through the Internet?" Go to
the Security Administrator Channel home page and submit your vote for
a) I have experienced Internet credit card information theft, b) My
company has experienced Internet credit card information theft, c)
Both have experienced Internet credit card information theft, or d)
Neither has experienced Internet credit card information theft through
the Internet.
   http://www.secadministrator.com

6. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: Why Do I Receive the Error Message "You May Not Remove the
Local Logon Right from the Administrators Local Group" When I Edit
User Rights?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. Before Microsoft developed the Microsoft Management Console (MMC)
Active Directory Users and Computers snap-in, administrators used the
User Manager for Domains tool to manage user accounts. You might still
need to administer a Windows NT 4.0 domain from Windows 2000 or NT 4.0
clients, which can lead to problems when you try to add or remove user
accounts from the "Grant To" list in the User Rights Policy dialog box
and result in the following error message:

"You may not remove the local logon right from the Administrators
local group. Doing so will disable all local administration of this
computer."

This error can result from the following conditions:
   - A Win2K Professional installation is running the NT 4.0
Administration Tools. Win2K machines must run the Win2K Administration
Tools (i.e., adminpak.msi) that come with Win2K Server.

   - The "Grant To" list you're attempting to modify contains a
deleted user or group. To resolve this problem, you must log on to the
PDC of the NT 4.0 domain and use the local User Manager for Domains
tool to remove the deleted account or group from the "Grant To" list.

7. ==== NEW AND IMPROVED ====
   (contributed by Judy Drennen, products () winnetmag com)

* END-TO-END SECURITY SOLUTION FOR SMALL AND LARGE ENTERPRISES
   Funk Software announced Odyssey, the first end-to-end 802.1x
security solution that lets users securely access wireless LANs
(WLANS) but can be easily and widely deployed and managed across an
enterprise network. Odyssey includes client and server software. The
product runs on Windows XP, Windows 2000, Windows Me, and Windows 98.
Odyssey costs $2500, which includes the Odyssey Server and 25 Odyssey
Client licenses. Standalone client licenses are available for $50
each. Contact Funk Software at 800-828-4146.
   http://www.funk.com

* BOOTABILITY ADDED TO USB 2.0 AND FIREWIRE
   CMS Peripherals announced the addition of complete system
bootability for its USB 2.0 and FireWire Notebook and Desktop
Automatic Backup System Plus (ABSplus) for Windows users. With the
additional disaster-recovery capability, ABSplus users have for their
computers data security that lets them quickly replace failed hard
disks with the ABSplus hard disk. ABSplus runs on Windows XP, Windows
2000, Windows NT, Windows Me, and Windows 9x. Prices start at $279.
Contact CMS at 800-327-5773 or go to the Web site.
   http://www.cmsproducts.com

8. ==== HOT THREADS ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: Mapping Drives Through ISA Server
   (Ten messages in this thread)

Dave writes that when he accesses a VPN through a dial-up connection
to Microsoft Internet Security and Acceleration (ISA) Server 2000, he
can map drives to internal network machines by IP address, but when he
tries to map drives using Network Neighborhood (by double-clicking a
listed machine), he receives an "Access denied" error message. To read
the responses or offer help, use the URL below.
   http://www.secadministrator.com/forums/thread.cfm?thread_id=83830

9. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- vpatterson () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.


MANAGE YOUR ACCOUNT
You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.