Kevin's song of the week.....
news://msnews.microsoft.com/u59UrcMUEHA.3332@tk2msftngp13.phx.gbl
KB's of interest....
834141 - FIX: IP address is revealed in the content-location field in
the TCP header in IIS 6.0:
http://support.microsoft.com/?kbid=834141
843073 - Non-English language reports contain English text after you
install Service Pack 2 in ISA Server 2000:
http://support.microsoft.com/?kbid=843073
837019 - Description of the Outlook 2003 hotfix package: March 17, 2004:
http://support.microsoft.com/?kbid=837019
837365 - You cannot expand the public folders list in Exchange System
Manager on a Windows Small Business Server 2003-based computer:
http://support.microsoft.com/?kbid=837365
836413 - You receive an "unexpected error occurred" error message when
you try to access resources on a Windows-based network from your
Macintosh computer:
http://support.microsoft.com/?kbid=836413
840685 - An event ID 1000 error message is logged to the application
event log when you restart Windows Small Business Server 2003:
http://support.microsoft.com/?kbid=840685
<<SMBnation announces Dr. Tom [Mr. ISA] Shinder and Brian Livingston as
Keynoters http://www.smbnation.com/ >>
Last week two security patches for Microsoft products - one for DirectX,
one for CRM applications.
Microsoft Security Bulletin MS04-016: Vulnerability in DirectPlay Could
Allow Denial of Service (839643):
http://www.microsoft.com/technet/security/Bulletin/MS04-016.mspx
Microsoft Security Bulletin MS04-017: Vulnerability in Crystal Reports
Web Viewer Could Allow Information Disclosure and Denial of Service
(842689):
http://www.microsoft.com/technet/security/Bulletin/MS04-017.mspx
No patch for this one - take mediation at this time....
(1) HIGH: Internet Explorer Multiple VulnerabilitiesAffected: IE 6.0 and
6.0 SP1
Description: Fully patched versions of Internet Explorer
reportedlycontain the following vulnerabilities that are being exploited
in thewild to compromise client systems. (a) Internet Explorer
successfullyprocesses a webserver response that redirects the location
of a resourceto a file on the client system. Note that this file can be
accessed inthe security context of the "Local Computer Zone". (b)
Internet Explorercontains a cross-domain vulnerability that can be
triggered whenhandling a frame, and a "modal dialog box" that is invoked
from theframe. These vulnerabilities can be exploited by a malicious
website toexecute arbitrary code on a client system. The technical
details and theexploits have been publicly posted.Status: Microsoft not
confirmed, no patches available.Council Site Actions: Most of the
reporting council sites are awaitingthe vendor patches. Some sites plan
to roll out the patch during thenormal system update cycle and others
plan to expedite the rollout.Several sites have already notified their
desktop support teams to beaware of the problem.Referencesosting by
Rafel Ivgi
http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0031.html
Analysis by Jelmer
CERT Advisoryhttp://www.kb.cert.org/vuls/id/713878
Modal Dialog Box
Referencehttp://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/reference/methods/showmodaldialog.asp
SecurityFocus BIDshttp://www.securityfocus.com/bid/10473
http://www.securityfocus.com/bid/10472
UPDATE - YES IT WORKS JUST FINE ON XP WITH IE6 and even works like a
champ on XP sp2]
So I just kicked my workstation at the office and the workstation at
home's Internet explorer to ?high security? settings. What that means is
that I've shut down the scripting and active X to be automatically
blocked at all times. Then if I have a web site that I really trust and
know if an OK site, I add it to ?my trusted site? list. Now this
normally is a pain and a bother.... tools, options, security, internet
zone, add sites, blah blah... way way way too cumbersome. Well not
anymore! My MVP buddies showed me this gem --
http://www.microsoft.com/windows/ie/previous/webaccess/pwrtwks.mspx
This little IE addition adds a quick shortcut under ?Tools? for ?add to
trusted sites?. I just did this to a couple of people at the office and
here at home and showed them all they have to do when they get to a web
site that they really ?need? to have working [like a business site] they
can add the site to the trusted zone and hit ?refresh? and voila.
Very nice. Very much safer out here.
I've also adjusted my "trusted zone" to not be "low" and instead is now
"medium" so it prompts me instead of automatically scripting. And add
sites to the trusted zone SPARINGLY.
****************************************************************
(2) MODERATE: Oracle E-Business Suite SQL Injection
VulnerabilitiesAffected: Oracle E-Business Suite versions 11i, 11.5.1 to
11.5.8Oracle Applications version 11.0Description: Oracle E-Business
suite offers a set of applications toautomate business processes such as
marketing, customer services,supply-chain management etc. The pertinent
business information istypically stored in a single database, and
accessed via the webfront-end offered by the E-Business suite
applications. This suitecontains multiple SQL injection vulnerabilities.
These flaws can beexploited via malicious HTTP requests to execute
arbitrary SQLstatements and procedures against the back-end database,
possiblyresulting in the compromise of the entire database. Note that
theInternet facing web servers hosting the E-Business suite
applicationsface the maximum risk. Very limited technical details
regarding how toexploit the flaws have been posted.Status: Vendor
confirmed, updates available.Council Site Actions: Only one of the
reporting council sites is usingthe affected software; however their
Oracle servers are internal facingonly. They plan to install the patches
after regression testing.Referencesosting by Integrigy
Securityhttp://archives.neohapsis.com/archives/vulnwatch/2004-q2/0032.html
Oracle Security
Advisoryhttp://otn.oracle.com/deploy/security/pdf/2004alert67.pdf
Oracle E-Business Suite
Homepagehttp://www.oracle.com/applications/index.html
SecurityFocus BIDhttp://www.securityfocus.com/bid/10465
California identity theft law remains low-key Nearly a year after
California's landmark SB 1386 identity theft law went into effect, there
has been none of the troublesome litigation that had been predicted to
come in its wake. But the law has raised overall corporate awareness of
the need to have strong privacy protections in place, legal experts said
last week.
http://computerworld.com/securitytopics/security/privacy/story/0,10801,93667,00.htmlPreventing
identity theft focus of regional
meetinghttp://www.usatoday.com/tech/news/2004-06-08-id-theft_x.htm
Security gaps in Dutch airline and government wireless networksDuring
its special on computer attacks on June 3, the Dutch current-affairs
programme, Zembla, demonstrated to television viewers just how easy it
is to break into wi-fi networks and gain access to confidential
information. The networks found to be lacking in security were operated
by the Dutch airline, KLM, and the Ministry for Public Works and Water
Management (Rijkswaterstaat).
http://www.dmeurope.com/default.asp?ArticleID=1984
GAO points to airport security holes
http://www.fcw.com/fcw/articles/2004/0607/web-gaotsa-06-08-04.asp
- - - - - - - - - -
Russia and China 'behind current spam deluge'
As hardcore criminals step up their spamming,
experts believe that nine out of 10 of all emails
may soon be unsolicited junk. Organised criminals
based in Russia are fuelling the rise in the
amount of spam sent over the Internet, according
to a leading opponent of junk mail.
http://news.zdnet.co.uk/internet/security/0,39020375,39157120,00.htm
- - - - - - - - - -
Woman fights for new domain to protect children
Three years ago, Mary Conyers was shocked and
horrified when her granddaughter accidentally
pulled up an adult website on the Internet.
?She finished her homework and was going to
look at Teen magazine and bam! there it was,?
Conyers, the founder of Protect Every Child,
said. A simple spelling error sent Conyers'
granddaughter to this pornographic website
featuring teenagers. At that moment, Conyers
made a promise to her granddaughter that she's
still fighting to keep.
http://rdu.news14.com/content/headlines/?ArID=48769&SecID=2
- - - - - - - - - -
Apple posts second Mac OS X vuln patch
Update Apple has posted a second software update
intended to fix a vulnerability that exploits the
way Mac OS X handles URI links. We installed the
update, Security Update 2004-06-07, on a Mac OS
X 10.3.4 machine. After restarting the machine,
we went straight to Unsanity's web site, the
location of a pair of web pages that test the
URI vulnerability. Neither tests was blocked by
the update, details of which can be found here.
http://www.wired.com/news/mac/0,2125,63756,00.html
- - - - - - - - - -
Microsoft releases monthly security patches
Microsoft Corp. released software updates for
versions of Windows XP and Windows Server 2003
and warned customers about a security vulnerability
in a Windows component called IDirectPlay4, which
is used to support multiplayer network games.
http://security.itworld.com/4940/040608mssecurity/page_1.html
http://zdnet.com.com/2100-1105-5228887.html
http://news.com.com/Microsoft+patches+a+pair+of+flaws/2100-1002_3-5228887.html
http://computerworld.com/securitytopics/security/story/0,10801,93728,00.html
- - - - - - - - - -
Symantec: New Virus Deletes All Files Security
The virus that "deletes your whole hard drive"
has been a staple in dozens of e-mail hoaxes
that have circulated the Net in recent years.
In the real world, such viruses are few and
far between. According to Symantec, the new
VBS.Pub is just such a beast.
http://news.netcraft.com/archives/2004/06/08/symantec_new_virus_deletes_all_files.html
Another Trojan on the attack
http://news.zdnet.co.uk/internet/security/0,39020375,39157002,00.htm
- - - - - - - - - -
Cisco picks Trend to fight network worms
Cisco and Trend Micro yesterday extended an existing
security alliance with a deal to combine their
respective technologies in the fight against network
worms and computer viruses. Trend is among three AV
companies who signed up to Cisco's Network Admission
Control (NAC) program last year, a scheme designed
to curtail the spread of computer worms across
internal networks.
http://www.theregister.co.uk/2004/06/08/cisco_trend_fight_worms/
http://www.newsfactor.com/story.xhtml?story_title=Cisco-Picks-Trend-To-Fight-Worms&story_id=24489
- - - - - - - - - -
Intrusion-prevention start-up touts 'memory firewall'
The growing speed at which malicious hackers can
exploit new vulnerabilities is creating a need
for intrusion-prevention technologies capable of
proactively detecting and blocking attacks even
before software fixes become available for them.
With that need in mind, Determina Inc., a Redwood
City, Calif.-based start-up being launched today,
is introducing new technology that it claims
offers a better way to head off attacks than
other intrusion-prevention products.
http://computerworld.com/securitytopics/security/story/0,10801,93701,00.html
- - - - - - - - - -
Michigan man pleads guilty to wireless hack into stores
A Michigan man pleaded guilty on Friday to four
counts of wire fraud and unauthorized access to
a computer after he and two accomplices used a
vulnerable wireless network at a Lowe's Companies
Inc. store in Michigan to attempt to steal credit
card numbers from the company's main computer
systems in North Carolina and other Lowe's stores
in the U.S. Brian Salcedo could face up to 18
years in prison for the crime, which the government
claims could have caused more than $2.5 million
in damages.
http://computerworld.com/securitytopics/security/cybercrime/story/0,10801,93708,00.html
http://www.theregister.co.uk/2004/06/07/us_wardriver_guilty_plea/
- - - - - - - - - -
New virus cracks credit cards
A new computer virus "Korgo" raging now in Europe,
Asia and North America decodes numbers of credit
cards used in online systems, an Austrian Internet
service provider "Vienna Online" informed. Therein
virus looks like its predecessor "Sasser" worm,
which incurred huge damage to companies and
individuals, ISP experts said.
http://www.crime-research.org/news/07.06.2004/409/
- - - - - - - - - -
UK law firms fall down on security
One in 10 UK legal firms has suffered an IT security
failure and one in 20 has lost a client because of
it, a report claims. Research by NOP, commissioned
by security VAR Evolution Systems, also found
worryingly high levels of IT insecurity among
the 100 legal practitioners it surveyed.
http://www.vnunet.com/news/1155655
- - - - - - - - -
Virus writers deploy bulk mail software
Hackers have used spamming software to distribute
thousands of copies of a new Trojan. Email filtering
firm MessageLabs alone has intercepted more than
4,000 copies of the Demonize-T Trojan over the last
24 hours. Demonize-T is a multi-stage Trojan that
uses an object data exploit in Internet Explorer
(patch here) to download and execute an encoded
visual basic script from a website.
http://www.theregister.co.uk/2004/06/07/demonize_trojan/
- - - - - - - - - -
CPU-based security for Windows XP, Red Hat Linux coming
Microsoft Windows XP Service Pack 2 and the next
version of Red Hat Enterprise Linux 3 will support
new CPU-based security protections designed to
stop incoming malicious executable code from
being triggered.
http://computerworld.com/securitytopics/security/story/0,10801,93712,00.html
- - - - - - - - - -
NIST keeps publishing
One way to quantify the growth in importance
of computer security work is to count the pages
of security guidelines published by the National
Institute of Standards and Technology in the past
year. The total is 1,200 pages, said Ed Roback,
chief of the Computer Security Division. Speaking
June 4 in Washington, D.C., at the E-Gov Institute's
Annual Government Solutions Forum, Roback said
documents on topics as unremarkable sounding
as security categorization often generate strong
responses.
http://www.fcw.com/fcw/articles/2004/0607/web-nist-06-07-04.asp
- - - - - - - - - -
Data theft detective work begins at the office
Intellectual property and other sensitive consumer
data are seeping out the doors of corporations at
an alarming rate -- and the culprits aren't necessarily
a cracker with a broadband connection holed up in his
mom's basement, or a wiseguy who's Dumpster diving.
Users nestled inside the enterprise firewall with
an abundance of unmanaged privileges are most often
to blame, according to a soon-to-be-released study
conducted by the director of an identity theft
program at Michigan State University.
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci968920,00.html
Passwords can sit on hard disks for years
http://www.newscientist.com/news/news.jsp?id=ns99995064
RSA focuses anew on the password problem
http://computerworld.com/securitytopics/security/story/0,10801,93711,00.html
- - - - - - - - - -
The Deadly Duo: Spam and Viruses
A small nugget of good news lies buried among
the mountains of unsolicited commercial e-mail:
the spam volume held steady from April to May,
according to two leading e-mail processing firms.
Brightmail's Probe Network found that spam leveled
at 64 percent, while Postini measured the monthly
volume unchanged at 78 percent. According to
Brightmail's assessments, the last time the
spam volume was unchanged was August 2003 when
it maintained a 50 percent level.
http://www.internetnews.com/stats/article.php/3364421
- - - - - - - - - -
Where, Oh Where Is Windows XP SP2?:
http://www.microsoft-watch.com/article2/0,1995,1611161,00.asp
RC2 of XP expected any day... stay tuned....
--
http://www.sbslinks.com/really.htm