[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ms
Subject: SecurityFocus Microsoft Newsletter #57
From: Marc Fossi <mfossi () securityfocus ! com>
Date: 2001-10-22 21:21:56
[Download RAW message or body]
SecurityFocus Microsoft Newsletter #57
------------------------------------------
This newsletter issue is sponsored by: SecurityFocus
(http://www.securityfocus.com)
Win timely, comprehensive, actionable attack warnings with SecurityFocus
ARIS.
Isn't it time you took back control of your environment and better protect
yourself from attacks? SecurityFocus ARIS is a global early warning
system that gives you hours, days - even weeks - to defend your network
infrastructure from threats and attacks before they hit.
ARIS proactively alerts you to an approaching threat as it's developing,
giving you precious time to protect your network, thus preventing
catastrophic damage.
ARIS gathers real-time data from over 7,000 partners in 138 countries
around the world. The SecurityFocus trained security experts comb the
ARIS database for patterns and trends before they become recognizable
threats. ARIS customers receive alerts of developing attacks that contain
detailed attack information and scenarios, as well as the specific
countermeasures needed to thwart the attack.
Visit the SecurityFocus booth at CSI (
<http://www.securityfocus.com/trade/tradeshow.shtml>
http://www.securityfocus.com/trade/tradeshow.shtml) this month and enter
to win a one-year subscription of SecurityFocus ARIS - the leading Attack
Alert System.
So, why not rest easy tonight?
To speak directly with an ARIS customer service representative, please
contact <ARISsales@securityfocus.com>,
or call +1-650-655-6300.
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Chasing the Wind, Episode Eleven: Fire and Brimstone
2. Comparing E-mail Server Virus Protection Solutions
3. From Text to Trauma
4. Feds should fund corporate cyber defense
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Excel and PowerPoint Macro Security Bypass Vulnerability
2. Microsoft Internet Explorer Zone Spoofing Vulnerability
3. Microsoft Internet Explorer HTTP Request Encoding Vulnerability
4. Microsoft Exchange OWA Server Resource Starvation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Does Windows NT use TCP port 2000/2001? (Thread)
2. Crazy ides about .exe isapi mapping s (Thread)
3. MS Exchange Administrator (Thread)
4. NT Server - 98 WkStn Highschool Lab - Help! (Thread)
5. Crazy ides about .exe isapi mappings (Thread)
6. Event ID 1000 - Access Denied (Thread)
7. NT Server - 98 WkStn High school Lab - Help! (Thread)
8. Blackhat Amsterdam 2001 Training (Thread)
9. Internet Explorer, ICMP Redirect (Thread)
10. Spamming Through MS Exchange (Thread)
11. SecurityFocus Microsoft Newsletter #56 (Thread)
12. MS Security Bulletin Search (Thread)
13. Win2k AD Question (Thread)
14. Can Kerberos be cracked?? (Thread)
15. Exchange 2000 configuration question (Thread)
16. Packet sniffer detection on NT/2K (Thread)
17. HfNetChk (Thread)
18. Security Recommendation--Anyone? (Thread)
19. Windows XP - too much security? (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. eTRUST Intrusion Detection
2. AntiViral Toolkit Pro (AVP) for MS Office 2000
3. IBM Key Recovery Server
4. Transcend Secure VPN Manager
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. IIS Worms Detector v1.1
2. Snort IDScenter 2001 v1.09b
3. phpSecurePages 0.26b
4. RATS (Rough Auditing Tool for Security) v1.3
VI. SPONSORSHIP INFORMATION
I. FRONT AND CENTER
-------------------
1. Chasing the Wind, Episode Eleven: Fire and Brimstone
by Robert G. Ferrell
This is the eleventh installment in the popular SecurityFocus series,
Chasing the Wind. As we left off last time, Jake was trying to crack a
target server in his hands-on hacking class. Following a disappointing
trial of the Bellatrix project, Douglas had entered some new parameters
with some potentially interesting results. In the midst of scanning Acme
Ailerons' network, Ian had come across some suspicious traffic. Meanwhile,
in Anatolia, a small mysterious satellite could be seen streaking across
the sky...
http://www.securityfocus.com/cgi-bin/infocus.pl?id=1495
2. Comparing E-mail Server Virus Protection Solutions
by Robert Grupe, Product Management, McAfeeB2B Groupware
So you've been assigned the task of selecting virus protection for your
messaging and groupware server. Or maybe you already have a solution in
place, but are having second thoughts because your organization seems to
be disrupted by new viruses more than it should be.
http://www.securityfocus.com/cgi-bin/infocus.pl?id=1494
3. From Text to Trauma
By Jon Lasser
The world recently celebrated the thirty year anniversary of the greatest
attack vector in the history of malicious computer code: Electronic mail.
It was thirty years ago that Ray Tomlinson used the 'at' sign to send
messages between two PDP-10 systems being used to develop ARPANET, the
forerunner of today's Internet.
http://www.securityfocus.com/columnists/30
4. Feds should fund corporate cyber defense
By Mark Rasch
Last week, the White House announced the creation of a new Special Advisor
to the President for Cyber Security, and installed Richard Clarke in that
position. Fresh warnings were issued about the threats of new forms of
terrorism, including cyber terrorism. But what exactly is cyber terrorism?
What are the government's responses, from a technical and legal
perspective, and what are the costs of such response?
http://www.securityfocus.com/columnists/29
II. BUGTRAQ SUMMARY
-------------------
1. Microsoft Excel and PowerPoint Macro Security Bypass Vulnerability
BugTraq ID: 3402
Remote: No
Date Published: 2001-10-04 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3402
Summary:
A malformed Excel or PowerPoint document could potentially bypass this
macro security feature, allowing the macro code to be executed without the
user's knowledge. This could allow an attacker to embed malicious code
within the malformed macro and having it execute on the target host.
This code would run with the permissions of the user currently logged in.
The malformed document containing the macro must still be opened by the user in order \
for the macro to execute.
2. Microsoft Internet Explorer Zone Spoofing Vulnerability
BugTraq ID: 3420
Remote: Yes
Date Published: 2001-10-10 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3420
Summary:
Microsoft Internet Explorer contains a security-setting feature that can
be modified according to a user's preferences. There are five different
zones, each can be manipulated to control what actions a web site can take
on a user's system.
The Intranet Zone contains all sites within a local intranet or network.
By default this zone is set to Medium-Low, allowing most content within
the site to run without prompting the user.
The Internet Zone contains all web sites not specified in other zones. By
default this zone is set to Medium, enforcing that a user is to be
prompted before running content.
A vulnerability exists in Internet Explorer, which could allow a web site
to be viewed in the Intranet Zone, rather than the Internet Zone. Thus,
allowing content to be viewed with less-restrictive security settings.
This is achievable by converting an IP address into a dotless IP address.
Upon submitting the dotless IP address, Internet Explorer will return and
treat the web site as a Local Intranet site. Therefore, any malicious
content on the site will run with less restrictive settings.
Content that will run is dependant on the settings in the Local Intranet
Zone. Users may have modified or customized the settings to a lower level,
expecting that only trusted network/intranet sites will be viewed in this
zone.
Successful exploitation of this vulnerability could lead to the execution
of malicious script or ActiveX controls.
3. Microsoft Internet Explorer HTTP Request Encoding Vulnerability
BugTraq ID: 3421
Remote: Yes
Date Published: 2001-10-10 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3421
Summary:
Internet Explorer contains a vulnerability which could allow an attacker
to construct a URL which would redirect the user to a third party website
and send commands to that site which, to the third party site, would
appear to have come from the user.
This vulnerability would most likely be exploited against a user who
subscribed to some form of web-based service such as email or file
hosting.
Successful exploitation of this vulnerability would require specific
knowledge of the targetted user and be difficult to exploit on a
widespread scale.
4. Microsoft Exchange OWA Server Resource Starvation Vulnerability
BugTraq ID: 3368
Remote: Yes
Date Published: 2001-09-26 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3368
Summary:
Outlook Web Access is an optional component of Microsoft Exchange Server
which runs in conjunction with Microsoft Internet Information Server. It
provides access to a user's Exchange mailbox through a web interface.
When processing client access requests, OWA Server does not place limits
on folder depth. Remote attackers can exploit this to cause a denial of
service by requesting access to complex folder structures (which need not
exist).
The CPU and memory consumed while processing these requests may result in
a denial of service on the server. Since this is a resource exhaustion
attack, all other processes on the system (other services) will be
affected.
The denial of service condition will cease once OWA server has finished
processing the request. Repeated attacks can cause a prolonged denial of
service.
To exploit this vulnerability, an attacker must authenticate as a
legitimate client.
IV. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Does Windows NT use TCP port 2000/2001? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011018162915.A13488@thecabal.org&threads=1
2. Crazy ides about .exe isapi mapping s (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=CDEBAB5BBFE0024AABEAF438FB2A4D070B40A7@exgau100qsm00.oceania.corp.anz.com&threads=1
3. MS Exchange Administrator (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=019901c157ac$f6dc51f0$0b00010a@lauradominion.com&threads=1
4. NT Server - 98 WkStn Highschool Lab - Help! (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=880E60DA7286AB4CBEECB01B169A63BD63C197@NJ-2K-Email1.delphi-tech.com&threads=1
5. Crazy ides about .exe isapi mappings (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=5.1.0.14.0.20011017133558.00b1d240@mail.wwisp.com&threads=1
6. Event ID 1000 - Access Denied (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=Pine.LNX.4.33.0110171336210.21876-100000@UnixHQ.org&threads=1
7. NT Server - 98 WkStn High school Lab - Help! (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=0D3F9DDEEB71D41187CD00D0B78ED2C9024091C5@fsanzy06.arnold.af.mil&threads=1
8. Blackhat Amsterdam 2001 Training (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=028901c15725$97c919f0$af05a8c0@anchorsign.com&threads=1
9. Internet Explorer, ICMP Redirect (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=003001c1569b$a05b1d50$6f02000a@tacamericas.com&threads=1
10. Spamming Through MS Exchange (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=3BCCA219.7020300@wolverinefreight.ca&threads=1
11. SecurityFocus Microsoft Newsletter #56 (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=Pine.GSO.4.30.0110151342560.3993-100000@mail&threads=1
12. MS Security Bulletin Search (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=558BEC967F3DD4119779009027FC98F3255FA3@exchange.questinc.org&threads=1
13. Win2k AD Question (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=ABA1770F27BB384EBE50A22F4E85AD9CAF819F@msex001.msmc.com&threads=1
14. Can Kerberos be cracked?? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=MABBJHBGAGDBGEJFJKALAEAHCHAA.fp56@dial.pipex.com&threads=1
15. Exchange 2000 configuration question (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=5B8559F3126DD4119C5100B0D022A06D0145DDD2@mailwest&threads=1
16. Packet sniffer detection on NT/2K (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011014030925.49248.qmail@web20510.mail.yahoo.com&threads=1
17. HfNetChk (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=012101c153a0$54dc96e0$1401a8c0@stanleysplace.net&threads=1
18. Security Recommendation--Anyone? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=344888813.1002898515@pc47794.campus.ad.utdallas.edu&threads=1
19. Windows XP - too much security? (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=3BC6CE73.28832.4B504D@localhost&threads=1
IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS
---------------------------------------
1. eTRUST Intrusion Detection
by Computer Associates International, Inc.
Platforms: Windows 95/98, Windows NT, Windows 2000
Relevant URL:
http://www.cai.com/solutions/enterprise/etrust/intrusion_detection/
Summary:
eTrust Intrusion Detection delivers network protection including
protection against the deployment and execution of Distributed Denial of
Service attacks — an essential capability at a time when networks are
susceptible to an increasingly sophisticated array of attacks. A truly
comprehensive solution, eTrust Intrusion Detection includes an integrated
anti-virus engine with automatic signature updates. This powerful solution
takes the "detect, alert, prevent" approach to safeguarding your network —
providing realtime, non-intrusive detection, policy-based alerts, and
automatic prevention.
2. AntiViral Toolkit Pro (AVP) for MS Office 2000
by Kaspersky Labs
Platforms: Windows 95/98, Windows NT, Windows 2000
Relevant URL:
http://www.kasperskylabs.com/
Summary:
AVP for MS Office 2000 provides protection against macro-viruses for Word,
Excel, Access, PowerPoint, Outlook and other MS Office 2000 programs. AVP
for MS Office 2000 is the world's first anti-virus product providing a
100% guarantee against macro-virus activity in MS Office 2000.
3. IBM Key Recovery Server
by IBM
Platforms: Windows 95/98, Windows NT, Windows 3.x, MacOS, OS/2, DOS,
Netware
Relevant URL:
http://www.ibm.com/security/cryptoproducts/
Summary:
Built to work with KeyWorks, the IBM Key Recovery Server (KRS) is a new
stand-alone application that is designed to recover cryptographic keys.
With proper authorization and participation by one or more independent
agents, KRS uses key recovery fields generated by the IBM Key Recovery
Service Provider to recover the keys.
4. Transcend Secure VPN Manager
by 3com
Platforms: Windows NT
Relevant URL:
http://www.3com.com/products/dsheets/400506.html
Summary:
Designed for simple, real-time VPN monitoring, Transcend Secure VPN
Manager software Version 2.2 for Windows NT software provides a Web-based
client-server system with an easy-to-read graphical interface. This robust
monitoring and diagnostic tool lets you collect and display information on
tunnel and session utilization, as well as security associations and
violations on VPN tunnels terminated by 3Com VPN devices such as
NETBuilder® routers or PathBuilder™ tunnel switches. Monitoring
capabilities include industry-standard Point-to-Point Tunneling Protocol
(PPTP) and Layer 2 Tunneling Protocol (L2TP).
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. IIS Worms Detector v1.1
by Felipe Moniz
Relevant URL:
http://www.nstalker.com
Platforms: Windows 2000, Windows 95/98
Summary:
IIS Worms Detector scans for Code Red, Code Blue and Nimda Worm locally.
2. Snort IDScenter 2001 v1.09b
by Ueli Kistler
Relevant URL:
http://www.eclipse.fr.fm/snort.htm
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
IDScenter is a panel for SNORT-Win32. It is a tool for managing,
controlling, and monitoring the Snort IDS. IDScenter support alarm sound
functions and has errorchecking procedures. If Snort is killed, IDScenter
restarts Snort immediatly.
3. phpSecurePages 0.26b
by Paul Kruyt, kruyt@email.com
Relevant URL:
http://www.phpsecurepages.f2s.com/
Platforms: UNIX, Windows NT
Summary:
phpSecurePages is a PHP module to secures pages with a login name and
password. It can handle multiple user groups (each with their own viewing
rights), store data in a MySQL database or a configuration file, and be
used to identify your Web site viewers. It also has multiple language
support and session support for both PHP3 and PHP4.
4. RATS (Rough Auditing Tool for Security) v1.3
by Secure Software Solutions
Relevant URL:
http://www.securesw.com/projects.html
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
RATS, the Rough Auditing Tool for Security, is a security auditing utility
for C and C++ code. RATS scans source code, finding potentially dangerous
function calls. The goal of this project is not to definitively find bugs
(yet). The current goal is to provide a reasonable starting point for
performing manual security audits.
VI. SPONSORSHIP INFORMATION
---------------------------
This newsletter issue is sponsored by: SecurityFocus
(http://www.securityfocus.com)
Win timely, comprehensive, actionable attack warnings with SecurityFocus
ARIS.
Isn't it time you took back control of your environment and better protect
yourself from attacks? SecurityFocus ARIS is a global early warning
system that gives you hours, days - even weeks - to defend your network
infrastructure from threats and attacks before they hit.
ARIS proactively alerts you to an approaching threat as it's developing,
giving you precious time to protect your network, thus preventing
catastrophic damage.
ARIS gathers real-time data from over 7,000 partners in 138 countries
around the world. The SecurityFocus trained security experts comb the
ARIS database for patterns and trends before they become recognizable
threats. ARIS customers receive alerts of developing attacks that contain
detailed attack information and scenarios, as well as the specific
countermeasures needed to thwart the attack.
Visit the SecurityFocus booth at CSI (
<http://www.securityfocus.com/trade/tradeshow.shtml>
http://www.securityfocus.com/trade/tradeshow.shtml) this month and enter
to win a one-year subscription of SecurityFocus ARIS - the leading Attack
Alert System.
So, why not rest easy tonight?
To speak directly with an ARIS customer service representative, please
contact <ARISsales@securityfocus.com>,
or call +1-650-655-6300.
-------------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic