SecurityFocus Microsoft Newsletter #59
From: Marc Fossi (mfossi@securityfocus.com)Date: 11/09/01
- Previous message: H C: "Re: Anybody know what this is?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 9 Nov 2001 07:49:55 -0700 (MST) From: Marc Fossi <mfossi@securityfocus.com> To: Focus-MS <focus-ms@securityfocus.com> Subject: SecurityFocus Microsoft Newsletter #59 Message-ID: <Pine.GSO.4.30.0111090749410.10873-100000@mail.securityfocus.com>
SecurityFocus Microsoft Newsletter #59
--------------------------------------
This newsletter is sponsored by: SecurityFocus
(http://www.securityfocus.com)
SPECIAL OFFER: Upgrade now to a better class of security intelligence for
the same price you're paying your current provider.
SecurityFocus announces an opportunity for you to move from your current
security alert service provider to SecurityFocus SIA, the best Security
Intelligence Alert service available. SecurityFocus is offering you the
opportunity to have one year of our unmatched Security Intelligence Alert
service delivered to you at the same price as your existing service. Offer
now extended to November 30th, due to popular demand.
SIA eliminates the need to dedicate your valuable staff resources to sift
through the mountain of potential threats to evaluate the latest important
security information.
Features and Benefits
*Largest Resource of Vendor and Product Vulnerabilities
*More than 700 vendor and 1,300 product vulnerabilities tracked
continuously
*Security experts on staff seven days a week monitoring
vulnerabilities worldwide.
*Detailed, Configurable Alerts
*Targeted to the IS managers responsible for maintaining specific
applications, systems, or networks
*Automatic dissemination of vulnerability information to the
responsible entity within the enterprise
*Detailed patch and release information is provided in the
vulnerability to eliminate fumbling through vendor sites looking for
downloads
This offer is limited to up to 10 seats. Proof of current Service Level
Agreement with 3rd party vendor is required. Voice/fax/SMS alert delivery
subject to additional fees.
In order to take advantage of this limited time offer, contact us at
+1.650.655.6300 or <siasales@securityfocus.com> or visit us on the web at
http://www.securityfocus.com/intelligence/
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Advertising Information
2. Comparing E-mail Server Virus Protection Solutions, Part Two
3. Microsoft's Trick or Treat
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Excel and PowerPoint Macro Security Bypass Vulnerability
2. Microsoft Internet Explorer Zone Spoofing Vulnerability
3. Microsoft Internet Explorer HTTP Request Encoding Vulnerability
4. Microsoft Exchange OWA Server Resource Starvation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. FW: Outlook 2000 From field... (Thread)
2. Increase in FTP attempts (Thread)
3. NT Message (Thread)
4. Can Kerberos be cracked?? (Thread)
5. [RE: MS SQL & NT registry] (Thread)
6. Cache Corruption on Microsoft DNS Servers (Thread)
7. MS SQL & NT registry (Thread)
8. Hotfix Reporter 3.2 released (Thread)
9. eeye scanner 1.0.6 (Thread)
10. Passwords (Thread)
11. Secure Windows 2000 pro/server (Thread)
12. SecuRemote(VPN) and Outlook (Thread)
13. Outlook 2000 From field... (Thread)
14. Update: Does Windows NT use TCP port 2000/2001? (Thread)
15. SecurityFocus Microsoft Newsletter #58 (Thread)
16. Something about ISA Server 2000... (Thread)
17. MS Exchange2K security failure event 565 (Thread)
18. New version of HFNetChk from Microsoft. (Thread)
19. Can't log off administrator account (Thread)
20. MS DNS and AD question (Thread)
21. Login problem in W2K (Thread)
22. Security Issues with VPN (Thread)
23. Securing Personal Web Servers (Thread)
24. AW: POP3 and IMAP authentication after Q303451 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. AccountInspector
2. Shavlik Enterprise Security Advisor
3. NetScreen-Remote
4. Norton CleanSweep
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Advanced Instant Messengers Password Recovery v1.10
2. Advanced WordPerfect Office Password Recovery v1.0
3. SecurePE v1.5
4. URLScan Security Tool v1.0
5. Brutus AET2
VI. SPONSORSHIP INFORMATION
I. FRONT AND CENTER
-------------------
1. Advertising Information
Reach the LARGEST audience of security professionals with SecurityFocus
direct e-marketing NOW!
SecurityFocus is the Web's most successful security intelligence
site, with more than 200,000 unique monthly visitors (September 2001), and
growing rapidly each week. Leverage the security portal of unrivaled
credibility and influence in your next direct marketing campaign.
To find out how SecurityFocus Web marketing and opt-in email newsletter
sponsorships can drive your company's success, contact us at
adsales@securityfocus.com, or download the Advertising Kit at
http://www.securityfocus.com/about/press/adverts.shtml. To speak directly
with a customer service representative, please call +1(650) 655-6350.
2. Comparing E-mail Server Virus Protection Solutions, Part Two
by by Robert Grupe, Product Management, McAfeeB2B Groupware
This is the second of a two-article series that is intended to help
readers assess and evaluate anti-virus (AV) solutions. The first
articlelooked at how users should assess their AV needs, as well as
recommending a few features to look for in AV software. In this
installment, we will take a look at AV product reviews and explore how
users can evaluate AV products for themselves.
http://www.securityfocus.com/infocus/1501
3. Microsoft's Trick or Treat
By Tim Mullen
Away with your torches, villagers. With it's new strategy, the Microsoft
Monster is staggering towards true product security.
http://www.securityfocus.com/columnists/33
II. BUGTRAQ SUMMARY
-------------------
1. Microsoft Excel and PowerPoint Macro Security Bypass Vulnerability
BugTraq ID: 3402
Remote: No
Date Published: 2001-10-04 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3402
Summary:
Microsoft Excel and PowerPoint contain a macro security feature. This
feature scans a document when a user opens it to determine if there are
any embedded macros. Then, depending on the security setting, the user is
prompted whether or not to allow the macro to run, or the macro is
bypassed automatically.
A malformed Excel or PowerPoint document could potentially bypass this
macro security feature, allowing the macro code to be executed without the
user's knowledge. This could allow an attacker to embed malicious code
within the malformed macro and having it execute on the target host.
This code would run with the permissions of the user currently logged in.
The malformed document containing the macro must still be opened by the
user in order for the macro to execute.
2. Microsoft Internet Explorer Zone Spoofing Vulnerability
BugTraq ID: 3420
Remote: Yes
Date Published: 2001-10-10 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3420
Summary:
Microsoft Internet Explorer contains a security-setting feature that can
be modified according to a user's preferences. There are five different
zones, each can be manipulated to control what actions a web site can take
on a user's system.
The Intranet Zone contains all sites within a local intranet or network.
By default this zone is set to Medium-Low, allowing most content within
the site to run without prompting the user.
The Internet Zone contains all web sites not specified in other zones. By
default this zone is set to Medium, enforcing that a user is to be
prompted before running content.
A vulnerability exists in Internet Explorer, which could allow a web site
to be viewed in the Intranet Zone, rather than the Internet Zone. Thus,
allowing content to be viewed with less-restrictive security settings.
This is achievable by converting an IP address into a dotless IP address.
Upon submitting the dotless IP address, Internet Explorer will return and
treat the web site as a Local Intranet site. Therefore, any malicious
content on the site will run with less restrictive settings.
Content that will run is dependant on the settings in the Local Intranet
Zone. Users may have modified or customized the settings to a lower level,
expecting that only trusted network/intranet sites will be viewed in this
zone.
Successful exploitation of this vulnerability could lead to the execution
of malicious script or ActiveX controls.
3. Microsoft Internet Explorer HTTP Request Encoding Vulnerability
BugTraq ID: 3421
Remote: Yes
Date Published: 2001-10-10 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3421
Summary:
Internet Explorer contains a vulnerability which could allow an attacker
to construct a URL which would redirect the user to a third party website
and send commands to that site which, to the third party site, would
appear to have come from the user.
This vulnerability would most likely be exploited against a user who
subscribed to some form of web-based service such as email or file
hosting.
Successful exploitation of this vulnerability would require specific
knowledge of the targetted user and be difficult to exploit on a
widespread scale.
4. Microsoft Exchange OWA Server Resource Starvation Vulnerability
BugTraq ID: 3368
Remote: Yes
Date Published: 2001-09-26 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3368
Summary:
Outlook Web Access is an optional component of Microsoft Exchange Server
which runs in conjunction with Microsoft Internet Information Server. It
provides access to a user's Exchange mailbox through a web interface.
When processing client access requests, OWA Server does not place limits
on folder depth. Remote attackers can exploit this to cause a denial of
service by requesting access to complex folder structures (which need not
exist).
The CPU and memory consumed while processing these requests may result in
a denial of service on the server. Since this is a resource exhaustion
attack, all other processes on the system (other services) will be
affected.
The denial of service condition will cease once OWA server has finished
processing the request. Repeated attacks can cause a prolonged denial of
service.
To exploit this vulnerability, an attacker must authenticate as a
legitimate client.
IV. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. FW: Outlook 2000 From field... (Thread)
Relevant URL:
2. Increase in FTP attempts (Thread)
Relevant URL:
3. NT Message (Thread)
Relevant URL:
4. Can Kerberos be cracked?? (Thread)
Relevant URL:
5. [RE: MS SQL & NT registry] (Thread)
Relevant URL:
6. Cache Corruption on Microsoft DNS Servers (Thread)
Relevant URL:
7. MS SQL & NT registry (Thread)
Relevant URL:
8. Hotfix Reporter 3.2 released (Thread)
Relevant URL:
9. eeye scanner 1.0.6 (Thread)
Relevant URL:
10. Passwords (Thread)
Relevant URL:
11. Secure Windows 2000 pro/server (Thread)
Relevant URL:
12. SecuRemote(VPN) and Outlook (Thread)
Relevant URL:
13. Outlook 2000 From field... (Thread)
Relevant URL:
14. Update: Does Windows NT use TCP port 2000/2001? (Thread)
Relevant URL:
15. SecurityFocus Microsoft Newsletter #58 (Thread)
Relevant URL:
16. Something about ISA Server 2000... (Thread)
Relevant URL:
ac9693c3@packetconsulting.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-11-02%26thread%3d000801c15fd6$d5175240$ac9693c3@packetconsulting.com
17. MS Exchange2K security failure event 565 (Thread)
Relevant URL:
18. New version of HFNetChk from Microsoft. (Thread)
Relevant URL:
19. Can't log off administrator account (Thread)
Relevant URL:
20. MS DNS and AD question (Thread)
Relevant URL:
21. Login problem in W2K (Thread)
Relevant URL:
0b00010a@lauradominion.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-11-02%26thread%3d070801c15e53$151db710$0b00010a@lauradominion.com
22. Security Issues with VPN (Thread)
Relevant URL:
23. Securing Personal Web Servers (Thread)
Relevant URL:
24. AW: POP3 and IMAP authentication after Q303451 (Thread)
Relevant URL:
IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. AccountInspector
by Shavlik Technologies
Relevant URL:
http://www.shavlik.com/security/accountinspector.asp
Platforms: Windows NT
Summary:
Introducing AccountInspector, from Shavlik Technologies, bringing you five
critical automated functions to give your team a look at the security of
your Windows NT/2000/XP servers and workstations. -Function 1: Search out
unauthorized Administration Accounts. Hidden accounts may have been set up
by employees or contractors, that serve to allow access. - Function 2:
Seek out passwords that are over 30 days old. Locate failures to change
passwords regularly, and especially when an employee leaves the company or
a contractor service technician changes jobs. - Function 3: Find dormant
accounts that are over 30 days old. Find and report these accounts which
indicate if someone has left the company and their account remains active.
- Function 4: Find accounts with weak passwords. Find and report these
accounts which are security vulnerabilities and aren't under direct
control of domain security policies. - Function 5: Export detailed reports
to Microsoft Excel and analyze you overall security posture.
2. Shavlik Enterprise Security Advisor
by Shavlik Technologies
Relevant URL:
http://www.shavlik.com/sesa.htm
Platforms: Windows 95/98, Windows NT, Windows 2000
Summary:
Shavlik Enterprise Security Advisor is an ASP and XML based online tool
that scans for 100s of security loop holes in Windows NT, Windows 2000 and
Windows XP, Office, Outlook, Office XP computers. Scan upon user login.
Extensive system-wide trend and problem reports.
3. NetScreen-Remote
by NetScreen Technologies
Relevant URL:
http://www.netscreen.com/products/nsremote.html
Platforms: Windows 95/98, Windows 2000
Summary:
The NetScreen-Remote VPN client provides the critical ability for
client-initiated Virtual Private Network (VPN) communication.
NetScreen-Remote is ideal for "road warriors" needing to access
mission-critical networks across an untrusted or public network as well as
end-users within an enterprise environment that require a secure
end-user-to-host connection. NetScreen-Remote, based on SafeNet's
industry-leading VPN client software, runs on an end-user's computer and
facilitates secure remote access to networks, devices, or other hosts.
Security is achieved by using the IPSec protocol and Layer 2 Tunneling
Protocol (L2TP), with Certificates as an additional option. In order to
form a secure communications channel, this software must be used in
conjunction with an IPSec gateway, such as NetScreen's line of integrated
security systems and appliances, or another host running IPSec compatible
software, including other computers running NetScreen-Remote.
NetScreen-Remote encrypted communications can be initiated in any IP
network environment, be it an Ethernet LAN or dial-up modem connection.
4. Norton CleanSweep
by Symantec
Relevant URL:
http://www.symantec.com/sabu/ncs/
Platforms: Windows 95/98, Windows NT, Windows 2000
Summary:
Clean out Internet buildup with award-winning Norton CleanSweep™ from
Symantec. It improves your PC's performance by removing unwanted programs
and other files that waste disk space-while protecting you from
accidentally deleting important files. Trust Norton CleanSweep™ 2002 for
safe, easy, complete hard drive cleanup.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Advanced Instant Messengers Password Recovery v1.10
by ElcomSoft Co.Ltd.
Relevant URL:
http://www.elcomsoft.com/aimpr.html
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
Advanced Instant Messengers Password Recovery (or simply AIMPR) is a
program to recover login and password information (stored locally) for
most popular instant messengers: ICQ, AOL Instant Messenger, Yahoo!
Messenger, Excite Messenger, MSN Messenger, Odigo, Trillian, AT&T IM
Anywhere, T-Online Messenger, Match Messenger, Praize IM, ScreenFIRE.
Passwords are recovered instanly, multilingual ones are supported.
Please note that AIMPR can recover YOUR lost or forgotten password only,
extracting/decrypting it from your own system (if such information is
there, of course). So it cannot be used to crack somebody else passwords.
2. Advanced WordPerfect Office Password Recovery v1.0
by ElcomSoft Co. Ltd.
Relevant URL:
http://www.elcomsoft.com/awopr.html
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
Advanced WordPerfect Office Password Recovery (or simply AWOPR) is a
program to recover lost or forgotten passwords to Corel WordPerfect Office
documents: WordPerfect (*.wp, *.wpd), QuattroPro (*.qpw, *.wb?, *.wq1),
Paradox (*.db). All versions of WordPerfect Office and its components (up
to 2002) and protection modes are supported; the passwords are being
recovered instantly or in a matter of minutes. Multilingual passwords are
supported.
3. SecurePE v1.5
by TheWizard
Relevant URL:
http://www.deepzone.org
Platforms: Windows 2000
Summary:
SecurePE is a user friendly freeware (see disclaimer) utility coded in
32bit assembly language that protects Microsoft Windows® PE files with
strong RC4 encryption and password while leaving them totally functional.
4. URLScan Security Tool v1.0
by Microsoft Corporation
Relevant URL:
http://www.microsoft.com/downloads/release.asp?ReleaseID=32571
Platforms: Windows 2000, Windows NT
Summary:
URLScan screens all incoming requests to an IIS web server, and only
allows ones to pass that comply with a ruleset created by the
administrator. This significantly improves the security of the server by
helping ensure that it only responds to valid requests.
The tool allows the administrator to filter requests based on length,
character set, content and other factors. A default ruleset is provided,
which can be customized to meet the needs of a particular server.
5. Brutus AET2
by G, brutus@hoobie.net
Relevant URL:
http://www.hoobie.net/brutus/
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
In simple terms, Brutus is an online or remote password cracker. More
specifically it is a remote interactive authentication agent. Brutus is
used to recover valid access tokens (usually a username and password) for
a given target system. Examples of a supported target system might be an
FTP server, a password protected web page, a router console, a POP3 server
etc.
VI. SPONSORSHIP INFORMATION
-----------------------
This newsletter is sponsored by: SecurityFocus
(http://www.securityfocus.com)
SPECIAL OFFER: Upgrade now to a better class of security intelligence for
the same price you're paying your current provider.
SecurityFocus announces an opportunity for you to move from your current
security alert service provider to SecurityFocus SIA, the best Security
Intelligence Alert service available. SecurityFocus is offering you the
opportunity to have one year of our unmatched Security Intelligence Alert
service delivered to you at the same price as your existing service. Offer
now extended to November 30th, due to popular demand.
SIA eliminates the need to dedicate your valuable staff resources to sift
through the mountain of potential threats to evaluate the latest important
security information.
Features and Benefits
*Largest Resource of Vendor and Product Vulnerabilities
*More than 700 vendor and 1,300 product vulnerabilities tracked
continuously
*Security experts on staff seven days a week monitoring
vulnerabilities worldwide.
*Detailed, Configurable Alerts
*Targeted to the IS managers responsible for maintaining specific
applications, systems, or networks
*Automatic dissemination of vulnerability information to the
responsible entity within the enterprise
*Detailed patch and release information is provided in the
vulnerability to eliminate fumbling through vendor sites looking for
downloads
This offer is limited to up to 10 seats. Proof of current Service Level
Agreement with 3rd party vendor is required. Voice/fax/SMS alert delivery
subject to additional fees.
In order to take advantage of this limited time offer, contact us at
+1.650.655.6300 or <siasales@securityfocus.com> or visit us on the web at
http://www.securityfocus.com/intelligence/
-------------------------------------------------------------------------------
- Previous message: H C: "Re: Anybody know what this is?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
