SecurityFocus Microsoft Newsletter #80

From: Marc Fossi (mfossi@securityfocus.com)
Date: 04/02/02


Date: Tue, 2 Apr 2002 09:14:09 -0700 (MST)
From: Marc Fossi <mfossi@securityfocus.com>
To: Focus-MS <focus-ms@securityfocus.com>

SecurityFocus Microsoft Newsletter #80
--------------------------------------

This Issue Sponsored by: Alcatel

How many times have you searched for technology information on the
Web…only to find out that the file you downloaded was really just a
manufacturer's not-to-thinly veiled attempt to sell you their products?
We've all been there.

Is there away to get vendor-neutral IT information without the headache?
You be the judge. Check out the Alcatel Information Resource Center, where
we email vendor-neutral IT news and information to keep you informed.

Click here to learn more and view samples.
http://alcatel.emark1.com/irc_intro.asp?form=irc_microsoft_4-1-02
-------------------------------------------------------------------------------

I. FRONT AND CENTER
     1. No Stone Unturned, Part Two
     2. Always On, Always Vulnerable: Security Broadband Connections
     3. Beware the Kindness of Strangers: The Case Against Good...
     4. Forcing Teamwork on Redmond
II. MICROSOFT VULNERABILITY SUMMARY
     1. Microsoft Outlook IFrame Embedded URL Vulnerability
     2. Apache Win32 Batch File Remote Command Execution Vulnerability
     3. Microsoft Outlook Javascript Execution Vulnerability
     4. Microsoft Outlook IFrame Embedded Media Player File Vulnerability
     5. Qualcomm Eudora WebBrowser Control Embedded Media Player File...
     6. Gravity Storm Service Pack Manager 2000 Directory Permissions...
     7. VBulletin Cross-Site Scripting Vulnerability
     8. VNC HTTP Server Denial Of Service Vulnerability
     9. Alguest Cookie Falsification Vulnerability
     10. Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
     11. CSSearch Remote Command Execution Vulnerability
     12. Microsoft Outlook Disabled Cookies Setting Bypass Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
     1. Null session in Windows XP (Thread)
     2. Null session in Windows XP (Thread)
     3. udp forwarding/filtering.. (Thread)
     4. ADSI and delegation (Thread)
     5. Frontpage 2000 (Thread)
     6. Frontpage 2000 (Thread)
     7. SecurityFocus Microsoft Newsletter #79 (Thread)
     8. udp forwarding/filtering.. (Thread)
     9. Port Ranges in IPSec (Thread)
     10. Encrypted partition solution for Windows OSes? (Thread)
     11. Encrypted partition solution for Windows OSes? (Thread)
     12. ISA-Server Problem (Thread)
     13. Group Policies on OUs not Propagated (Thread)
     14. Group Policies on OUs not Propagated (Thread)
     15. Sub7 (SubSeven), Win2k, and IE 5.5 (Thread)
     16. Outlook/Exchange (Thread)
     17. account lockout problems (Thread)
     18. Between Forest IPSec Implementation? (Thread)
     19. HFNetChk Pro vs. other means to push out updates (Thread)
     20. Sub7 (SubSeven), Win2k, and IE 5.5 (Thread)
     21. ISA-Server Problem (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
     1. ZoneAlarm Pro 3.0
     2. East-Tec Eraser 2002
     3. SuperScout Web Filter
     4. Distributed Network Attack (DNA)
V. NEW TOOLS FOR MICROSOFT PLATFORMS
     1. Diskmon for Windows NT v1.1
     2. DHCP Fix v1.00
     3. DeviceLock Millennium Edition
     4. DelGuest v1.2
VI. SPONSORSHIP INFORMATION

I. FRONT AND CENTER
-------------------
1. No Stone Unturned, Part Two
by H. Carvey

This is the second installment of a 5-part series describing the
(mis)adventures of a sys admin named Eliot and his haphazard journey in
discovering “The Way” of Incident Response.

http://online.securityfocus.com/infocus/1561

2. Always On, Always Vulnerable: Securing Broadband Connections
by Matthew Tanase

You finally got it. No more late nights at the office wasted on
downloading sprees. No more screeching modems or constant busy signals.
Streaming media, lightning quick file transfers and online gaming, all
within your reach. Yes - you finally have broadband Internet access!

http://online.securityfocus.com/infocus/1560

3. Beware the Kindness of Strangers: The Case Against Good Samaritan
Hackers
by Richard Forno

The debate around Good Samaritan hackers has merits on both sides.
However, according to the author, the answer to the answer is cut and
dried.

http://online.securityfocus.com/columnists/70

4. Forcing Teamwork on Redmond
By Tim Mullen

Recently while traveling in Ireland I was surprised to see that the
procedures followed by airline security, both while arriving-in and
departing-from the country, were far less restrictive and invasive than
here in the states. Even in London's Heathrow airport, a "tight schedule"
backed by a little social engineering allowed me to bypass much of the
security that was in place.

http://online.securityfocus.com/columnists/69

II. BUGTRAQ SUMMARY
-------------------
1. Microsoft Outlook IFrame Embedded URL Vulnerability
BugTraq ID: 4334
Remote: Yes
Date Published: Mar 21 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4334
Summary:

An issue has been reported in Microsoft Outlook which could initiate a
file download from a web site, without the user attempting to access the
site.

The HTML content tag known as IFrame, which is used to embed another frame
or web page inside the main one, is reportedly used to exploit this issue.

This issue occurs if an HTML email message is crafted with a URL embedded
in the IFrame tag. Upon the user opening the mail message, Outlook will
automatically connect to the embedded web page. If the URL is pointing to
a file, Outlook will prompt the user with a download dialog box.

This issue could be used to initiate the download of malicious files, or
exploit other known IE issues.

2. Apache Win32 Batch File Remote Command Execution Vulnerability
BugTraq ID: 4335
Remote: Yes
Date Published: Mar 21 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4335
Summary:

A vulnerability has been discovered in the batch file handler for Apache
on Microsoft Windows operating systems.

Special characters (such as |) may not be filtered by the batch file
handler when a web request is made for a batch file. As a result, a remote
attacker may be able to execute arbitrary commands on the host running the
vulnerable software. This may be exploited via a specially crafted web
request which contains the arbitrary commands to be executed.

It should be noted that webservers on Windows operating systems normally
run with SYSTEM privileges. The consequences of exploitation is that a
remote attacker may be able to fully compromise a host running the
vulnerable software.

The 2.0.x series of Apache for Microsoft Windows ships with a test batch
file which may be exploited to execute arbitrary commands. Since this
issue is in the batch file handler, any batch file which is accessible via
the web is appropriate for the purposes of exploitation.

3. Microsoft Outlook Javascript Execution Vulnerability
BugTraq ID: 4337
Remote: Yes
Date Published: Mar 21 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4337
Summary:

An issue has been reported in Microsoft Outlook which could cause a user
to unknowingly execute Javascript embedded in an HTML email message.

Reportedly, the issue lies in the handling of the javascript: protocol,
which enables the execution of statements rather than loading a new page,
and the about: protocol.

Apparently, Javascript embedded in the "about:" or "javascript:" URL of an
HREF attribute, could exploit this issue. Upon the recipient attempting to
access the link, embedded Javascript will execute even if scripting is
disabled in IE.

4. Microsoft Outlook IFrame Embedded Media Player File Vulnerability
BugTraq ID: 4340
Remote: Yes
Date Published: Mar 21 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4340
Summary:

An issue has been reported with Microsoft Outlook which may result in the
automatic execution of JavaScript in HTML formatted email.

Reportedly, this vulnerability may be exploited through an embedded
IFRAME. If the IFRAME references one of a number of file extensions
associated with Windows Media Player, it will be opened automatically.

The file may then contain JavaScript which is automatically executed. This
JavaScript may, in turn, open an arbitrary web page through usage of the
player.LaunchURL() method. This page may contain additional JavaScript, or
reference code through a javascript: or about: URL.

File types reported to exhibit this behavior are WMS, ASX, WMZ, WMD and
WMA. Additional file types may also exploit this vulnerability, although
this has not been confirmed.

Additional versions of Outlook may share this vulnerability. This has not,
however, been confirmed.

5. Qualcomm Eudora WebBrowser Control Embedded Media Player File Vulnerability
BugTraq ID: 4343
Remote: Yes
Date Published: Mar 22 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4343
Summary:

The WebBrowser control is used in some email clients in order to launch
Internet Explorer to render HTML content.

An issue has been reported with email clients using the WebBrowser control
which may result in the automatic execution of JavaScript in HTML
formatted email.

Reportedly, this vulnerability may be exploited through an embedded
<t:video> tag. If the image tag references one of a number of file
extensions associated with Windows Media Player, it will be opened
automatically.

The file may then contain JavaScript which is automatically executed. This
JavaScript may, in turn, open an arbitrary web page or application through
usage of the player.LaunchURL() method. This page may contain additional
JavaScript, or reference code through a JavaScript: or about: URL.

When exploited in conjunction with the issues described in BID 4306, it is
possible to execute arbitrary script code in the My Computer zone.

The discoverer of this vulnerability has speculated that Microsoft Outlook
and Outlook Express may also be vulnerable to this issue. This has not
been tested or proven as of yet.

6. Gravity Storm Service Pack Manager 2000 Directory Permissions Vulnerability
BugTraq ID: 4347
Remote: No
Date Published: Mar 22 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4347
Summary:

Gravity Storm Service Pack Manager 2000 is an application designed to
detect, track, monitor, and install Microsoft Windows NT/2000 Service
Packs and Hotfixes on your network.

Reportedly, when Gravity Storm Service Pack Manager is installed it
creates a hidden share (SPM2000c$) which is mapped to the local c: drive.

An issue has been reported in Service Pack Manager, which allows the
everyone group read and write permissions to the System32 directory.

As a result, local users could gain access to this share (SPM2000c$) and
peruse C:\winnt\system32 with read and write permissions.

It should be noted that the 'C:\winnt\system32\repair' directory, has only
been reported to allow read access.

7. VBulletin Cross-Site Scripting Vulnerability
BugTraq ID: 4349
Remote: Yes
Date Published: Mar 21 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4349
Summary:

vBulletin is commercial web forum software written in PHP and back-ended
by a MySQL database. It will run on most Linux and Unix variants, as well
as Microsoft operating systems.

vBulletin does not filter HTML tags from URL parameters, making it prone
to cross-site scripting attacks.

As a result, it is possible for a remote attacker to create a malicious
link containing script code which will be executed in the browser of a
legitimate user, in the context of the website running vBulletin.

This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. Cookie-based authentication credentials may be used by the
attacker to hijack the session of the legitimate user.

8. VNC HTTP Server Denial Of Service Vulnerability
BugTraq ID: 4345
Remote: Yes
Date Published: Mar 21 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4345
Summary:

VNC is the Virtual Network Computing software package, freely available
from AT&T. The software package is designed to allow remote desktop access
to a user that has sufficient privileges. It is available for Unix and
Linux variants, as well as Microsoft operating systems.

It has been discovered that a vulnerability exists in Red Hat VNC
packages. The VNC server includes a small HTTP server implementation. It
has been discovered that a condition exists which has the potential to
deny service to legitimate VNC users. It is possible to cause the HTTP
server implementation to wait indefinitely for input, effectively
disrupting an active VNC session.

If such a condition is to occur, the VNC server will need to be restarted
to regain normal functionality.

It is not currently known whether other versions of VNC are affected by
this issue.

9. Alguest Cookie Falsification Vulnerability
BugTraq ID: 4355
Remote: Yes
Date Published: Mar 24 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4355
Summary:

Alguest is a guestbook program, written in PHP and back-ended by a MySQL
database. It will run on most Unix and Linux variants, as well as
Microsoft Windows operating systems.

Alguest allows administrators to authenticate via cookie-based
authentication credentials. However, Alguest administrative cookies are
not properly checked for administrative rights (via a shared secret,
credentials such as username/password, etc.). Alguest only checks that an
administrative cookie exists. As a result, it is trivial for a remote
attacker to falsify an administrative cookie.

10. Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
BugTraq ID: 4358
Remote: Yes
Date Published: Mar 25 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4358
Summary:

Apache is a freely available webserver for Unix and Linux variants, as
well as Microsoft operating systems.

A vulnerability has been discovered in the way Apache logs double-reverse
DNS lookups. This may cause Apache to log invalid hostname information.

A double-reverse DNS lookup is a security measure where an IP address is
translated to a hostname and then the hostname is translated back to the
IP address.

If a double-reverse DNS lookup is performed but fails, then an invalid
hostname may appear in the logs. For example, this may occur if the
hostname does not properly resolve to the IP address in the double-reverse
DNS lookup. This problem occurs because Apache logs the (potentially
falsified) hostname instead of the numeric IP address.

A remote attacker may deliberately exploit this issue to cause spoofed
information to be logged by the webserver.

11. CSSearch Remote Command Execution Vulnerability
BugTraq ID: 4368
Remote: Yes
Date Published: Mar 26 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4368
Summary:

csSearch is a website search script, written in Perl. It will run on most
Unix and Linux variants, as well as Microsoft operating systems.

csSearch is prone to an issue which may enable an attacker to execute Perl
code with the privileges of the webserver process.

It is possible to craft a web request which is capable of passing
arbitrary data to the configuration script, including attacker-supplied
Perl code. Perl code passed in this manner will be interpreted by the
vulnerable script, effectively allowing a remote attacker to execute
arbitrary Perl code with the privileges of the webserver process.

For exploitation to be successful, the attacker must pass properly URL
encoded Perl code in CGI parameters via a web request. For example:

http://host/cgi-bin/csSearch.cgi?command=savesetup&setup=PERL_CODE_HERE

This issue may enable a remote attacker to gain local, interactive access
to the host running the vulnerable software.

12. Microsoft Outlook Disabled Cookies Setting Bypass Vulnerability
BugTraq ID: 4341
Remote: Yes
Date Published: Mar 21 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4341
Summary:

An issue has been reported which could disclose cookie information to
remote web hosts via HTML email messages.

Reportedly, if an HTML email referencing an image tag that points to a
graphic residing on a remote server is sent to an Outlook user, upon the
recipient opening the email, any appropriate cookies are sent to the
remote server. Apparently, this process takes place if cookies are
disabled in Outlook. This issue is due to the way IE and Outlook security
settings fail to work in accordance. The remote server may also use this
method to set cookies on the client machine.

As a result, remote web hosts can gather cookie information and possibly
misuse the information.

It should be noted that this issue has not been tested and confirmed yet.
Updates will be made as additional information becomes available.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Null session in Windows XP (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/904E9CDD6D849A4BB9E5BA71A0551FC69301B1@bedexch01

2. Null session in Windows XP (Thread)
Relevant URL:

5.1.0.14.0.20020327110028.01c68ab0@mail.tellurian.net">http://online.securityfocus.com/archive/88/5.1.0.14.0.20020327110028.01c68ab0@mail.tellurian.net

3. udp forwarding/filtering.. (Thread)
Relevant URL:

F77ivlQoMuDGzxTs53i00002c80@hotmail.com">http://online.securityfocus.com/archive/88/F77ivlQoMuDGzxTs53i00002c80@hotmail.com

4. ADSI and delegation (Thread)
Relevant URL:

20020326224749.85295.qmail@web14604.mail.yahoo.com">http://online.securityfocus.com/archive/88/20020326224749.85295.qmail@web14604.mail.yahoo.com

5. Frontpage 2000 (Thread)
Relevant URL:

200203261739.g2QHd0q08754@thumper.deltadentalwa.org">http://online.securityfocus.com/archive/88/200203261739.g2QHd0q08754@thumper.deltadentalwa.org

6. Frontpage 2000 (Thread)
Relevant URL:

3CA0932A.1010107@wolverinefreight.ca">http://online.securityfocus.com/archive/88/3CA0932A.1010107@wolverinefreight.ca

7. SecurityFocus Microsoft Newsletter #79 (Thread)
Relevant URL:

Pine.LNX.4.43.0203251550460.26206-100000@mail.securityfocus.com">http://online.securityfocus.com/archive/88/Pine.LNX.4.43.0203251550460.26206-100000@mail.securityfocus.com

8. udp forwarding/filtering.. (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/00d101c1d446$99a85670$0100a8c0@bosco

9. Port Ranges in IPSec (Thread)
Relevant URL:

3C9C862B.9090700@stofanet.dk">http://online.securityfocus.com/archive/88/3C9C862B.9090700@stofanet.dk

10. Encrypted partition solution for Windows OSes? (Thread)
Relevant URL:

20020322231409.7071.qmail@securityfocus.com">http://online.securityfocus.com/archive/88/20020322231409.7071.qmail@securityfocus.com

11. Encrypted partition solution for Windows OSes? (Thread)
Relevant URL:

DBC363EA37C5D311823A00508BCF2A6A09699B2C@seamail.ssofa.com">http://online.securityfocus.com/archive/88/DBC363EA37C5D311823A00508BCF2A6A09699B2C@seamail.ssofa.com

12. ISA-Server Problem (Thread)
Relevant URL:

9D884881F5E1F24FB845967851720FC302C9B80D@red-msg-12.redmond.corp.microsoft.com">http://online.securityfocus.com/archive/88/9D884881F5E1F24FB845967851720FC302C9B80D@red-msg-12.redmond.corp.microsoft.com

13. Group Policies on OUs not Propagated (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/000401c1d17d$164c9780$740110ac@kingen

14. Group Policies on OUs not Propagated (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/00fe01c1d13d$ae6a5920$66e9a8c0@sk3tchtogo

15. Sub7 (SubSeven), Win2k, and IE 5.5 (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/04c901c1d12a$4b256ca0$93a606d0@micheal

16. Outlook/Exchange (Thread)
Relevant URL:

Pine.LNX.4.43.0203211341360.9611-100000@abalone.zerobelow.org">http://online.securityfocus.com/archive/88/Pine.LNX.4.43.0203211341360.9611-100000@abalone.zerobelow.org

17. account lockout problems (Thread)
Relevant URL:

4D52392DA347B547927BF606F53221769806BC@DENEXCH00.sarkdenver.com">http://online.securityfocus.com/archive/88/4D52392DA347B547927BF606F53221769806BC@DENEXCH00.sarkdenver.com

18. Between Forest IPSec Implementation? (Thread)
Relevant URL:

9DC8A3D37E31E043BD516142594BDDFA1781AD@MISSION.foundstone.com">http://online.securityfocus.com/archive/88/9DC8A3D37E31E043BD516142594BDDFA1781AD@MISSION.foundstone.com

19. HFNetChk Pro vs. other means to push out updates (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/8628ADFB314FD5119C390008C7E9638EE7C890@MESSENGER

20. Sub7 (SubSeven), Win2k, and IE 5.5 (Thread)
Relevant URL:

2D91E1663BD330459B5D32C08AC4668243541A@huskirk.FATHOMTECHNOLOGY.COM">http://online.securityfocus.com/archive/88/2D91E1663BD330459B5D32C08AC4668243541A@huskirk.FATHOMTECHNOLOGY.COM

21. ISA-Server Problem (Thread)
Relevant URL:

20020321030747.3990.qmail@mail.securityfocus.com">http://online.securityfocus.com/archive/88/20020321030747.3990.qmail@mail.securityfocus.com

IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. ZoneAlarm Pro 3.0
by Zone Labs
Platforms: Windows 95/98, Windows NT, Windows 2000
Relevant URL:
http://www.zonelabs.com/products/index.html
Summary:

ZoneAlarm Pro provides one-click support for small and home office
networks, making it quick and easy to provide optimal security for all PCs
on your network. Businesses can easily custom-fit ZoneAlarm Pro to their
security needs to protect all Internet- or network-connected PCs by using
default, company-wide settings or by using ZoneAlarm Pro's expert network
administrator tools.

2. East-Tec Eraser 2002
by EAST Technologies
Platforms: Windows 95/98, Windows NT, Windows 2000, Windows XP
Relevant URL:
http://www.east-tec.com/eraser/
Summary:

East-Tec Eraser 2002 goes beyond U.S. Department of Defense standards for
the permanent erasure of digital information and easily removes every
trace of sensitive data from your computer. Completely destroy information
stored without your knowledge or approval: Internet history, Web pages and
pictures from sites visited on the Internet, unwanted cookies, chatroom
conversations, deleted e-mail messages, temporary files, the Windows swap
file, the Recycle Bin and previously deleted files that may be recovered
by anyone that has access to your computer or by hackers, private
investigators and law enforcement agencies. You may also eliminate
sensitive documents from your computer: valuable corporate trade secrets,
business plans, personal files, photos or confidential letters. Eraser has
an intuitive interface and wizards that guide you through all the
necessary steps needed to protect your privacy and sensitive information.
Other features include support for custom privacy needs, user-defined
erasure methods, command-line parameters, integration with Windows
Explorer, and password protection.

3. SuperScout Web Filter
by SurfControl
Platforms: Linux, UNIX, Solaris, Windows NT, Windows 2000, Netware
Relevant URL:
http://www.surfcontrol.com/business/products/superscout_web/
Summary:

SuperScout Web Filter 4.0 from SurfControl is the most flexible and
powerful tool for managing corporate Internet access. Enhance your ROI by
focusing employees on business use, maximizing network resources and
reducing the risks involved in providing Internet access at work.

4. Distributed Network Attack (DNA)
by AccessData
Platforms: Windows 95/98, Windows NT
Relevant URL:
http://www.accessdata.com/Product03_Overview.htm?ProductNum=03
Summary:

Distributed Network Attack, or DNA, is a new approach to recovering
password protected files. In the past, recoveries have been limited to the
processing power of one machine. DNA uses the power of machines across the
network or across the world to decrypt password Microsoft Word and Excel
documents. And with the latest update, DNA decrypts password protected
Adobe Acrobat (PDF) documents. And because it is an exhaustive key search,
not a dictionary based attack, you are guaranteed recovery.

V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Diskmon for Windows NT v1.1
by Mark Russinovich
Relevant URL:
http://www.sysinternals.com
Platforms: Windows NT
Summary:

Diskmon is a GUI/device driver combination that together monitor and
display all hard disk activity on a system. It has advanced search
capabilities that make it a powerful tool for exploring the way NT works
and seeing how file systems use the hard disks.

2. DHCP Fix v1.00
by AnalogX
Relevant URL:
http://www.analogx.com/contents/download/system/dhcpfix.htm
Platforms: Windows 95/98, Windows NT
Summary:

AnalogX DHCP Fix is just a simple program that closes a security hole in
Windows 95/98/2000 that can make it possible for another computer to
monitor every piece of information that comes and goes from it. The
program will allow you to enable or disable the registry entry that closes
this particular hole.

3. DeviceLock Millennium Edition
by SmartLine, Inc.
Relevant URL:
http://www.ntutility.com/dlme/
Platforms: Windows 95/98
Summary:

DeviceLock Me gives network administrators control over which users can
access what removable devices (floppies, Magneto-Optical disks, CD-ROMs,
ZIPs, etc.) on a local computer. Once DeviceLock Me is installed,
administrators can control access to floppies, CD-ROMs or any other
device, depending on the time of day and day of the week. DeviceLock Me
enhances access control for Windows System Administrators and helps
control removable disk usage. It can protect network and local computers
against viruses, trojans and other malicious programs often injected from
removable disks. Network administrators can also use DeviceLock Me to
flush a storage device's buffers. Remote control is also available.

4. DelGuest v1.2
by Arne Vidstrom, arne.vidstrom@ntsecurity.nu
Relevant URL:
http://ntsecurity.nu/toolbox/delguest/
Platforms: Windows NT
Summary:

DelGuest deletes the built-in Guest account in Windows NT. This account is
supposed to be impossible to delete, and it is impossible to delete
through the ordinary user interface, but with DelGuest you can do it.

VI. SPONSORSHIP INFORMATION
---------------------------
This Issue Sponsored by: Alcatel

How many times have you searched for technology information on the
Web…only to find out that the file you downloaded was really just a
manufacturer's not-to-thinly veiled attempt to sell you their products?
We've all been there.

Is there away to get vendor-neutral IT information without the headache?
You be the judge. Check out the Alcatel Information Resource Center, where
we email vendor-neutral IT news and information to keep you informed.

Click here to learn more and view samples.
http://alcatel.emark1.com/irc_intro.asp?form=irc_microsoft_4-1-02
-------------------------------------------------------------------------------



Relevant Pages

  • SecurityFocus Microsoft Newsletter #182
    ... Introducing the world's first and only complete Internal Security Gateway: ... Microsoft Windows XP Explorer.EXE Remote Denial of Service V... ... Apache Error Log Escape Sequence Injection Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #131
    ... MICROSOFT VULNERABILITY SUMMARY ... Advanced Poll Remote Information Disclosure Vulnerability ... PHPNuke News Module Article.PHP SQL Injection Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #171
    ... Better Management for Network Security ... GoodTech Telnet Server Remote Denial Of Service Vulnerabilit... ... ASPApp PortalAPP Remote User Database Access Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #237
    ... MICROSOFT VULNERABILITY SUMMARY ... JPortal Banner.PHP SQL Injection Vulnerability ... Microsoft Windows Kernel Object Management Denial Of Service... ... Microsoft Windows Message Queuing Remote Buffer Overflow Vul... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #211
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Kernel Local Denial of Service Vulnerabili... ... OCPortal Content Management System Remote File Include Vulne... ...
    (Focus-Microsoft)