SecurityFocus Microsoft Newsletter #219
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 12/15/04
- Previous message: Burak Bayoglu: "RE: services running in windows domain (winXP clients)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Dec 2004 14:54:30 -0700 (MST) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #219
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Online Extortion Works
2. WEP:Dead Again, Part 1
II. MICROSOFT VULNERABILITY SUMMARY
1. IBM WebSphere Commerce Default User Information Disclosure V...
2. Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remot...
3. Hosting Controller FilePath Parameter File Disclosure Vulner...
4. Microsoft Internet Explorer FTP URI Arbitrary FTP Server Com...
5. Microsoft Internet Explorer Sysimage Protocol Handler Local ...
6. Headlight Software GetRight DUNZIP32.dll Remote Buffer Overf...
7. Microsoft Internet Explorer Search Pane URI Obfuscation Vuln...
8. Microsoft Internet Explorer Remote Window Hijacking Vulnerab...
9. Kerio Personal Firewall Local Denial Of Service Vulnerabilit...
10. Microsoft Windows Multiple Unspecified Vulnerabilities
11. Kerio WinRoute Firewall Multiple Unspecified Remote Vulnerab...
12. Microsoft Office SharePoint Portal Server Local Information ...
III. MICROSOFT FOCUS LIST SUMMARY
1. Secondary Storage Device Policy (Thread)
2. iisadmpwd/UPN (Thread)
3. Group policy help needed!!! (Thread)
4. services running in windows domain (winXP clients) (Thread)
5. Modifying default behaviour of MS VPN client (Thread)
6. SecurityFocus Microsoft Newsletter #218 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. IDS Policy Manager v1.5
2. PatchLink Update 6.01.78
3. Dekart Private Disk 2.03
4. Remote Process Watcher 1.0
5. Rkdscan 1.0
6. Spybot-S&D 1.3
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Online Extortion Works
By Scott Granneman
Online extortion is quietly affecting thousands of businesses, for a very
simple reason: it works. The big question then becomes, how will you and
your company decide to respond?
http://www.securityfocus.com/columnists/283
2. WEP:Dead Again, Part 1
By Michael Ossmann
This article is the first of a two-part series that looks at the new
generation of WEP cracking tools for WiFi networks, which offer
dramatically faster speeds for penetration testers over the previous
generation of tools. In many cases, a WEP key can be determined in seconds
or minutes.
http://www.securityfocus.com/infocus/1814
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. IBM WebSphere Commerce Default User Information Disclosure V...
BugTraq ID: 11816
Remote: Yes
Date Published: Dec 03 2004
Relevant URL: http://www.securityfocus.com/bid/11816
Summary:
It is reported that WebSphere Commerce is susceptible to an information disclosure vulnerability.
This vulnerability may result in potentially sensitive customer data being available to the default user, possibly allowing unintended users to gain access to it.
This vulnerability is reported to affect versions 5.1, 5.4, 5.5, and 5.6.
2. Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remot...
BugTraq ID: 11820
Remote: Yes
Date Published: Dec 06 2004
Relevant URL: http://www.securityfocus.com/bid/11820
Summary:
The Microsoft Windows 2000 Resource Kit supports many utilities designed for diagnostic administration of the Windows platform. The w3who.dll library is a utility designed to provide auditing of server configuration remotely through a Web browser.
Multiple remote vulnerabilities affect the w3who.dll library of Microsoft's Windows Resource Kit. These issues are due to a failure of the library to properly sanitize and perform proper bounds checking on user-supplied input.
The first two issues are cross-site scripting vulnerabilities. The final issue is a buffer overflow vulnerability.
These issues may be exploited to conduct cross-site scripting attacks and execute arbitrary code with the privileges of the affected Web server. This may facilitate theft of cookie based authentication credentials, unauthorized access, privileges escalation other attacks.
3. Hosting Controller FilePath Parameter File Disclosure Vulner...
BugTraq ID: 11822
Remote: Yes
Date Published: Dec 06 2004
Relevant URL: http://www.securityfocus.com/bid/11822
Summary:
Multiple scripts of Hosting Controller are prone to an issue which may allow a remote attacker to view the contents of arbitrary files and directories on the local drive.
It is reported that a successful attack allows an attacker to view any file or directory on the affected computer through a 'FilePath' parameter.
Hosting Controller version 6.1 Hotfix 1.4 and prior may be affected by this issue.
4. Microsoft Internet Explorer FTP URI Arbitrary FTP Server Com...
BugTraq ID: 11826
Remote: Yes
Date Published: Dec 06 2004
Relevant URL: http://www.securityfocus.com/bid/11826
Summary:
Microsoft Internet Explorer is reported prone to an arbitrary FTP server command execution vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to utilizing it to execute FTP commands on remote servers.
This vulnerability allows attackers to embed arbitrary FTP server commands in malicious URIs. Upon following this malicious URI, the victim users Web browser will reportedly connect to the attacker-specified FTP server, and the malicious commands will be sent to the server. This may allow malicious files to be downloaded to the victims computer without their knowledge. Other attacks are also likely possible.
5. Microsoft Internet Explorer Sysimage Protocol Handler Local ...
BugTraq ID: 11834
Remote: Yes
Date Published: Dec 07 2004
Relevant URL: http://www.securityfocus.com/bid/11834
Summary:
Microsoft Internet Explorer is reported prone to a vulnerability that may allow a remote site to detect files on the local computer.
A remote attacker can exploit this issue through the ''sysimage://' protocol handler to detect the existence of a file on the local computer of the Web client viewing a malicious page. This could lead to a disclosure of sensitive information to remote attackers.
6. Headlight Software GetRight DUNZIP32.dll Remote Buffer Overf...
BugTraq ID: 11836
Remote: Yes
Date Published: Dec 07 2004
Relevant URL: http://www.securityfocus.com/bid/11836
Summary:
GetRight is reported prone to a remote buffer overflow vulnerability when handling specially crafted skin files. This issue presents itself due to insufficient boundary checks performed by the application. It is reported that this vulnerability occurs in the DUNZIP32.dll compression library.
It is conjectured that this issue results in a denial of service condition and may be leveraged to execute arbitrary code on a vulnerable computer.
7. Microsoft Internet Explorer Search Pane URI Obfuscation Vuln...
BugTraq ID: 11851
Remote: Yes
Date Published: Dec 08 2004
Relevant URL: http://www.securityfocus.com/bid/11851
Summary:
A remote URI obfuscation vulnerability has been found in Internet Explorer's search pane functionality. This issue is due to a failure of the application to present the URI address of HTML and script code loaded into the search pane.
This issue may be leveraged by an attacker to display misleading information in the address bar of the browser to an unsuspecting user while loading a third party Web site in the search pane. This may allow an attacker to present web pages to users that seem to originate from a trusted location. This may facilitate phishing style attacks; other attacks may also be possible.
8. Microsoft Internet Explorer Remote Window Hijacking Vulnerab...
BugTraq ID: 11855
Remote: Yes
Date Published: Dec 08 2004
Relevant URL: http://www.securityfocus.com/bid/11855
Summary:
Microsoft Internet Explorer is reported prone to a vulnerability that may allow a Web site to hijack the contents of a trusted window. This issue may allow a remote attacker to carry out phishing style attacks.
This issue arises as a user visits a malicious site and follows a link to a trusted site. Once the link to the trusted site is followed, the victim must open a pop up window from the trusted site that can be influenced by the attacker's site.
If successful, the contents of the target site's window can be spoofed resulting in phishing style attacks.
9. Kerio Personal Firewall Local Denial Of Service Vulnerabilit...
BugTraq ID: 11859
Remote: No
Date Published: Dec 08 2004
Relevant URL: http://www.securityfocus.com/bid/11859
Summary:
It is reported that the Kerio Personal Firewall (KPF) driver does not sufficiently sanitize API parameters that are received from API's that are hooked by KPF. When the KPF API hook handles certain parameter data it will fail. Reports indicate that this exception is not expected and as a result, the Windows kernel crashes triggering a system wide denial of service.
A local attacker may exploit this vulnerability to deny service to legitimate users.
10. Microsoft Windows Multiple Unspecified Vulnerabilities
BugTraq ID: 11867
Remote: Unknown
Date Published: Dec 09 2004
Relevant URL: http://www.securityfocus.com/bid/11867
Summary:
Microsoft has released advanced notification that they will be releasing five security bulletins for Windows on December 14th, 2004.
No further information regarding the vulnerabilities addressed by these security bulletins has been released at this time.
11. Kerio WinRoute Firewall Multiple Unspecified Remote Vulnerab...
BugTraq ID: 11870
Remote: Yes
Date Published: Dec 10 2004
Relevant URL: http://www.securityfocus.com/bid/11870
Summary:
Multiple unspecified remote vulnerabilities reportedly affect Kerio's WinRoute Firewall. These issues are likely due to design errors and a failure or the application to properly handle malformed network data, although this is not verified.
The first issue is a remote denial of service that may cause the affected computer to crash or hang. The second issue is a DNS cache poisoning vulnerability. The final issue is an information disclosure vulnerability.
An attacker may exploit these issues to gain access to otherwise restricted information and manipulate the DNS cache of the affected firewall, potentially facilitating further attacks against the affected network. Also an attacker may leverage these issues to cause the affected computer to crash or hang, facilitating a denial of service condition.
12. Microsoft Office SharePoint Portal Server Local Information ...
BugTraq ID: 11878
Remote: No
Date Published: Dec 10 2004
Relevant URL: http://www.securityfocus.com/bid/11878
Summary:
Microsoft Office SharePoint Portal Server is reported prone to a local information disclosure weakness. The vulnerability presents itself when SharePoint Portal Server components are being installed by a user account that employs a password credential containing a prefixed '-' character.
Under these circumstances the SharePoint Portal Server component installation will fail and the password for the user account used to install the software will be logged to the following file:
'%WinDir%\temp\STSADM.log-setup_{date} {time}.log'.
A local attacker may peruse the aforementioned log files in the hopes that they contain the password of a target user.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Secondary Storage Device Policy (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384405
2. iisadmpwd/UPN (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384402
3. Group policy help needed!!! (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384401
4. services running in windows domain (winXP clients) (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/384397
5. Modifying default behaviour of MS VPN client (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/383892
6. SecurityFocus Microsoft Newsletter #218 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/383606
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. IDS Policy Manager v1.5
By: ActiveWorx
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
IDS Policy Manager was designed to manage Snort IDS sensors in a distributed environment. This is done by having the ability to take the textconfiguration and rule files and allow you to modify them with an easy touse graphical interface. With the added ability to merge new rule sets,manage preprocessors, control output modules and scp rules to sensors, thistool makes managing snort easy for most security professionals.
2. PatchLink Update 6.01.78
By: PatchLink Corporation
Relevant URL: http://www.patchlink.com/products_services/plu_evaluationrequest.html
Platforms: AIX, DG-UX, Digital UNIX/Alpha, DOS, HP-UX, Java, Linux, MacOS, Net, NetBSD, Netware, OpenVMS, PalmOS, POSIX, SecureBSD, SINIX, Solaris, SunOS, True64 UN, True64 UNIX, Ultrix, UNICOS, UNIX, Unixware, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
With PATCHLINK UPDATE, patch management is the secure, proactive, and preventative process it should be. PATCHLINK UPDATE scans networks for security holes and closes them with the click of a mouse, no matter the operating system, the vendor applications, the mix, or the size of the environment. From 5K nodes to 20+K nodes, PATCHLINK UPDATE works quickly, accurately and safely to ensure desktops and servers are patched correctly and completely the first time around.
3. Dekart Private Disk 2.03
By: Dekart
Relevant URL: http://www.private-disk.net/
Platforms: Windows XP
Summary:
Private Disk - is an easy-to-use, reliable, user-friendly and smart program that lets you create encrypted disk partitions (drive letters) to keep your private and confidential data secure. Uses 256-bit AES encryption.
4. Remote Process Watcher 1.0
By: Fitsec Tmi
Relevant URL: http://www.fitsec.com/downloads
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
A Java based software that watches processes running on the computers inside a domain. Gives out warnings when it spots a process that it doesn't recognize or processes that have been marked on the warning list. It is also able to autokill processes marked as critical.
5. Rkdscan 1.0
By: Andres Tarasco - www.sia.es
Relevant URL: http://cyruxnet.org/download/rkdscan.rar
Platforms: Windows 2000
Summary:
Rkdscan is able to remotely detect if NT based Computers are compromised With "Hacker Defender" Rootkit
6. Spybot-S&D 1.3
By: Patrick M. Kolla
Relevant URL: http://www.spybot.info/en/index.html
Platforms: Windows XP
Summary:
Spybot - Search & Destroy can detect and remove spyware of different kinds
from your computer. Spyware is a relatively new kind of threat that
common anti-virus applications do not yet cover. If you see new toolbars in
your Internet Explorer that you didn't intentionally install, if your browser
crashes, or if you browser start page has changed without your knowing, you
most probably have spyware. But even if you don't see anything, you may be
infected.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Burak Bayoglu: "RE: services running in windows domain (winXP clients)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
