[ISN] Security UPDATE, May 1, 2002

From: InfoSec News (isnat_private)
Date: Thu May 02 2002 - 00:10:22 PDT

  • Next message: InfoSec News: "[ISN] University systems a haven for hackers"

    ******************** 
    Windows & .NET Magazine Security UPDATE--brought to you by Security 
    Administrator, a print newsletter bringing you practical, how-to 
    articles about securing your Windows .NET Server, Windows 2000, and 
    Windows NT systems. 
       http://www.secadministrator.com 
    ******************** 
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    Computer Associates International, Inc. (CA)
       http://list.winnetmag.com/cgi-bin3/flo?y=eLkE0CJgSH0CBw01bH0A8
    
    VeriSign--The Value of Trust
       http://list.winnetmag.com/cgi-bin3/flo?y=eLkE0CJgSH0CBw01bI0AA
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    ~~~~ SPONSOR: COMPUTER ASSOCIATES INTERNATIONAL, INC. (CA) ~~~~ 
       Prevent viruses from halting your business. Keeping out costly 
    viruses is a full-time job. Let CA's eTrust(TM) Virus Defense Solution 
    stop viruses in their tracks, from the gateway to the desktop, while 
    you stay focused on your business. eTrust Virus Defense from Computer 
    Associates is a flexible, nodal-based solution that is also easy on 
    your bottom line. Call 1-800-875-9659 or visit
       http://list.winnetmag.com/cgi-bin3/flo?y=eLkE0CJgSH0CBw01bH0A8
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    May 1, 2002--In this issue: 
    
    1. IN FOCUS
         - Should Microsoft Add Another Security-Related Mailing List? 
    
    2. SECURITY RISK
         - Automatic Script Execution Vulnerability in Outlook 2002 and 
           Outlook 2000
    
    3. ANNOUNCEMENTS
         - Need 24 x 7 Availability?
         - Win a Personal Cinema Card at the Connected Home Virtual Tour
    
    4. SECURITY ROUNDUP
         - News: Intruders in Europe Might Face Jail Time 
         - Feature: SQL Server: Effective Installation
         - Feature: Windows XP Warning Overblown 
         - Feature: Wireless Security
    
    5. Instant Poll
         - Results of Previous Poll: Antivirus Defense Location 
         - New Instant Poll: Security Information Notification
    
    6. SECURITY TOOLKIT
         - Virus Center
         - FAQ: What Is MBSA?
     
    7. NEW AND IMPROVED
         - Virus Engines Bundled in Email Security Package
         - Enhanced Security for Remote Control with AES
    
    8. HOT THREADS 
         - Windows & .NET Magazine Online Forums
             - Featured Thread: How Can I Remove a COM1 Folder?
         - HowTo Mailing List
             - Featured Thread: Email Attachment as an Executable 
    
    9. CONTACT US 
       See this section for a list of ways to contact us. 
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor, 
    markat_private) 
    
    * SHOULD MICROSOFT ADD ANOTHER SECURITY-RELATED MAILING LIST? 
    
    Did you read the NTBugtraq mailing list last week? If not, you missed 
    some good points that list moderator Russ Cooper made. Cooper points 
    out that Microsoft sometimes falls short in the area of security 
    notifications, as I'm sure many of you will agree (see the URL below). 
    Cooper said, for example, that Microsoft doesn't adequately notify its 
    customers about the release of new service packs, security rollup 
    packages, and security updates for specific products, such as the 
    Outlook Email Security Update. In addition, the company doesn't 
    directly notify customers when it releases new security tools, such as 
    Microsoft Baseline Security Analyzer (MBSA), HFNetChk, and URLScan for 
    Microsoft IIS.
       
    http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0204&L=ntbugtraq&F=P&S=&P=9960
    
    Without such notification, customers remain unaware of new security-
    related tools and patch packages--at least until word gets out through 
    security-related mailing lists or until members of the press learn 
    about the tools and packages and publish articles that notify readers. 
    The lack of notification also makes Microsoft customers do extra work. 
    Cooper notes, for example, that installing Microsoft's security rollup 
    packages often eliminates the need to install numerous individual 
    patches because the rollup packages contain all the patches released to 
    date. In addition, security rollup packages might contain additional 
    patches not related to a specific Microsoft security bulletin. 
    
    Cooper didn't but could have included security-related TechNet articles 
    among the examples that support his point. Sometimes, Microsoft 
    releases security information exclusively in TechNet articles but 
    doesn't notify customers about the articles. The recent Microsoft 
    article "Denial of Service Attack on Port 445 May Cause Excessive CPU 
    Use," which outlines registry tweaks that help prevent Denial of 
    Service (DoS) attacks, is a case in point. Microsoft released the 
    article in mid-April to help administrators, but didn't notify 
    customers about it. Instead, customers found out through mailing lists 
    and news reports. We published a related news story ("Microsoft Article 
    Q320751: Denial of Service Workarounds") in last week's Security UPDATE 
    (see the URL below).
       http://www.secadministrator.com/articles/index.cfm?articleid=24930
    
    If you read that news story and clicked the embedded link to the 
    Microsoft article, you know that the article was on the TechNet Web 
    site at the time of publication. However, when I looked for the article 
    Monday, someone had removed it from the TechNet Web site. What's going 
    on? I don't know because Microsoft doesn't publish any information in 
    such instances--so it's a case of now you see it, now you don't!
    
    Microsoft apparently has at least two approaches to security-related 
    notifications: one approach for issued security bulletins and another 
    for other security-related matters. Cooper believes that in addition to 
    security-related hotfixes, Microsoft should issue a security bulletin 
    every time the company releases a security-related patch or tool. 
    That's a good idea, but perhaps publishing all security-related 
    information in security bulletins might not be the best way to handle 
    such user notification. 
    
    Alternatively, Microsoft could establish a second security-related 
    mailing list to notify users about non-bulletin security matters, such 
    as the release of new service packs, the publication or withdrawal of 
    pertinent TechNet articles, and the release or update of new security-
    related tools such as MBSA and URLScan. Developing an additional user-
    notification method--whether that involves new bulletins or a second 
    mailing list--would certainly benefit Microsoft's "Get Secure and Stay 
    Secure" initiative. As matters stand now, users must rely on third 
    parties for important security information. 
    
    What do you think? Would you benefit from Microsoft notifying you about 
    additional security-related information and resources? If you believe 
    you would benefit, would you prefer to be notified through a security 
    bulletin or through a new Microsoft security mailing list? Please stop 
    by the Security Administrator home page (see the URL below) and respond 
    to our new Instant Poll. I also welcome email messages with your 
    further thoughts about security-related notification 
    (markat_private). I look forward to your responses.
       http://www.secadministrator.com
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    ~~~~ SPONSOR: VERISIGN--THE VALUE OF TRUST ~~~~ 
       FREE E-COMMERCE SECURITY GUIDE
       Is your e-business built on a strong, secure foundation? Find out 
    with VeriSign's FREE White Paper, "Building an E-Commerce Trust 
    Infrastructure." Learn how to authenticate your site to customers, 
    secure your web servers with 128-Bit SSL encryption, and accept secure 
    payments online. Click here:
       http://list.winnetmag.com/cgi-bin3/flo?y=eLkE0CJgSH0CBw01bI0AA
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    2. ==== SECURITY RISK ====
       (contributed by Ken Pfeil, kenat_private)
    
    * AUTOMATIC SCRIPT EXECUTION VULNERABILITY IN OUTLOOK 2002 AND OUTLOOK 
    2000
       Microsoft Outlook 2002 and Outlook 2000 contain a vulnerability that 
    can let an attacker execute arbitrary scripts under the user's security 
    context on the vulnerable computer. This vulnerability stems from a 
    difference in the security settings that the system applies when it 
    displays rather than edits an email message. Microsoft has released 
    Security Bulletin MS02-021 (E-mail Editor Flaw Could Lead to Script 
    Execution on Reply or Forward) to address this vulnerability and 
    recommends that affected users apply the appropriate patch listed in 
    the bulletin.
       http://www.secadministrator.com/articles/index.cfm?articleid=25002
    
    3. ==== ANNOUNCEMENTS ====
    
    * NEED 24 X 7 AVAILABILITY?
       High-availability networks, systems, and applications are crucial to 
    every business. Sign up for our free Webinar taking place on May 24 
    (sponsored by MKS), and find out how to achieve 24 x 7 availability on 
    Windows 2000. Windows & .NET Magazine author Tim Huckaby shares his 
    expertise on load balancing, monitoring, and more. Register today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eLkE0CJgSH0CBw0qQh0AS
    
    * WIN A PERSONAL CINEMA CARD AT THE CONNECTED HOME VIRTUAL TOUR
       If you think you've already seen the Connected Home Virtual Tour, 
    think again. Browse through the latest home entertainment, home 
    networking, and home automation options and check out our special 
    feature on wiring your home. Sign up for prize drawings, too, and you 
    might win a free personal cinema card, courtesy of VisionTek and 
    nVIDIA. Take the tour today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eLkE0CJgSH0CBw0LTe0Ap
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: INTRUDERS IN EUROPE MIGHT FACE JAIL TIME 
       The European Union (EU) has proposed a "Council Framework Decision" 
    that would help standardize criminal law across all member nations as 
    they prosecute computer-related crimes. The framework defines 
    punishment for offenses that include unauthorized access to computers, 
    Denial of Service (DoS) attacks, intentional propagation of destructive 
    code such as worms and viruses, malicious interception of 
    communications, and identity theft. 
       http://www.secadministrator.com/articles/index.cfm?articleid=24982
    
    * FEATURE: SQL SERVER: EFFECTIVE INSTALLATION
       Microsoft tries to make installing its software as smooth and easy 
    as possible, and Microsoft SQL Server 2000's installation is no 
    exception. From the installation CD-ROM, you load setupsql.exe from the 
    x86\setup folder, fill in a few details on the setup screens, and 
    within a few minutes, the installation proceeds without further user 
    intervention. You can even successfully install SQL Server 2000 without 
    understanding what the choices mean, just by clicking Next in most of 
    the setup dialog boxes. However, I strongly advise you not to treat the 
    installation lightly. Pay attention to each option, and make sure you 
    thoroughly understand the implications of each choice you make. Some 
    bad decisions, such as wrong collation settings, might be hard to fix; 
    others, such as accepting the default authentication, might create 
    security holes.
       http://www.secadministrator.com/articles/index.cfm?articleid=24317
    
    * FEATURE: WINDOWS XP WARNING OVERBLOWN
       When it comes to Windows XP, no report is too innocuous to be 
    dragged out, dissected, and--apparently--blown out of proportion by the 
    mainstream media. Consider, for example, the XP Universal Plug and Play 
    (UPnP) vulnerability. By far, the most interesting aspect about the 
    UPnP vulnerability is the irresponsible way in which various media 
    entities reported it.
       http://www.secadministrator.com/articles/index.cfm?articleid=24487
    
    * FEATURE: WIRELESS SECURITY
       The weak security of 802.11's built-in Wired Equivalent Privacy 
    (WEP) algorithm is enough to give managers nightmares. Indeed, many IT 
    managers have delayed 802.11 implementations until standards committees 
    finish work on a more robust means of securing wireless networks. 
    Others have decided to use WEP and hope for the best. However, secure 
    solutions are available.
       http://www.secadministrator.com/articles/index.cfm?articleid=24549
    
    5. ==== INSTANT POLL ====
    
    * RESULTS OF PREVIOUS POLL: ANTIVIRUS DEFENSE LOCATION 
       The voting has closed in Windows & .NET Magazine's Security 
    Administrator Channel nonscientific Instant Poll for the question, 
    "Where have you placed your organization's antivirus defenses?" Here are 
    the results (+/X percent) from the 365 votes:
       -   5% On desktops 
       -   3% On email servers 
       -   2% On file servers
       -   1% At the Internet border    
       -  89% At two or more of the above locations 
    
    * NEW INSTANT POLL: SECURITY INFORMATION NOTIFICATION 
       The next Instant Poll question is, "How should Microsoft notify its 
    customers about new service packs and new or updated security-related 
    rollup packages, tools, and TechNet articles?" Go to the Security 
    Administrator Channel home page and submit your vote for a) Microsoft 
    should issue security bulletins for all security-related matters, b) 
    Microsoft should add a mailing list for non-bulletin security matters, 
    or c) Microsoft needn't notify customers in any additional ways.
       http://www.secadministrator.com
    
    6. ==== SECURITY TOOLKIT ==== 
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed 
    to bring you the Center for Virus Control. Visit the site often to 
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: WHAT IS MBSA?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. Microsoft has released Microsoft Baseline Security Analyzer (MBSA), 
    a tool that analyzes a system for security information related to its 
    Windows OS version, Microsoft IIS version, Microsoft SQL Server 
    version, hotfixes, and passwords.
       You can use MBSA to run checks against local or remote machines. The 
    tool runs only on Windows .NET Server (Win.NET Server), Windows XP, and 
    Windows 2000-based systems. However, you can use the tool to scan 
    remote computers that run Windows NT 4.0 Service Pack 4 (SP4) or later.
       For more information about MBSA, visit Microsoft's Web site at the 
    first URL below. To download MBSA, visit Microsoft's download Web site 
    at the second URL below.
       http://support.microsoft.com/default.aspx?scid=kb;en-us;q320454
    
    http://download.microsoft.com/download/win2000platform/install/1.0/nt5xp/en-us/mbsasetup.msi
    
       After you download the tool, run the mbsasetup.msi file to install 
    MBSA. You can execute the MBSA shortcut from the Start menu to run the 
    tool in graphical mode, or you can type mbsacli.exe at the command 
    prompt. Windows doesn't add the MBSA program to the PATH variable by 
    default, so you must either navigate to the \%programfiles%\microsoft 
    baseline security analyzer folder or add this folder to your PATH 
    statement.
    
    7. ==== NEW AND IMPROVED ==== 
       (contributed by Judy Drennen, productsat_private) 
    
    * VIRUS ENGINES BUNDLED IN EMAIL SECURITY PACKAGE
       SOFTWIN announced that its ICSA-certified BitDefender virus engine 
    and Norman Virus Control will ship with GFI's MailSecurity, a new email 
    security package. GFI MailSecurity runs multiple best-of-breed virus 
    engines simultaneously to ensure maximum protection against virus 
    assaults. GFI MailSecurity is available for the Virus Scanning (VS) API 
    or as an SMTP gateway version. The VS API version integrates seamlessly 
    with Microsoft Exchange Server 2000 and scans the Exchange 2000 
    Information Stores (ISs). Price includes virus updates for 1 year and 
    free support for 3 months after purchase. Prices start at $295 for 10 
    mailboxes. Contact GFI at 888-243-4329 or salesat_private
       http://www.gfi.com/mailsecurity
    
    * ENHANCED SECURITY FOR REMOTE CONTROL WITH AES
       Vector Networks released PC-Duo 7.0, a remote control PC-management 
    product that includes encryption options ranging from 56-bit Data 
    Encryption Standard (DES) through new Pentagon-driven 256-bit Advanced 
    Encryption Standard (AES). PC-Duo supports Windows XP Server and XP 
    Professional and costs $817.50 per 10-user license. Contact Vector 
    Networks at 800-330-5035 or probinson@vector-networks.co.uk.  
       http://www.vector-networks.com
    
    8. ==== HOT THREADS ==== 
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS 
       http://www.winnetmag.net/forums
    
    Featured Thread: How Can I Remove a COM1 Folder?
       (21 messages in this thread)
    
    Christer writes that he runs an FTP server, and he noticed a COM1 
    directory within his PUB directory. The COM1 folder contains 600GB of 
    data, but he can't open or delete the folder. When he tries, Windows 
    reports that the directory can't be found. Do you know how he can 
    remove the folder? Read the responses or lend a hand at the following 
    URL:
       http://www.secadministrator.com/forums/thread.cfm?thread_id=99095
    
    * HOWTO MAILING LIST
       http://www.secadministrator.com/listserv/page_listserv.asp?s=howto
    
    Featured Thread: Email Attachment as an Executable
       (One message in this thread)
    
    Dante received a sample of a file as an email attachment, and the file 
    might contain a virus. The file was saved as hammerhart.txt.{3050F4D8-
    98B5-11CF-BB82-00AA00BDCE0B}. 
       When he right-clicks the file, it shows as an HTML application, and 
    the file wants to execute. He wants to know whether anyone knows why a 
    file extension of .{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B} is considered 
    an application? Can you help? Read the responses or lend a hand at the 
    following URL:
       
    http://63.88.172.96/listserv/page_listserv.asp?a2=ind0204d&l=howto&p=438
    
    9. ==== CONTACT US ==== 
       Here's how to reach us with your comments and questions: 
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- vpattersonat_private (please 
    mention the newsletter name in the subject line) 
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums 
    
    * PRODUCT NEWS -- productsat_private 
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer 
    Support -- securityupdateat_private 
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private 
    
    ******************** 
    
       This email newsletter is brought to you by Security Administrator, 
    the print newsletter with independent, impartial advice for IT 
    administrators securing a Windows 2000/Windows NT enterprise. Subscribe 
    today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of 
    your choice. Subscribe to our other FREE email newsletters. 
       http://www.winnetmag.net/email 
    
    |-+-+-+-+-+-+-+-+-+-| 
    
    Thank you for reading Security UPDATE.
    
    Copyright 2002, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu May 02 2002 - 04:30:56 PDT