[ISN] Security UPDATE, July 10, 2002

From: InfoSec News (isnat_private)
Date: Thu Jul 11 2002 - 04:05:13 PDT

  • Next message: InfoSec News: "RE: [ISN] Lights' malfunction at airport attributed to computer glitch"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows .NET Server, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    Free Demo--Panda Antivirus Enterprise Suite
       http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw023o0AU
    
    Exchange & Outlook Administrator Web Site
       http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw023p0AV
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: FREE DEMO--PANDA ANTIVIRUS ENTERPRISE SUITE ~~~~
       Panda Antivirus Enterprise Suite is a fully integrated and seamless
    security solution that protects networks from all sides of attack -
    from firewalls, SMTP gateways, proxy servers to Exchange Servers and
    desktops. Panda not only detects and destroys more than 63,000 known
    viruses, but heuristically scans and eliminates unknown malicious
    code. Truly automatic updates every 24 hours. Central Administration.
    24x7x365 free tech support. Disinfects virus-infected email at the
    packet level. Download a FREE demo now.
       http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw023o0AU
    
    ~~~~~~~~~~~~~~~~~~~~
    
    July 10, 2002--In this issue:
    
    1. IN FOCUS
         - Five-Minute Security Advisor--and More
    2. SECURITY RISKS
         - Multiple Vulnerabilities in WMP
         - Multiple Vulnerabilities in Commerce Server 2002 and Commerce
           Server 2000
    
    3. ANNOUNCEMENTS
         - Get Valuable Info for Free with IT Consultant Newsletter
         - July Is Hot! Our Free Webinars Are Cool!
    
    4. SECURITY ROUNDUP
         - News: EU Warns Microsoft About Palladium
         - Feature: External Firewall Attacks
    
    5. INSTANT POLL
         - Results of Previous Poll: Is OSS Less Secure?
         - New Instant Poll: Credit Card Information Theft
    
    6.SECURITY TOOLKIT
         - Virus Center
         - FAQ: Why Do I Receive the Error Message "You May Not Remove the
           Local Logon Right from the Administrators Local Group" When I 
           Edit User Rights?
    
    7. NEW AND IMPROVED
         - End-to-End Security Solution for Small and Large Enterprises
         - Bootability Added to USB 2.0 and FireWire
    
    8. HOT THREADS
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Mapping Drives Through ISA Server 2000
    
    9. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor,
    markat_private)
    
    * FIVE-MINUTE SECURITY ADVISOR--AND MORE
    
    Have you seen Microsoft's "5-Minute Security Advisor" documents?
    According to the company's TechNet site (where you'll find the
    documents), "The 5-Minute Security Advisor series has been created to
    help quickly communicate important security topics, tasks, and issues.
    The advisor will point to the content necessary to go deeper into
    technical details or into step-by-step, how-to guides."
       http://www.microsoft.com/technet/columns/security/5min/default.asp
    
    The series currently includes 15 documents divided into four levels,
    with each level based on users' situations, expertise, and needs.
    You'll find security-related documents for small office/home office
    (SOHO) and home users, power users, IT professionals, and network and
    systems administrators. Available documents cover a range of subjects:
       - Simple Firewall Setup for Home Office Users
       - Protecting Your Computer Against Compromise
       - Configuring Your Computer for Multiple Users
       - Getting the Most from Windows Update (Automated Security
    Assessment and Updates)
       - Essential Security Tools for Home Office and Power Users
       - Using the Encrypting File System
       - Basic Physical Security
       - Using the Internet Connection Firewall
       - The Road Warrior's Guide to Laptop Protection
       - How Windows XP Protects Your Privacy
       - How Outlook Security Works
       - Configuring Outlook Web Access
       - Choosing A Good Password Policy
       - Recovering Encrypted Data Using EFS
       - Signing Office Objects
    As you can see, the list includes a variety of topics--and if you want
    to see a document about a particular topic that isn't covered, you're
    invited to submit that topic for the series.
     
    In addition to the 5-Minute Security Advisor documents, Microsoft
    maintains a long list of "Security How-Tos" that explain various tasks
    you're likely to perform on Windows-based systems. On the how-to Web
    page, you'll find dozens of documents that cover various aspects of
    security for XP, Windows 2000 Server, Win2K Professional, Microsoft
    IIS, and Microsoft Internet Security and Acceleration (ISA) Server
    2000. For example, the IIS section includes information about how to
    prevent mail relaying through the SMTP connector and how to use IP
    Security (IPSec) to secure communications between hosts. The XP
    section includes instructions for sharing encrypted files and for
    preventing users from running or stopping scheduled services. The ISA
    Server 2000 section includes information about how to filter Web Proxy
    cache entries. Although most of the articles have been published and
    available in the TechNet database for some time, they seem to have
    been recently updated.
       http://www.microsoft.com/technet/itsolutions/howto/sechow.asp
    
    Finally, have you tried Microsoft Software Update Services (SUS)? The
    service (see the first URL below) is designed to audit a system and
    determine which patches that system might need. You can learn more
    about SUS at the first URL below, where Microsoft has posted
    additional information that includes a Flash-based demo of the
    service. The two versions of SUS serve individual users (see the
    second URL below) as well as corporate users. I've seen complaints
    about SUS posted on various mailing lists. For example, to determine
    whether a specific patch is missing, SUS checks only registry keys,
    whereas another Microsoft tool, HFNetChk, checks files to detect
    versioning or checksum issues that SUS would miss. If you use SUS or a
    third-party patch-auditing tool instead, please send me an email
    message about your experience.
       http://www.microsoft.com/technet/ittasks/support/corpwu.asp
       http://windowsupdate.microsoft.com
    
    I'm not surprised that Microsoft's emphasis on security and
    trustworthy computing has led to an increased emphasis on security
    resources. Let me know what you think about these resources, such as
    the 5-Minute Security Advisor documents, or about other resources
    you've discovered.
     
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: EXCHANGE & OUTLOOK ADMINISTRATOR WEB SITE ~~~~
       GOT A MESSAGING PROBLEM YOU CAN'T SEEM TO FIX?
       Visit our Exchange & Outlook Administrator Web site for news,
    articles, discussion forums, FAQs, and technical solutions in one,
    easy-to-navigate Web site. While you're there, check out the popular
    article "Is Your Exchange Server Relay-Secure?" at
       http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw02uh0AT
       http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw023p0AV
    
    ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== SECURITY RISKS ====
    
    * MULTIPLE VULNERABILITIES IN WMP
       Jelmer and the Security Internals Research Team discovered multiple
    vulnerabilities in Microsoft Windows Media Player (WMP), one of which
    could result in an attacker executing arbitrary code on the vulnerable
    system. Microsoft Security Bulletin MS02-032 (26 June 2002 Cumulative
    Patch for Windows Media Player) addresses this vulnerability and
    recommends that affected users download and apply the appropriate
    patch mentioned in the bulletin. These patches are cumulative and
    address all previously discovered WMP vulnerabilities.
       http://www.secadministrator.com/articles/index.cfm?articleid=25784
    
    * MULTIPLE VULNERABILITIES IN COMMERCE SERVER 2002 AND 2000
       Mark Litchfield of Next Generation Security Software discovered
    multiple vulnerabilities in Microsoft Commerce Server 2002 and
    Commerce Server 2000, each of which can run an attacker's choice of
    code. Microsoft Security Bulletin MS02-033 (Unchecked Buffer in
    Profile Service Could Allow Code Execution in Commerce Server)
    addresses this vulnerability and recommends that affected users
    download and apply the appropriate patch mentioned in the bulletin.
    These patches are cumulative and address all previously discovered
    vulnerabilities in the affected product.
       http://www.secadministrator.com/articles/index.cfm?articleid=25785
    
    3. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * GET VALUABLE INFO FOR FREE WITH IT CONSULTANT NEWSLETTER
       Sign up today for IT ConsultantWire, a FREE email newsletter from
    Penton Media. This newsletter is specifically designed for IT
    consultants, bringing you news, product analysis, project management
    and business logic trends, industry events, and more. Find out more
    about this solution-packed resource and sign up for FREE at
       http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw0rfb0AC
    
    * JULY IS HOT! OUR FREE WEBINARS ARE COOL!
       Check out our latest Web seminar offerings from Windows & .NET
    Magazine. "Storage, Availability, and You," sponsored by VERITAS, will
    help you bring your Windows storage under control. "Easing the
    Migration: 15 Tips for Your Windows 2000 Journey", sponsored by
    ePresence, will help you plan and implement a successful Win2K
    migration. Find out more and register today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eMbi0CJgSH0CBw02lB0Ag
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: EU WARNS MICROSOFT ABOUT PALLADIUM
       Incoming European Union (EU) Competition Directorate-General Philip
    Lowe warned Microsoft yesterday that its upcoming security plan,
    Trustworthy Computing (code-named Palladium), shouldn't exclude the
    company's competitors. Speaking at a conference sponsored by the
    American Antitrust Institute, Lowe said that the EU will ensure that
    "[Microsoft] competitors have the capacity to offer the range of
    services they want to provide, including security. We have always
    emphasized ... interoperability."
       http://www.secadministrator.com/articles/index.cfm?articleid=25774
    
    * FEATURE: EXTERNAL FIREWALL ATTACKS
       Malicious intruders use literally hundreds of methods and tools
    when they attempt to compromise PCs. Some attacks are technically
    sophisticated and require the skills of a learned intruder. But more
    and more often, worms and Trojan horses automate external attacks that
    scour the Internet looking for vulnerable machines. Attackers use
    compromised machines as a staging area for more attacks against new
    machines. In this article, Roger Grimes outlines some of the more
    common attack types you're likely to experience.
       http://www.secadministrator.com/articles/index.cfm?articleid=25543
    
    5. ==== INSTANT POLL ====
    
    * RESULTS OF PREVIOUS POLL: IS OSS LESS SECURE?
       The voting has closed in Windows & .NET Magazine's Security
    Administrator Channel nonscientific Instant Poll for the question, "Do
    you think that open source software (OSS) is less secure than closed
    source software, such as Windows?" Here are the results (+/- 2
    percent) from the 416 votes:
       - 20% Yes
       - 73% No
       -  7% Not sure
    
    * NEW INSTANT POLL: CREDIT CARD INFORMATION THEFT
       The next Instant Poll question is, "Have you or has your company
    experienced credit card information theft through the Internet?" Go to
    the Security Administrator Channel home page and submit your vote for
    a) I have experienced Internet credit card information theft, b) My
    company has experienced Internet credit card information theft, c)
    Both have experienced Internet credit card information theft, or d)
    Neither has experienced Internet credit card information theft through
    the Internet.
       http://www.secadministrator.com
    
    6. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: Why Do I Receive the Error Message "You May Not Remove the
    Local Logon Right from the Administrators Local Group" When I Edit
    User Rights?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. Before Microsoft developed the Microsoft Management Console (MMC)
    Active Directory Users and Computers snap-in, administrators used the
    User Manager for Domains tool to manage user accounts. You might still
    need to administer a Windows NT 4.0 domain from Windows 2000 or NT 4.0
    clients, which can lead to problems when you try to add or remove user
    accounts from the "Grant To" list in the User Rights Policy dialog box
    and result in the following error message:
    
    "You may not remove the local logon right from the Administrators
    local group. Doing so will disable all local administration of this
    computer."
    
    This error can result from the following conditions:
       - A Win2K Professional installation is running the NT 4.0
    Administration Tools. Win2K machines must run the Win2K Administration
    Tools (i.e., adminpak.msi) that come with Win2K Server.
    
       - The "Grant To" list you're attempting to modify contains a
    deleted user or group. To resolve this problem, you must log on to the
    PDC of the NT 4.0 domain and use the local User Manager for Domains
    tool to remove the deleted account or group from the "Grant To" list.
    
    7. ==== NEW AND IMPROVED ====
       (contributed by Judy Drennen, productsat_private)
    
    * END-TO-END SECURITY SOLUTION FOR SMALL AND LARGE ENTERPRISES
       Funk Software announced Odyssey, the first end-to-end 802.1x
    security solution that lets users securely access wireless LANs
    (WLANS) but can be easily and widely deployed and managed across an
    enterprise network. Odyssey includes client and server software. The
    product runs on Windows XP, Windows 2000, Windows Me, and Windows 98.
    Odyssey costs $2500, which includes the Odyssey Server and 25 Odyssey
    Client licenses. Standalone client licenses are available for $50
    each. Contact Funk Software at 800-828-4146.
       http://www.funk.com
    
    * BOOTABILITY ADDED TO USB 2.0 AND FIREWIRE
       CMS Peripherals announced the addition of complete system
    bootability for its USB 2.0 and FireWire Notebook and Desktop
    Automatic Backup System Plus (ABSplus) for Windows users. With the
    additional disaster-recovery capability, ABSplus users have for their
    computers data security that lets them quickly replace failed hard
    disks with the ABSplus hard disk. ABSplus runs on Windows XP, Windows
    2000, Windows NT, Windows Me, and Windows 9x. Prices start at $279.
    Contact CMS at 800-327-5773 or go to the Web site.
       http://www.cmsproducts.com
    
    8. ==== HOT THREADS ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: Mapping Drives Through ISA Server
       (Ten messages in this thread)
    
    Dave writes that when he accesses a VPN through a dial-up connection
    to Microsoft Internet Security and Acceleration (ISA) Server 2000, he
    can map drives to internal network machines by IP address, but when he
    tries to map drives using Network Neighborhood (by double-clicking a
    listed machine), he receives an "Access denied" error message. To read
    the responses or offer help, use the URL below.
       http://www.secadministrator.com/forums/thread.cfm?thread_id=83830
    
    9. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- vpattersonat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    
    MANAGE YOUR ACCOUNT
    You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    Thank you!
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jul 11 2002 - 06:44:13 PDT