[ISN] Windows & .NET Magazine Security UPDATE--June 11, 2003

From: InfoSec News (isnat_private)
Date: Thu Jun 12 2003 - 00:38:53 PDT

  • Next message: InfoSec News: "[ISN] IDS: What Lies Ahead?"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Shavlik Technologies
    http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw076e0A1
    
    Windows & .NET Magazine
    http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw06cX0AX
    
    ====================
    
    1. In Focus: Windows 2003 Patches; Responsible Vulnerability Reporting
    
    2. Security Risks
         - Buffer Overruns in IE
    
    3. Announcements
         - Get Exclusive VIP Web Site Access!
         - Learn 10 Ways to Deal with Spam!
    
    4. Security Roundup
         - News: Windows & .NET Magazine Names TechEd 2003 Best of Show
           Winners
         - News: Microsoft Adds New Security Certification Program
         - News: Microsoft and VeriSign Partner on PKI
         - Feature: IPSec Enhancements for XP and Win2K
    
    5. Instant Poll
         - Results of Previous Poll: Windows Update and SUS
         - New Instant Poll: Certifications and Hiring
    
    6. Security Toolkit
         - Virus Center
            - Virus Alert: Bugbear.B
         - FAQ: How Do I Ensure that GPOs Are Applied When I Move a
           Computer to a New OU?
    
    7. Event
         - Security 2003 Road Show
     
    8. New and Improved
         - Secure Your PC
         - Token User Authentication
         - Submit Top Product Ideas
    
    9. Hot Thread
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Blocking KaZaA
    
    10. Contact Us
       See this section for a list of ways to contact us.
    
    ====================
    
    ==== Sponsor: Shavlik Technologies ====
    
    Shavlik HFNetChkPro - Get 20% off in June!
       Buy HFNetChkPro in June and receive 20% off! Shavlik HFNetChkPro
    4.0, the leader in automated patch management, assesses your network
    for missing security patches and automatically deploys patches, saving
    you thousands of hours. It includes loads of features that save time
    for busy security professionals while offering greater enterprise
    security. HFNetChkPro 4.0 automates patch remediation for Microsoft
    Office, Windows Server 2003, Exchange, SQL, Outlook, Java Virtual
    Machine and more. Now's the time to download our free HFNetChkLT
    version at www.shavlik.com and take a test drive!
       http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw076e0A1
    
    ====================
    
    ==== 1. In Focus: Windows 2003 Patches; Responsible Vulnerability
    Reporting ====
       by Mark Joseph Edwards, News Editor, markat_private
    
    You're probably aware by now that Microsoft recently released security
    patches for Internet Explorer (IE) 6.0, IE 5.5, and IE 5.01, including
    IE 6.0 for Windows Server 2003. The problems relate to unchecked
    buffers that could let arbitrary code execute on a user's machine.
    Patching your machines against these problems is probably critical.
    You can read about the problems in the article, "Buffer Overruns in
    IE," in this issue of Security UPDATE.
    
    The patch represents the first for the new Windows 2003 OS, and it
    came less than 2 months after the initial release. It's good to know
    that the company has taken care of that particular problem quickly,
    but apparently another patch for the new OS might be necessary soon.
    
    According to SecurityFocus, a user reported that Windows systems might
    be vulnerable to Denial of Service (DoS) attacks under certain
    conditions. If a Windows 2003, Windows XP, or Windows 2000 system has
    IP version 6 (IPv6) enabled, an attacker might be able flood the
    server with Internet Control Message Protocol (ICMP) packets resulting
    in a DoS condition for the target system.
       http://www.securityfocus.com/bid/7788
    
    Microsoft is undoubtedly aware of the problem, but at the time of this
    writing, the company hasn't released a bulletin or patch. The problem
    is probably moderate and won't affect a huge number of systems because
    IPv6 isn't as widely deployed as IPv4. Nevertheless, we can probably
    expect Microsoft to issue a patch soon. Both the recently patched
    problems with IE and this DoS problem point out that faults found in
    code used across multiple versions of products families will, more
    often than not, carry over into the Windows 2003 OS, as has been the
    case with previous product versions.
    
    Speaking of newly reported vulnerabilities, the Organization for
    Internet Safety (OIS) has finally released its long-awaited draft
    proposal that outlines a process that security researchers and vendors
    can use to coordinate their efforts to patch security vulnerabilities.
    
    You recall that in 2001, Guardent, Foundstone, BindView, @stake, and
    Internet Security Systems (ISS) established OIS, which now counts the
    SCO Group, Network Associates, Oracle, and Symantec among its members.
    The group initially submitted a draft proposal to the Internet
    Engineering Task Force (IETF) as a Request for Comments (RFC).
    However, the IETF decided its forum wasn't suited for guideline
    proposals about responsible reporting. So the group struck out on its
    own to finish its draft, "Security Vulnerability Reporting and
    Response Process," now available to the public at the URL below.
       http://www.oisafety.org/resources.html
    
    According to an OIS press release, the draft "provides specific,
    prescriptive guidance that establishes a framework in which
    researchers and vendors can collaborate to improve the speed and
    quality of security investigations, thereby helping better protect
    Internet users and infrastructure." OIS is offering a period of time
    (until July 7) for the public to provide its own commentary about the
    draft. According to OIS, it will respond to the comments as best it
    can and post the comments to its Web site for everyone to read
    (excluding the commentators' personal contact information, of course).
    
    The draft proposal suggests that researchers not disclose their
    findings to the public until either a patch is released or researchers
    have exhausted their efforts to interact with a vendor and have
    reached an irreconcilable impasse. Symantec is a member of OIS and
    also owns SecurityFocus along with various mailing lists now
    associated with SecurityFocus, including the popular BugTraq list.
    
    Historically, BugTraq has offered researchers a place to openly reveal
    any information they feel necessary, including demonstration code,
    even if that code could lead to exploitation of a given vulnerability.
    SecurityFocus also operates a mailing list called Vuln-Dev, in which
    researchers can and do discuss possible security problems with various
    products. The discussions sometimes include code used to test
    particular would-be security problems and sometimes include
    considerable detail about researcher findings.
    
    I wonder whether the OIS proposal, which Symantec obviously supports,
    will eventually affect the operation of those mailing lists and other
    mailing lists operated by other entities? We'll have to wait and see.
    
    One final note about vulnerabilities: Be sure your systems are
    protected against the Bugbear.B worm. It's a nasty one. You can learn
    more about it in the associated "Virus Alert" in this issue of the
    newsletter.
    
    Correction: In last week's Security UPDATE commentary, ".html" was
    omitted from the URL given for more information about Bayesian
    filtering. The correct URL is
       http://www.paulgraham.com/articles.html
    
    ====================
    
    ==== Sponsor: Windows & .NET Magazine ====
    
    Insider's Guide to IT Certification eBook
       Get the eBook that will help you get certified!  The "Insider's
    Guide to IT Certification," from the Windows & .NET Magazine Network,
    has one goal: to help you save time and money on your quest for
    certification. Find out how to choose the best study guides, save
    hundreds of dollars, and be successful as an IT professional. The
    amount of time you spend reading this book will be more than made up
    by the time you save preparing for your certification exams. Order
    your copy today!
       http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw06cX0AX
    
    ====================
    
    ==== 2. Security Risks ====
       contributed by Ken Pfeil, kenat_private
    
    Buffer Overruns in IE
       eEye Digital Security discovered two new vulnerabilities in
    Microsoft Internet Explorer (IE) that can result in the execution of
    arbitrary code on the vulnerable system. The vulnerabilities are a
    buffer-overrun vulnerability that results from IE improperly
    determining an object type a Web server returns and a condition in
    which IE doesn't implement an appropriate block on a file-download
    dialog box. Microsoft has released Security Bulletin MS03-020
    (Cumulative Patch for Internet Explorer) to address these
    vulnerabilities and recommends that affected users immediately apply
    the appropriate patch mentioned in the bulletin.
       http://www.secadministrator.com/articles/index.cfm?articleid=39227
    
    ==== 3. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Get Exclusive VIP Web Site Access!
         The Windows & .NET Magazine VIP Site is a subscription-based
    online technical resource that's chock-full of problem-solving
    articles from all our publications. For a limited time, you can access
    this banner-free site at which you'll find exclusive content usually
    reserved for VIP Site members only. Only VIP subscribers can access
    this site after June 13, so check it out today!
       http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw05Ih0AM
    
    Learn 10 Ways to Deal with Spam!
       In this audiocast event, you'll discover simple but effective ways
    to fight spam, plus learn the common tricks spammers use to get your
    email address. You'll also receive a free white paper from NetIQ about
    controlling spam and the chance to download a free trial of NetIQ
    MailMarshal SMTP. Register today!
       http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw0BAjG0Ae
    
    ==== 4. Security Roundup ====
    
    News: Windows & .NET Magazine Names TechEd 2003 Best of Show Winners
       Windows & .NET Magazine named Best of Show products in seven
    categories as well as an overall winner at TechEd 2003 in Dallas.
    Michele Crockett, Windows & .NET Magazine editor, presented awards to
    Windows technology vendors and announced an overall Best of Show
    winner. The field included more than 211 entries, and the judges
    evaluated products based on their strategic importance in the market,
    the competitive advantage they offer, and their value to the customer.
       http://www.secadministrator.com/articles/index.cfm?articleid=39225
    
    News: Microsoft Adds New Security Certification Program
       Microsoft announced that it will offer a new security
    specialization program under its Microsoft Certified Systems
    Administrator (MCSA) and Microsoft Certified Systems Engineer (MCSE)
     credentials.
       http://www.secadministrator.com/articles/index.cfm?articleid=39214
    
    News: Microsoft and VeriSign Partner on PKI
       Microsoft and VeriSign announced plans to extend interoperability
    between Windows Server 2003 and VeriSign's Managed PKI Services.
       http://www.secadministrator.com/articles/index.cfm?articleid=39213
    
    Feature: IPSec Enhancements for XP and Win2K
       Until recently, Microsoft platforms didn't support the use of Layer
    Two Tunneling Protocol (L2TP) connections in combination with Network
    Address Translation (NAT). To improve the interoperability of Windows
    XP and Windows 2000 systems with Windows Server 2003 systems,
    Microsoft recently released an update for XP and Win2K platforms that
    lets clients create secure IP Security (IPSec) connections to a
    Windows 2003 server when the clients are behind a firewall or a router
    running NAT. Read more about the update in this article on our Web
    site.
       http://www.winnetmag.com/windowsserver2003/index.cfm?articleid=39166
    
    ==== 5. Instant Poll ====
    
    Results of Previous Poll: Windows Update and SUS
       The voting has closed in Windows & .NET Magazine's Security
    Administrator Channel nonscientific Instant Poll for the question, "Do
    you use either Windows Update or Software Update Services (SUS)?" Here
    are the results from the 239 votes.
       - 67% Yes
       - 10% Yes--We also use a third-party update tool
       - 18% No
       -  5% No--We use only a third-party update tool
    
    New Instant Poll: Certifications and Hiring
       The next Instant Poll question is, "Does your company hire IT
    administrators based on certifications?" Go to the Security
    Administrator Channel home page and submit your vote for a) We hire
    based largely on certifications, b) We hire based on certifications
    and experience, c) We consider certifications secondary to work
    experience, or d) We hire based only on proven experience.
       http://www.secadministrator.com
    
    ==== 6. Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    Virus Alert: Bugbear.B
       A new and dangerous worm, Bugbear.B, is spreading rapidly through
    email and network shares. The email messages used to spread the worm
    use random subjects and random file attachment names. The worm can be
    triggered by simply viewing the message in a Microsoft Outlook preview
    pane if the user's system isn't configured for tight security and
    doesn't have the proper security patches installed. The worm tries to
    disable various pieces of security-related software, installs Trojan
    horse software, and logs keystrokes. For more details about the worm,
    be sure to visit the URL below.
       http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=39823
    
    FAQ: How Do I Ensure that GPOs Are Applied When I Move a Computer to a
    New OU?
       by Randy Franklin Smith, rsmithat_private
    
    A. You don't have to create computer accounts in the correct
    organizational unit (OU) from the beginning; you can move accounts
    from OU to OU at any time and expect new Group Policy Objects (GPOs)
    to take effect. However, a computer checks the path of the OU in which
    it resides only at boot-up. After that, whenever the computer
    reapplies Group Policy, it simply checks to see whether the GPOs
    applied previously have changed. If you move the computer to a new OU,
    the computer doesn't recognize the move until the next reboot.
    Therefore, GPOs linked to the computer's new OU won't take effect
    until you reboot the computer.
    
    ==== 7. Event ====
    
    Security 2003 Road Show
       Join Mark Minasi and Paul Thurrott as they deliver sound security
    advice at our popular Security 2003 Road Show event.
       http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw07Kz0Ai
    
    ==== 8. New and Improved ====
       by Sue Cooper, productsat_private
    
    Secure Your PC
       SOFTWIN released BitDefender Professional 7.0 to provide antivirus,
    active content control, Internet filtering, and data confidentiality
    for Windows systems. The software blocks malicious applications,
    specified URLs, ports, and IPs--and lets you to block ActiveX, Java
    Applets, or Java Script code based on your configurations. BitDefender
    alerts you if your system settings let inappropriate codes run or if
    an application is trying to access the Internet. It filters incoming
    and outgoing cookie-type files to preserve your confidentiality and
    filters against viruses transmitted through Instant Messaging (IM)
    software. BitDefender Professional 7.0 is available in four languages;
    you can download it from the Web site listed below. The software runs
    on Windows XP/2000/NT/Me/98. Prices start at $44.95 for a single
    license. Contact SOFTWIN at salesat_private
       http://www.bitdefender.com
    
    Token User Authentication
       Pointserve Data launched Passholder, which provides two-factor
    authentication (i.e., based on something you have and something you
    know) for your users. The software resides on a cryptographically
    protected secure USB token. The token (instead of the PC) can store a
    users' name, domain, and corporate and personal passwords, which users
    can retrieve when needed with their user PIN number. The token can
    also store digital certificates. You can decide whether users will
    manually update their Windows password to the token or whether
    Passholder will automatically generate and update the password without
    user intervention to comply with corporate security policy. Passholder
    supports Windows XP/2000/NT. Contact Pointserve at
    salesat_private or on the company's Web site.
       http://www.passholder.net
    
    Submit Top Product Ideas
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    ==== 9. Hot Thread ====
    
    Windows & .NET Magazine Online Forums
       http://www.winnetmag.com/forums
    
    Featured Thread: Blocking KaZaA
       (Three messages in this thread)
    
    A user writes that he has a network environment of 30 sites and wants
    to block the use of KaZaA. He wants to know the best way to go about
    blocking peer-to-peer (P2P) file sharing on his networks. Lend a hand
    or read the responses:
       http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=59679
    
    ==== Sponsored Link ====
    
    FaxBack
       Integrate FAX into Exchange/Outlook (Whitepaper, ROI, Trial)
       http://list.winnetmag.com/cgi-bin3/DM/y/eRJb0CJgSH0CBw0BAgm0AF
    
    ===================
    
    ==== 10. Contact Us ====
    
    About the newsletter -- lettersat_private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- productsat_private
    About your subscription -- securityupdateat_private
    About sponsoring Security UPDATE -- emedia_oppsat_private
    
    ====================
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
    today.
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
    Thank you!
    __________________________________________________________
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jun 12 2003 - 03:08:50 PDT