[ISN] Windows & .NET Magazine Security UPDATE--September 3, 2003

From: InfoSec News (isnat_private)
Date: Wed Sep 03 2003 - 22:33:47 PDT

  • Next message: InfoSec News: "[ISN] Universities Rush to Protect Networks"

    ==== This Issue Sponsored By ====
    Windows & .NET Magazine Network
    1. In Focus: Service Pack Maintenance with Scripts
    2. Security Risks
         - Buffer Overflow in Avant Browser for Windows
         - Buffer Overflow in Tullerian TftpdNT
    3. Announcements
         - For Security-Minded IT Pros: Windows & .NET Magazine
         - Special Offer from SQL Server Magazine
    4. Security Roundup
         - News: SoBig.F Slows, but SoBig.G Is Coming Soon
         - Feature: SOAP/XML Firewalls
    5. Instant Poll
         - Results of Previous Poll: The RPC/DCOM Worms
         - New Instant Poll: Rolling Out Service Packs
    6. Security Toolkit
         - Virus Center
         - FAQ: How Do I Determine Which Programs Access Files?
    7. Event
         - New--Mobile & Wireless Road Show!
    8. New and Improved
         - Lock Down Your Systems
         - Control Internet Access
         - Tell Us About a Hot Product and Get a T-Shirt!
    9. Hot Threads
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Security Patch Installation for MSBlaster
         - HowTo Mailing List
             - Featured Thread: Network Security?
    10. Contact Us
       See this section for a list of ways to contact us.
    ==== Sponsor: Windows & .NET Magazine Network ====
       If You Like This Email Newsletter...
       Then be sure to check out the Windows & .NET Magazine Network.
    You'll find page after page of problem-solving, time-saving articles
    plus other fantastic resources like our forums, Windows IT library,
    Download Central, and much, much more. Click here now!
    ==== 1. In Focus: Service Pack Maintenance with Scripts ====
       by Mark Joseph Edwards, News Editor, markat_private
    As you know, maintaining service pack levels and hotfixes on your
    systems is important. Many factors affect how and when you patch your
    systems. If you've tested your particular architecture and know that a
    given service pack or hotfix won't adversely affect operations, you
    still face the problem of how to roll out the service pack to all your
    systems, especially if some of your systems are mobile and connect
    only periodically.
    You can roll out patches various ways. You might use Microsoft Systems
    Management Server (SMS) with Software Update Services (SUS), SUS by
    itself, or any of several third-party service pack and
    hotfix-management tools. Also, you can ask users to patch their
    systems, or you might patch systems manually. Clearly, however,
    automation is the most effective rollout approach.
    One efficient way to handle patch management is by using Group Policy
    and scripts. You can use scripts to check a system's patch levels,
    then use Group Policy to cause systems to load patches--for example,
    if a system doesn't have a given patch installed. To use this
    approach, you need some level of proficiency in writing script code,
    which isn't hard to achieve but does require some time and focus.
    Patrick Goodwin, who reads the HowTo Mailing List(see the URL below),
    recently offered readers a startup boot script that he uses to help
    automate service pack installation. (Goodwin's employee, Chi Kin To
    wrote the script.) The script checks the OS type and service pack
    level against presets written into the script code. If the system
    doesn't meet conditions (e.g., Windows 2000 Service Pack 4--SP4--isn't
    installed), the script places that computer in a service pack
    installation group (a Group Policy Object--GPO). The original script
    creates a second script on the system that schedules a system reboot
    at a predetermined time (e.g., in the middle of the night when no one
    uses the system). When the system reboots, the system downloads and
    installs a copy of the service pack. When the same script runs again
    and determines that the system has the specified service pack
    installed, the script moves that system out of the service pack
    installation group.
    Depending on your particular situation, you might find this script
    handy. You might also consider modifying the code to fit another task
    or purpose. Also, if you want to learn scripting techniques, the
    script serves as a good example of how to perform various actions,
    such as determining an OS type, service pack level, and GPO
    membership. You can access the script to examine or use in the HowTo
    for Security mailing list archives (see the first URL below). At the
    second URL below, you'll find another version of the script (Chi Kin
    To also wrote this version), which has additional code that checks a
    machine's IP address to make sure it's connected to the local subnets
    before any actions are performed. This check might be helpful for
    systems connected over slow WAN links. The IP address check can ensure
    that the script doesn't cause that system to try to download a huge
    service pack file over a slow link.
    You can get a head start on script writing by searching for ready-made
    scripts on the Internet, by learning about scripting techniques in
    various forums, and of course by reading the Windows Scripting
    Solutions newsletter. (You can learn more about our scripting forum
    and newsletter at the URLs below.)
    ==== 2. Security Risks ====
       contributed by Ken Pfeil, kenat_private
    Buffer Overflow in Avant Browser for Windows
       "Nimber" discovered a buffer-overflow condition in Avant Browser
    8.02 for Microsoft Internet Explorer (IE). By causing a user to click
    on a URL that's longer than 780 characters, an attacker can cause the
    Web browser to crash. Avant Browser has been notified.
    Buffer Overflow in Tullerian TftpdNT
       A buffer-overflow condition in Tellurian TftpdNT Server 1.8 for
    Windows NT and Windows 9x can result in the execution of arbitrary
    code on the vulnerable system. This overflow occurs in the product's
    parsing of a filename. Tellurian has released version 2.0, which isn't
    vulnerable to this condition.
    ==== Sponsor: Virus Update from Panda Software ====
       Check for the latest anti-virus information and tools, including
    weekly virus reports, virus forecasts, and virus prevention tips, at
    Panda Software's Center for Virus Control.
       Viruses routinely infect "fully protected" networks. Is total
    protection possible? Find answers in the free guide HOW TO KEEP YOUR
    COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
    networks, what they do, and the most effective weapons to combat them.
    Protect your network effectively and permanently - download today!
    ==== 3. Announcements ====
       (from Windows & .NET Magazine and its partners)
    For Security-Minded IT Pros: Windows & .NET Magazine Connections
       Have you ever been hacked? Are Windows Server 2003's improved
    security features worth the migration effort? Want to stop spam? Learn
    the answers to these questions and more at Windows & .NET Magazine
    Connections. Stay competitive by investing your time in the latest
    technologies, tips, and tricks. Register today, save money, and
    receive access to concurrently running Exchange Connections.
    Special Offer from SQL Server Magazine
       SQL Server Magazine presents the SQL Server Technical Education
    Package, including a 1-year print subscription to SQL Server Magazine,
    full SQL Server Magazine Web site access, and a 1-year subscription to
    the SQL Server Magazine Master CD (2 CDs), for only $39.95! Click here
    for this incredible limited-time offer!
    ==== 4. Security Roundup ====
    News: SoBig.F Slows, but SoBig.G Is Coming Soon
       SoBig.F, the fastest-spreading email virus in history, has slowed
    down somewhat, but security experts warn that replicated viruses could
    launch a new wave of attacks soon. SoBig.F's creator designed the
    virus to unleash two broad attacks, either of which could have
    temporarily crippled the Internet, but security experts were able to
    protect against the assaults, rendering them ineffective. Before the
    virus expires on September 10, it will try one more broad attack,
    according to people who have examined its source code.
    Feature: SOAP/XML Firewalls
       Web services are already a reality for many organizations and are
    just around the corner for most of the rest of us. Web services rely
    heavily on Simple Object Access Protocol (SOAP) and XML technologies
    to tie heterogeneous business systems together. However, SOAP and XML
    expose a new attack surface in your organization that could
    potentially let intruders penetrate to the core of your crucial
    business systems. Packet-level firewalls can't help you secure Web
    services traffic because they can't detect SOAP and XML traffic. For
    example, because SOAP typically uses HTTP or SMTP, it easily passes
    through traditional firewalls--a phenomenon known as the port 80
    problem. So, just when you thought firewalls had matured and you could
    move on to other security concerns, a new kind of firewall has
    appeared: the SOAP/XML firewall. Randy Franklin Smith explores this
    new segment of the firewall market and its key players.
    ==== Hot Release ====
       Get Thawte's New Step-by-Step SSL Guide for MSIIS
       In this guide you will find out how to test, purchase, install and
    use a Thawte Digital Certificate on your MSIIS web server. Throughout,
    best practices for set-up are highlighted to help you ensure efficient
    ongoing management of your encryption keys and digital certificates.
    Get your copy of this new guide now:
    ==== 5. Instant Poll ====
    Results of Previous Poll: The RPC/DCOM Worms
       The voting has closed in Windows & .NET Magazine's Security
    Administrator Channel nonscientific Instant Poll for the question,
    "Now that remote procedure call (RPC)/Distributed COM (DCOM) worm
    variants have appeared, have they affected your network or systems?"
    Here are the results from the 295 votes.
       - 29% Yes
       - 14% No--We patched against it
       - 47% No--We patched and used other defenses
       - 10% No--We used other defenses, but not the patch
    New Instant Poll: Rolling Out Service Packs
       The next Instant Poll question is, "What is your primary method of
    rolling out service packs?" Go to the Security Administrator Channel
    home page and submit your vote for a) Software Update Services (SUS)
    by itself, b) Systems Management Server (SMS), or SMS with SUS, c)
    Scripts and/or Group Policy, d) Windows automatic updates, or e)
    Third-party tools.
    ==== 6. Security Toolkit ====
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
    FAQ: How Do I Determine Which Programs Access Files?
       contributed by Randy Franklin Smith, rsmithat_private
       Your security setup provides enough information to determine which
    program accesses a file, but the client/server nature of file sharing
    reduces the value of the information. When someone accesses a file on
    your server, Windows 2000 logs event ID 560 (success audit: object
    open) to the Security log. Event ID 560 informs you that EXAMPLE\tom
    opened C:\junk\junk.txt for Read access at 4:22:20 p.m. on June 10.
    Event ID 560 also identifies the executable that Tom used to open the
    file and the logon session in which the access occurred. You just need
    to do a little translation. For complete details about interpreting
    Security log information, including screen shots that help you
    understand, read the rest of this FAQ on our Web site.
    ==== 7. Event ====
    New--Mobile & Wireless Road Show!
       Learn more about the wireless and mobility solutions that are
    available today! Register now for this free event!
    ==== 8. New and Improved ====
       by Sue Cooper, productsat_private
    Lock Down Your Systems
       CE-Infosys released CompuSec 4.15, system security freeware.
    CompuSec protects your desktops and notebooks from unauthorized access
    with two-part authentication; encrypts your hard drive and the files
    and folders on your local, network, and floppy drives; and provides
    secure storage for your access keys. New features include single
    sign-on (SSO), advanced handling of removable media and drives, and
    the ability to boot from alternate drives. CompuSec 4.15 supports
    Windows XP/2000 and will support Windows Me/98 in the near future.
    Contact CE-Infosys on the company Web site.
    Control Internet Access
       Codework announced Browse Control 1.4, Internet access control
    software that helps you restrict inappropriate surfing and enforce
    usage policies. The application can restrict access to sites that you
    specify, completely block Internet access, or restrict access to
    specific times of the day. Application blocking is a new feature that
    lets you create a blacklist of applications that users aren't
    permitted to launch. Browse Control 1.4 traps applications by using
    the internal Windows name for each package, so users can't circumvent
    this feature by renaming .exe files. You can locate local Codework
    offices at http://www.codework.com/contact.html.
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshotat_private
    ==== 9. Hot Threads ====
    Windows & .NET Magazine Online Forums
    Featured Thread: Security Patch Installation for MSBlaster Worm
       (Three messages in this thread)
    A user writes that he runs three Novell NetWare servers (NetWare 5.1
    with Service Pack 6--SP6) with about 900 Windows NT 4.0 SP6 and
    Windows 2000 SP2 clients. The MSBlaster worm has hit his network, and
    he has since downloaded Microsoft security patches. However, because
    of the size of his network, he wants to know an easy way to deploy the
    patches--without having to physically visit each machine. Lend a hand
    or read the responses:
    HowTo Mailing List
    Featured Thread: Network Security?
       (Seven messages in this thread)
    A user writes that he's looking for a product that will control who
    can access his network--and will alert him if someone plugs a laptop
    or other device into the network. He wonders whether anyone can
    recommend such a product. Lend a hand or read the responses:
    ==== Sponsored Links ====
    Aelita Software
       Free message-level Exchange recovery web seminar October 9th
       Free Download - NEW NetOp 7.6 - faster, more secure, remote support
       Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.
    ==== 10. Contact Us ====
    About the newsletter -- lettersat_private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- productsat_private
    About your subscription -- securityupdateat_private
    About sponsoring Security UPDATE -- emedia_oppsat_private
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
    Thank you!
    Copyright 2003, Penton Media, Inc.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Sep 04 2003 - 01:25:58 PDT