[ISN] Windows & .NET Magazine Security UPDATE--October 22, 2003

From: InfoSec News (isn@private)
Date: Thu Oct 23 2003 - 00:41:50 PDT

  • Next message: InfoSec News: "[ISN] Security audit"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Exchange & Outlook Administrator
       http://list.winnetmag.com/cgi-bin3/DM/y/edIZ0CJgSH0CBw078G0Ah
    
    ====================
    
    1. In Focus: Keep Windows XP and SQL Server Secure
    
    2. Announcements
         - RSA Conference 2003, RAI Congress Centre, Amsterdam, November
           3-5, 2003
         - COMDEX Las Vegas 2003
    
    3. Security News and Features
         - Recent Security Vulnerabilities
         - News: Microsoft Releases XP Update Rollup 1, First Monthly
           Security Fixes
         - Review: 11 Port Enumerators
         - Feature: The Art of Interpreting Netstat
    
    4. Security Toolkit
         - Virus Center
             - Virus Alert: Esepor.A
         - FAQ: How Can I Stop Web Sites from Accessing My Local
           Clipboard?
         - Featured Thread: Possible Attempt to Compromise Security
    
    5. Event
         - The Secret Costs of Spam
    
    6. New and Improved
         - Enforce Your Password Policy
         - Tell Us About a Hot Product and Get a T-Shirt
    
    7. Contact Us
       See this section for a list of ways to contact us.
    
    ====================
    
    ==== Sponsor: Exchange & Outlook Administrator ====
       Get a Sample Issue of Exchange & Outlook Administrator
       Exchange & Outlook Administrator, the monthly print newsletter from
    Windows & .NET Magazine, gives you the in-depth articles you need to
    secure, maintain, and troubleshoot your messaging environment. Try an
    issue of Exchange & Outlook Administrator, and discover for yourself
    what our expert authors know that you don't. Click here!
       http://list.winnetmag.com/cgi-bin3/DM/y/edIZ0CJgSH0CBw078G0Ah
    
    ====================
    
    ==== 1. In Focus: Keep Windows XP and SQL Server Secure ====
       by Mark Joseph Edwards, News Editor, mark@private
    
    Three weeks ago, I mentioned in a news story (see the URL below) that
    Microsoft had released a copy of its Security Rollup Package 1 (SRP1)
    for Windows XP to beta testers. Late last week, the company released
    the package to the public, but under a different name. Update Rollup 1
    for Microsoft Windows XP is now available from the company's Windows
    Update Web site and through Microsoft Software Update Services (SUS).
       http://www.winnetmag.com/Articles/Index.cfm?articleID=40403
    
    Update Rollup 1 contains 22 hotfixes in one installable package. The
    Microsoft article "Update Rollup 1 for Windows XP Is Available" (URL
    below) describes the hotfixes the package contains and provides a link
    for direct package download. The standard version of the update is
    about 9MB in size and can be installed on XP systems that don't have
    Service Pack 1 (SP1); the smaller express version of the update
    requires SP1.
       http://support.microsoft.com/?kbid=826939
    
    Update Rollup 1 contains all the previously released security patches
    for XP, with a few important exceptions. Microsoft released seven new
    Security Bulletins last week regarding problems that affect Windows
    and Microsoft Exchange Server platforms. Five of the bulletins pertain
    to XP, and their accompanying patches didn't make it into the Update
    Rollup 1 package. So in addition to loading Update Rollup 1, you
    should consider loading the patches associated with Microsoft Security
    Bulletins MS03-041 (Vulnerability in Authenticode Verification Could
    Allow Remote Code Execution), MS03-042 (Buffer Overflow in Windows
    Troubleshooter ActiveX Control Could Allow Code Execution), MS03-043
    (Buffer Overrun in Messenger Service Could Allow Code Execution),
    MS03-044 (Buffer Overrun in Windows Help and Support Center Could Lead
    to System Compromise), and MS03-045 (Buffer Overrun in the ListBox and
    in the ComboBox Control Could Allow Code Execution) to completely
    update your XP systems. You can find details about those problems on
    our Web site at the URL below. Be sure to read the news item that I
    point to in Section 3 below for a few more details about Update Rollup
    1 as well as an interesting tidbit about the upcoming XP SP2.
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    If you manage Microsoft SQL Server platforms, you're probably glad
    that hotfixes for that platform aren't required nearly as often as for
    the underlying Windows OS. Even so, staying on top of the latest SQL
    security threats and vulnerabilities is important. Yahoo! Groups hosts
    a moderated SQL Server Security mailing list that was started in
    March, is open to anyone, and has 344 subscribers. The list traffic is
    low, so keeping up with it is easy. Instructions for joining are at
    the URL below.
       http://groups.yahoo.com/group/sqlserversecurity
    
    Last week, I wrote about Microsoft CEO Steve Ballmer's talk at the
    company's recent partner conference. I mentioned that Microsoft would
    continue to support Windows 2000 systems with SP2 and Windows NT
    Workstation 4.0 with SP6a until June 2004. A few readers found that
    statement confusing and wondered whether Microsoft would no longer
    support Win2K after next June.
    
    That's certainly not the case, and I offer my apologies for the
    confusion. To clarify the matter, Win2K with SP2 will in fact become
    unsupported. However, two other service packs (SP3 and SP4) have
    followed SP2. To continue receiving support, Win2K users must upgrade
    their systems to one of the newer service packs.
    
    ==== 2. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    RSA Conference 2003, RAI Congress Centre, Amsterdam, November 3-5,
    2003
       Whether you are deploying, developing, or investigating data
    security or cryptography products, make sure you attend Europe's
    leading information security conference and exhibition! To register or
    for more information, please click here.
       http://list.winnetmag.com/cgi-bin3/DM/y/edIZ0CJgSH0CBw0BDE80Ay
    
    COMDEX Las Vegas 2003
       At COMDEX, you'll have the opportunity to learn the ins and outs of
    the most prominent platform of the enterprise, data center, and
    desktop. Key elements include in-depth sessions on Windows Server
    2003, Exchange Server 2003, reducing spam with Exchange Server 2003
    and Outlook 2003. Come to Las Vegas this November 16-20 and take
    charge.
       http://list.winnetmag.com/cgi-bin3/DM/y/edIZ0CJgSH0CBw0BDIG0AJ
    
    ====================
    
    ==== Sponsor: Virus Update from Panda Software ====
    
       Check for the latest anti-virus information and tools, including
    weekly virus reports, virus forecasts, and virus prevention tips, at
    Panda Software's Center for Virus Control.
       http://list.winnetmag.com/cgi-bin3/DM/y/edIZ0CJgSH0CBw0BBlT0A4
    
       Viruses routinely infect "fully protected" networks. Is total
    protection possible? Find answers in the free guide HOW TO KEEP YOUR
    COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
    networks, what they do, and the most effective weapons to combat them.
    Protect your network effectively and permanently - download today!
       http://list.winnetmag.com/cgi-bin3/DM/y/edIZ0CJgSH0CBw0BBDp0Ar
    
    ====================
    
    ==== 3. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.secadministrator.com/articles/index.cfm?departmentid=752
    
    News: Microsoft Releases XP Update Rollup 1, First Monthly Security
    Fixes
       Microsoft unveiled Update Rollup 1 for Windows XP (an integrated
    set of the critical security fixes and other software updates released
    since XP Service Pack 1--SP1) and the first set of monthly security
    fixes for various Windows versions in accordance with the company's
    recent decision to switch to more predictable product updates. XP
    Update Rollup 1 is a response, of sorts, to customer complaints that
    arose in the wake of news that the software giant was delaying XP SP2
    from late 2003 to early 2004; customers had asked the software giant
    for an easier way to install the cavalcade of security patches that
    have been released since last year's XP SP1.
       http://secadministrator.com/articles/index.cfm?articleid=40541
    
    Review: 11 Port Enumerators
       One of the most frequently fielded questions among security
    analysts is, "Do I have a Trojan horse program if I've found a port
    open on my computer?" Variations of this question litter security
    mailing lists, but the answer is always the same: Trace the port
    number to the program that's opening the port, and investigate the
    program. The process of tracing an open port to its causative agent is
    called port enumeration (or port mapping). Of course, the answer
    assumes that you have an adequate understanding of port numbers, a
    good port-enumeration tool, and the ability to research whether the
    found program is malicious. Roger A. Grimes takes a look at port
    enumeration in general, then reviews 11 Windows port enumerators.
       http://secadministrator.com/articles/index.cfm?articleid=40313
    
    Feature: The Art of Interpreting Netstat
       Reading Netstat's five-column output is something of an art. Roger
    A. Grimes explains Netstat's output and lends some insight into how to
    interpret the data.
       http://secadministrator.com/articles/index.cfm?articleid=40316
    
    ==== 4. Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    Virus Alert: Esepor.A
       Esepor.A is a Trojan horse program that downloads a file from the
    Internet. This file adds a plugin to Microsoft Internet Explorer (IE)
    that displays advertisements of adult content without the user's
    permission. For more information about this Trojan horse, be sure to
    read Panda's report:
       http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=41222
    
    FAQ: How Can I Stop Web Sites from Accessing My Local Clipboard?
       contributed by John Savill, http://www.windows2000faq.com
    
    A. The dynamic HTML component in Microsoft Internet Explorer (IE) 5.0
    and later lets Web sites access and write to the clipboard unless you
    use the High security setting. To avoid having to use the High
    security setting, perform the following steps:
    
       1. Start IE.
       2. From the Tools menu, select Internet Options.
       3. Select the Security tab.
       4. Select Internet, then click Custom Level.
       5. Scroll down to the Scripting section.
       6. Under "Allow paste operations via script," set to Disable or
    Prompt, then click OK.
       7. Close all dialog boxes.
    
    You should perform the same steps for the "Restricted sites" zone and
    any other security zones you think you might need (e.g., the "Local
    intranet" zone).
    
    Featured Thread: Possible Attempt to Compromise Security
       (19 messages in this thread)
    A forum user writes that his network runs Windows XP Professional
    Edition with Service Pack 1 (SP1), Microsoft Office XP with SP1,
    Windows 2000 Server with SP3, Exchange 2000 Server with SP3, and
    Internet Security and Acceleration (ISA) Server 2000 with SP1. A user
    on his network receives the message "The system detected a possible
    attempt to compromise security. Please ensure that you can contact the
    server that authenticated you" in Microsoft Word when the user
    attempts to browse a mapped network drive. The user can't access the
    server and his account is locked out. Lend a hand or read the
    responses:
       http://www.winnetmag.com/forums/categories/42/threadid/55214/55214.html
    
    ==== 5. Event ====
    
    The Secret Costs of Spam
       Do you really know spam's hidden costs? In this free Web seminar,
    you'll learn how to identify and quantify spam's costs by exploring
    how organizations define and combat spam, and how spam affects your
    bandwidth, storage, and server processing costs. Don't be left in the
    dark, register now!
       http://list.winnetmag.com/cgi-bin3/DM/y/edIZ0CJgSH0CBw0BDDl0Ap
    
    ==== 6. New and Improved ====
       by Jason Bovberg, products@private
    
    Enforce Your Password Policy
       Little cat Z released Password Defender 2.2c, a password-policy
    enforcement tool for Windows networks. Password Defender automates the
    steps a security consultant might take to enforce a Windows password
    policy. It combines password cracking (to find existing weak
    passwords) and password filtering (to prevent users from setting weak
    passwords in the future). Password Defender comes with a standard
    dictionary that contains millions of easily guessed passwords,
    including foreign-language words, jargon, and movie titles, and
    version 2.2c adds support for high-speed custom dictionaries, so you
    can define custom filters. The product is policy based, so you can
    apply different password-strength rules to different Windows 2000 or
    Windows NT groups. You can also schedule automatic password audits.
    For information about pricing, contact Little cat Z on the Web.
       http://www.littlecatz.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ===================
    
    ==== Sponsored Links ====
    
    CrossTec
       Free Download - NEW NetOp 7.6 - faster, more secure, remote support
       http://list.winnetmag.com/cgi-bin3/DM/y/edIZ0CJgSH0CBw0BBnb0AL
    
    MailFrontier
       Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.
       http://list.winnetmag.com/cgi-bin3/DM/y/edIZ0CJgSH0CBw0BCEC0AA
    
    ===================
    
    ==== 7. Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    This email newsletter is brought to you by Security Administrator, the
    print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
    today.
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
    
    __________________________________________________________
    Copyright 2003, Penton Media, Inc.
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Oct 23 2003 - 03:38:42 PDT