[ISN] Windows & .NET Magazine Security UPDATE--November 19, 2003

From: InfoSec News (isn@private)
Date: Wed Nov 19 2003 - 22:07:41 PST

  • Next message: InfoSec News: "Re: [vor] Re: [ISN] Symantec CEO Warns of Drop in Internet Use"

    ====================
    
    ==== This Issue Sponsored By ====
    Shavlik: Free Security Patch Management Software
       http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw0BDoF0Ak
    
    Microsoft Security Solutions
       http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw0BDoI0An
    
    ====================
    
    1. In Focus: Get a Head Start on Planning an XP SP2 Rollout
    
    2. Announcements
         - Attend Black Hat Briefings 2004
         - 2004 Date Announced: Windows & .NET Magazine Connections
    
    3. Security News and Features
         - Recent Security Vulnerabilities
         - News: Global Council of CSOs
         - News: Microsoft Patch Day, Take Two
         - Feature: Protecting SMTP Traffic with TLS
    
    4. Security Toolkit
         - Virus Center
             - Virus Alert: Webber.C
         - FAQ: What's the Windows Server 2003 Volume Shadow Copy Service
           (VSS)?
         - Featured Thread: Port Filtering on NT Server 4.0
    
    5. Event
         - Have You Checked Out Windows & .NET Magazine's Archived Web
           Seminars Lately?
    
    6. New and Improved
         - Sixth Layer of Protection for RemotelyAnywhere 5.0
         - Spam Prevention
         - Tell Us About a Hot Product and Get a T-Shirt
    
    7. Contact Us
       See this section for a list of ways to contact us.
    
    ====================
    
    ==== Sponsor: Shavlik: Free Security Patch Management Software ====
       Install the latest critical Microsoft security patches MS03-048
    through MS03-051 today with HFNetChkPro. A free, fully functional, no
    time-out version of HFNetChkPro is available to help you automate the
    delivery and testing of these critical patches. HFNetChkPro offers
    unlimited scanning, a complete GUI and Shavlik's exclusive PatchPush
    capabilities. Save time on patch deployment, ensure systems are fully
    protected and safeguard your systems from remote code execution,
    identity spoofing, arbitrary code execution and other attacks. It's
    free, and it simplifies patch management without agents. Learn more
    and download the free version of HFNetChkPro at
       http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw0BDoF0Ak
    
    ====================
    
    ==== 1. In Focus: Get a Head Start on Planning an XP SP2 Rollout ====
       by Mark Joseph Edwards, News Editor, mark@private
    
    Several weeks ago, I discussed the upcoming Service Pack 2 (SP2) for
    Windows XP, which will include OS enhancements that improve security
    for networking, memory, email, and Web browsing. More detailed
    information is now available about the changes to networking and
    memory, and some changes in SP2 will affect applications, so
    developers and administrators will need to be aware of the changes.
    
    Changes to the network will include modifications to Internet
    Connection Firewall (ICF), the remote procedure call (RPC) interface,
    and Distributed COM (DCOM). ICF will be modified so that it starts
    much earlier during the boot sequence. This way, the network stack
    won't be active for a window of time when the ICF isn't. ICF will also
    include an application white list that will help automate access-port
    provisioning. ICF will also include support for RPC traffic, such as
    file sharing and remote administration traffic, and a new shielded
    mode that can prevent unsolicited inbound traffic from entering the
    system.
    
    RPC has been a sore spot in Windows for quite some time, presenting a
    few dangerous security holes that have been exploited to the dismay of
    countless users around the world. SP2 will improve RPC by eliminating
    remote anonymous access to RPC interfaces by default and requiring NT
    LAN Manager (NTLM) authentication for connections. As a result, you'll
    need to modify RPC-based client software.
    
    Microsoft will change DCOM behavior in SP2 so that computerwide
    restrictions as well as granular COM permissions exist. A new ACL
    check will be introduced for activation, launch, and calls to COM
    servers and will be configurable through the Microsoft Management
    Console (MMC) Component Services snap-in. The new computerwide
    restrictions will cause a computerwide ACL check (in addition to
    server-specific ACL checks) before a COM action is allowed on that
    computer. Microsoft doesn't anticipate that the new restrictions and
    permissions will require modifications to software, but configuration
    adjustments might be required.
    
    In addition to the standard anonymous COM calls that XP permits, SP2
    will introduce four new rights: remote launch, local launch, remote
    activate, and local activate. The rights require authentication, and
    you'll need to modify ACLs if you implement the rights. The new rights
    allow for backward compatibility with existing software that relies on
    default COM security settings.
    
    SP2 also introduces support for execution protection features built
    into some processors. The SP2 capability, called "no execute" (NX),
    will mark some memory space (i.e., the heap, stacks, and memory pools)
    as nonexecutable space. This action will help protect systems against
    buffer overruns, which worms such as MSBlaster have used to compromise
    systems. Microsoft said that in the case of MSBlaster, NX would have
    caused the system to generate a memory access violation and terminate
    the process. A Denial of Service (DoS) condition would have been
    created; however, the worm couldn't have spread to other systems.
    Currently only AMD's K8 processor and Intel's Itanium processors have
    execution protection features.
    
    Microsoft has said it will also improve the security of Outlook
    Express and Windows Messenger so that attached files will become
    isolated and less prone to breach system security. Microsoft Internet
    Explorer (IE) improvements will help mitigate problems presented by
    malicious scripts, downloads, ActiveX controls, and spyware, which in
    many cases enters and is executed on a system without a user's
    awareness.
    
    You can read more information about SP2 in "Windows XP Service Pack 2:
    A Developer's View" at the URL below. Whether you're an administrator
    or a developer, be sure to check it out so that you have a head start
    on planning for an SP2 rollout.
    http://msdn.microsoft.com/library/en-us/dnwxp/html/securityinxpsp2.asp
    
    ====================
    
    ==== Sponsor: Microsoft Security Solutions ====
       Invest in the best network protection: Readiness.
       Introducing the Microsoft(R) Security Readiness Kit: This is your
    source for creating an enhanced risk-management plan. Visit
    http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw0BDoI0An
    to order your free kit.
    
    ====================
    
    ==== 2. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Attend Black Hat Briefings 2004
       Black Hat Windows Security 2004 Briefings & Training is January
    27-30, 2004, in Seattle. This is the world's premier Windows IT
    security event and is fully supported by Microsoft. Come for six
    tracks and eight 2-day training sessions. Register today!
       http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw0pHV0Az
    
    2004 Date Announced: Windows & .NET Magazine Connections
       Windows & .NET Magazine Connections will be held April 4 to 7,
    2004, in Las Vegas at the new Hyatt Lake Las Vegas Resort. Be sure to
    save these dates on your calendar. Early registrants will receive the
    greatest possible discount. For more information, call 203-268-3204 or
    800-505-1201 or go online at
       http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw0qSH0Ax
    
    ====================
    
    ==== Sponsor: Virus Update from Panda Software ====
       Check for the latest anti-virus information and tools, including
    weekly virus reports, virus forecasts, and virus prevention tips, at
    Panda Software's Center for Virus Control.
       http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw0BBlT0At
       Viruses routinely infect "fully protected" networks. Is total
    protection possible? Find answers in the free guide HOW TO KEEP YOUR
    COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
    networks, what they do, and the most effective weapons to combat them.
    Protect your network effectively and permanently - download today!
       http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw0BBDp0Ah
    
    ====================
    
    ==== 3. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    News: Global Council of CSOs
       Ten chief security officers (CSOs) of well-known corporations have
    banded together to form the new Global Council of CSOs. The council's
    purpose is to serve as a think tank to find ways to meet new
    challenges in information security.
       http://www.winnetmag.com/article/articleid/40845/40845.html
    
    News: Microsoft Patch Day, Take Two
       Making good on its promise to release its most important security
    fixes on the second Tuesday of each month, Microsoft yesterday
    released three security fixes for Windows (two critical) and one for
    Office. Microsoft bundled several patches together to make it easier
    to roll out the fixes: The three Windows patches fix eight
    vulnerabilities, for example.
       http://www.winnetmag.com/article/articleid/40825/40825.html
    
    Feature: Protecting SMTP Traffic with TLS
       One of the most common security problems that Microsoft Exchange
    Server sites face is how to protect the contents of sensitive
    messages. You can solve this problem in several different ways,
    depending on why you're trying to protect the messages and what
    specific threats you're protecting against. Read Paul Robichaux's
    article to learn how.
       http://www.winnetmag.com/article/articleid/40787/40787.html
    
    ====================
    
    ==== Hot Release ====
       Get Thawte's New Step-by-Step SSL Guide for MSIIS
       In this guide you will find out how to test, purchase, install and
    use a Thawte Digital Certificate on your MSIIS web server. Throughout,
    best practices for set-up are highlighted to help you ensure efficient
    ongoing management of your encryption keys and digital certificates.
    Get your copy of this new guide now:
       http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw0BDoG0Al
    
    ====================
    
    ==== 4. Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.winnetmag.com/windowssecurity/panda
    
    Virus Alert: Webber.C
       Webber.C is a Trojan horse that downloads a file from the Internet
    that steals passwords for accessing various services. Webber.C is easy
    to recognize because the subject of the email message that carries it
    is always "RE: Your credit application" and the message attachment is
    called WWW.CITIBANKHOMELOAN.HTM.PIF. When the message recipient runs
    the attachment, the Trojan horse is installed on the computer.
    Webber.C is sent by a spammer; it can't spread by itself. For more
    information about Webber.C, visit Panda Software's Web site.
       http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=41726
    
    FAQ: What's the Windows Server 2003 Volume Shadow Copy Service (VSS)?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    A. Windows 2003 includes several new file system features, such as
    enhanced DFS closest-site selection, the Virtual Disk Service (VDS),
    and Automated System Recovery (ASR). The most useful new feature is
    VSS.
       Local Windows file systems include the Recycle Bin on the desktop,
    from which you can recover a deleted file. However, you can't recover
    deleted files on network shares unless you install third-party
    software. One thing VSS does is replicate the Recycle Bin for the
     network.
       At configurable intervals, VSS takes a snapshot (aka Shadow Copy)
    of the state of content stored on selected volume shares. VSS stores
    only the changes for the shares, not the entire share content. For
    example, if you make a small change to a 5GB file, VSS stores only
    information about the change. The service stores as many as 64
    versions of a share, depending on disk space. When the service creates
    the 65th Shadow Copy (or if you've used all the disk space allotted
    for Shadow Copies), the service deletes the oldest snapshot to make
    space for the newest snapshot. You can enable Shadow Copies only on
    NTFS volumes; you can't enable them for FAT volumes. To learn more
    about VSS and how to enable it on your systems, visit our FAQ Web
    site.
       http://www.winnetmag.com/article/articleid/39369/39369.html
    
    Featured Thread: Port Filtering on NT Server 4.0
       (Nine messages in this thread)
       A forum user writes that he has enabled port filtering on his
    Windows NT Server 4.0 system and has permitted full access to the
    following TCP and UDP ports: TCP 80, 110, 137, 138, 139, 2028, 20, 21,
    and 25, and UDP 53, 137, 138, and 2028. With those ports enabled, he
    can't browse the Internet and his Symantec antivirus software can't
    connect to update the antivirus definitions. When he removes all the
    filter settings, his server works as it should. He wants to know why
    the filtering blocks Internet and antivirus access. Lend a hand or
    read the responses:
       http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=64163
    
    ==== 5. Event ====
    
    Have You Checked Out Windows & .NET Magazine's Archived Web Seminars
    Lately?
       Find timely information about email abuse and the security and
    business concerns surrounding the use and abuse of email within
    companies. Or, learn more about identity management and how you can
    benefit from greater security, improved productivity, and better
    manageability. Sign up and receive a free identity management white
    paper. Register now for these two informative Web seminars!
       http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw02lB0AF
    
    ==== 6. New and Improved ====
       by Jason Bovberg, products@private
    
    Sixth Layer of Protection for RemotelyAnywhere 5.0
       3am Labs announced that it has joined the RSA Secured Partner
    Program to provide a trusted-identity and access-management solution
    for its flagship product, RemotelyAnywhere. Leveraging RSA Security's
    RSA SecurID two-factor authentication technology, RemotelyAnywhere 5.0
    now provides a sixth layer of protection that lets you more securely
    manage your network through the Web and wireless devices. In addition
    to RSA SecurID integration, RemotelyAnywhere uses Windows built-in
    authentication, Secure Sockets Layer (SSL), 128-bit encryption, IP
    address filtering, and Intrusion Detection Systems (IDSs). For more
    information about RemotelyAnywhere's addition of RSA SecureID, contact
    3am Labs on the Web.
       http://www.remotelyanywhere.com
    
    Spam Prevention
       Qurb announced Qurb Spam 2.0, the next generation of its antispam
    software that integrates with Microsoft Outlook and Outlook Express.
    Qurb Spam 2.0 develops and maintains a white list of legitimate email
    senders and quarantines questionable messages until you approve them.
    Unlike content-filtering tools, Qurb's security and authentication
    features protect you from scams that trick you into giving up
    credit-card, account, and other personal information while ensuring
    delivery of personal and opt-in email. Qurb Spam 2.0's pricing starts
    at $29.95. To download a free 30-day trial version of the product,
    contact Qurb on the Web.
       http://www.qurb.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ===================
    
    ==== Sponsored Links ====
    
    Sybari Software
       Free! "Admins Shortcut Guide to Email Protection" from Sybari
       http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw0BDkY0Az
    
    Microsoft(R) Security Readiness Kit
       Get your free kit for creating an enhanced risk-management plan.
       http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw0BDkc0AB
    
    VMware Inc.
       FREE VMware Workstation for Microsoft Certified Trainers.
       http://list.winnetmag.com/cgi-bin3/DM/y/edep0CJgSH0CBw0BDmL0Ao
    
    ===================
    
    ==== 7. Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    This email newsletter is brought to you by Security Administrator, the
    print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
    today.
    https://secure.pentontech.com/nt/security/index.cfm?promocode=00&Code=ei25xxup
    
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Nov 20 2003 - 02:12:54 PST