[ISN] Windows & .NET Magazine Security UPDATE--New Exploits--April 28, 2004

From: InfoSec News (isn@private)
Date: Fri Apr 30 2004 - 00:32:02 PDT

  • Next message: InfoSec News: "[ISN] Secunia Weekly Summary - Issue: 2004-18"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Postini Preemptive Email Protection
       http://list.winnetmag.com/cgi-bin3/DM/y/effZ0CJgSH0CBw0BHea0Am
    
    Windows Scripting Solutions
       http://list.winnetmag.com/cgi-bin3/DM/y/effZ0CJgSH0CBw0BFyu0AQ
    
    ====================
    
    1. In Focus: New Exploits and a New Security Toolkit
    
    2. Security News and Features
       - Recent Security Vulnerabilities
       - News: Remote Root Exploit Against IIS Servers
       - News: TCP Vulnerabilities
       - Feature: Exchange Server SMTP AUTH Attacks
    
    3. Security Toolkit
       - FAQ
       - Featured Thread
    
    4. New and Improved
       - Secure Your Passwords
    
    ====================
    
    ==== Sponsor: Postini Preemptive Email Protection ====
       Free Whitepaper: Top 10 Reports for Email Admins
       This paper will show you the top ten reports every email
    administrator really shouldn't live without including, dashboard views
    of inbound email activity, SMTP connection, and delivery monitoring,
    as well as outbound email and content. Assuring comprehensive email
    security and management for your enterprise requires real-time
    monitoring and detailed, flexible reporting. Postini provides an
    award-winning web console "dashboard" that helps email administrators
    manage their email protection more effectively and efficiently with a
    host of monitoring and trending reports. Reports show inbound spam by
    domain and recipient, as well as viruses by name and overall traffic
    by domain and recipient.
       http://list.winnetmag.com/cgi-bin3/DM/y/effZ0CJgSH0CBw0BHea0Am
    
    ====================
    
    ==== 1. In Focus: New Exploits and a New Security Toolkit ====
       by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
    
    One of the security patches that Microsoft released in the Microsoft
    Security Bulletin MS04-011 on April 13 fixes a serious problem in the
    Private Communications Technology (PCT) protocol, which is part of
    Microsoft's Secure Sockets Layer (SSL) implementation. If you haven't
    patched your production systems yet, consider doing so immediately
    because exploits have already been released that can provide remote
    access to an intruder. So your unpatched systems are sitting ducks.
       http://www.winnetmag.com/article/articleid/42438/42438.html
    
    If you can't load the patch for some reason, consider disabling PCT,
    which you can do by adjusting a particular registry key. For more
    information about disabling PCT, see "Information about code that
    attempts to exploit PCT in SSL" at
       http://www.microsoft.com/security/incident/pctdisable.asp
    
    You also need to be aware of the recently reported TCP-reset
    vulnerability, which affects many devices, including routers. As
    you'll learn in the related news story below, exploiting the
    vulnerability causes routers to drop connections, including important
    border gateway protocol (BGP) sessions. A new Windows-based exploit
    tool was recently released, so be sure to check with your router
    vendors to determine whether their particular products are affected.
    If they are, install the latest updates.
       http://www.winnetmag.com/article/articleid/42437/42437.html
    
    You should ensure your Intrusion Detection System (IDS) has the most
    recent rules and signatures available. For example, new Snort rules
    became available on April 25 as I was writing this editorial. So if
    you use Snort, be sure to obtain the last rules files.
       http://www.snort.org/dl/rules
    
    A New Security Toolkit
    
    I don't think a person can ever have enough security tools. If you
    share that opinion, you might want to download a copy of the recently
    released version 1.0.4 of Network Security Toolkit (NST), which is the
    creation of Paul Blankenbaker and Ron Henderson.
    
    NST is available on a bootable CD-ROM or is downloadable as an
    International Organization for Standardization (ISO) image and is
    based on Red Hat Linux 9.0. The CD-ROM contains dozens upon dozens of
    tools and, according to the NST Web site, can "transform most x86
    systems into a system designed for network traffic analysis, intrusion
    detection, network packet generation, a virtual system service server,
    or a sophisticated network/host scanner. This can all be done without
    disturbing or modifying any underlying sub-system disk. NST can be up
    and running on a typical x86 notebook in less than a minute by just
    rebooting with the NST ISO CD. The notebook's hard disk will not be
    altered in any way."
    
    Head over to the NST Web site and have a look at NST's contents and
    capabilities. At the site, you'll also find the link to download the
    194MB package.
       http://www.networksecuritytoolkit.org/nst/index.html
    
    ====================
    
    ==== Sponsor: Windows Scripting Solutions ====
       Try a Sample Issue of Windows Scripting Solutions
       Windows Scripting Solutions is the monthly newsletter from Windows
    & .NET Magazine that shows you how to automate time-consuming,
    administrative tasks by using our simple downloadable code and
    scripting techniques. Sign up for a sample issue right now, and find
    out how you can save both time and money. Click here!
       http://list.winnetmag.com/cgi-bin3/DM/y/effZ0CJgSH0CBw0BFyu0AQ
    
    ====================
    
    ==== 2. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    News: Remote Root Exploit Against IIS Servers
       On April 21, a member of the Full Disclosure mailing list posted a
    message that revealed the existence of a new tool that can be used to
    exploit Microsoft IIS servers. By using Secure Sockets Layer (SSL) to
    target unpatched IIS servers, an attacker can cause the server to open
    a port that allows remote access to the system.
       http://www.winnetmag.com/article/articleid/42438/42438.html
    
    News: TCP Vulnerabilities
       US-CERT and the UK National Infrastructure Security Co-ordination
    Centre (NISCC) published information about vulnerabilities in the TCP
    protocol. The problems can affect a wide array of platforms, including
    many types of routers, such as those used to operate the Internet at
    top-tier ISPs.
       http://www.winnetmag.com/article/articleid/42437/42437.html
    
    Feature: Exchange Server SMTP AUTH Attacks
       If you run Microsoft Exchange Server to process incoming Internet
    email, spammers might be using your mail server as a relay, even
    though your server isn't an open relay. How is this possible? Spammers
    authenticate to your email server, then use your server to send mail.
    Alan Sugano outlines how you can determine whether someone is using
    your system as a mail relay, how to close the hole, and how to test
    the measures you've taken to prevent such attacks in an article at the
    first URL below. Paul Robichaux wrote about the attack last fall in
    the article at the second URL below.
       http://www.winnetmag.com/article/articleid/42406/42406.html
       http://www.winnetmag.com/article/articleid/40507/40507.html
    
    ====================
    
    ==== Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Try a Sample Issue of Exchange & Outlook Administrator!
       If you haven't seen Exchange & Outlook Administrator, you're
    missing out on key information that will go a long way towards
    preventing serious messaging problems and downtime. Request a sample
    issue today, and discover tools you won't find anywhere else to help
    you migrate, optimize, administer, and secure Exchange and Outlook.
    Order now!
       http://list.winnetmag.com/cgi-bin3/DM/y/effZ0CJgSH0CBw0BEf10Aw
    
    Discover the Basics of Active Directory Fundamentals
       In this free Web seminar, we'll look at the logical concepts as
    they relate to domain, trees, and forests and the physical concepts of
    domain controllers and sites. We'll also explain the relationship
    between Active Directory and the Domain Naming Service, as well as
    cover some operation functions. Register now!
       http://list.winnetmag.com/cgi-bin3/DM/y/effZ0CJgSH0CBw0BHb40Ay
    
    SQL Web Seminar--Tactics for Protecting Microsoft SQL Server
       It is crucial to protect Microsoft SQL Server from outside forces,
    including weather, user error, or system outage, that can jeopardize
    application and associated data. Register now for a free, 1-hour Web
    seminar on May 4 and learn about the solutions associated with
    protecting SQL Server. Register now and receive a free evaluation
    version of Double-Take and a free white paper titled, "Protecting Your
    Microsoft SQL Server DataSign."
       http://list.winnetmag.com/cgi-bin3/DM/y/effZ0CJgSH0CBw0BG8V0Ap
    
    ====================
    
    ==== Hot Release ====
       Symantec
       Free White Paper: "Enterprise Systems and Storage Management
    Convergence using File Systems Virtualization"
      Download this free technical white paper now, courtesy of Symantec
    and Windows & .NET Magazine's White Paper Central:
       http://list.winnetmag.com/cgi-bin3/DM/y/effZ0CJgSH0CBw0BHfW0Ad
    
    ====================
    
    ==== 3. Security Toolkit ====
    
    FAQ: Controlling Access to IISADMPWD
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    Q: How can I control access to the IISADMPWD virtual directory?
    
    A. When you use the default IISADMPWD virtual directory to enable a
    Web page on which users can change passwords (which I discussed in the
    FAQ "Does Windows Server 2003 provide a way to let users change their
    passwords remotely on the Web?"), the Microsoft IIS system sends the
    user's password information unencrypted over the network, which
    creates a security risk. To avoid transmitting unencrypted passwords,
    you must enable Secure Sockets Layer (SSL) by following these steps:
    
    1. Start a command prompt by clicking Start, Run and typing
    
    cmd.exe
    
    2. Navigate to the C:\inetpub\adminscripts directory.
    
    3. At the command prompt, type
    
    adsutil.vbs set w3svc/1/PasswordChangeFlags 0
    
    This command runs the adsutil.vbs script with the Set command. The
    w3svc/1 parameter specifies the first default Web site. The
    PasswordChangeFlags option with the 0 value means that SSL is
    required. (Setting the PasswordChangeFlags value to 1 specifies that
    SSL isn't used, and setting the value to 2 disables the user's ability
    to change the password.)
    
    4. Restart the IIS server to effect the change.
    
    A new tool lets intruders exploit unpatched IIS servers that use SSL
    (see the first News item above). Be sure to patch your server.
    
    Featured Thread: BlackBerry Server Behind ISA Server
       (One message in this thread)
       A reader writes that he needs to set up BlackBerry Server behind a
    Microsoft ISA Server firewall. He's having trouble opening the correct
    port, which is TCP port 3101. He created a packet filter by selecting
    the following properties: IP Protocol: TCP, Direction: Outbound, Local
    Port: Fixed Port, Local Port Number 3101, Remote Port: All Ports,
    Remote Ports: subdued. It doesn't work, and he wants to know how to
    correct the problem. Lend a hand or read the responses:
    http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=119881
    
    ====================
    
    ==== Events Central ====
       (A complete Web and live events directory brought to you by Windows
    & .NET Magazine: http://www.winnetmag.com/events )
    
    Sign Up for 2 Great Roadshows About Security and Exchange
       Don't miss 2 free roadshow tours covering hot security and Exchange
    topics. Learn how to simplify your life with Windows Server 2003 and
    Exchange Server 2003 and protect your infrastructure and applications
    against security threats. Coming to your city soon. Register now!
       http://list.winnetmag.com/cgi-bin3/DM/y/effZ0CJgSH0CBw0BHb50Az
    
    ====================
    
    ==== 4. New and Improved ====
       by Jason Bovberg, products@private
    
    Secure Your Passwords
       TK8 Productions released TK8 Safe, Windows password-management
    software that simplifies the safe storage and retrieval of user IDs,
    passwords, serial numbers, and other confidential information that Web
    sites and software applications require. TK8 Safe stores all of a
    user's private information in an encrypted database that's accessible
    only by its owner, and the software supports multiple users on the
    same computer. TK8 Safe costs $19.95 for a single-user license, and
    multiuser discounts are available. For more information, contact TK8
    Productions on the Web.
       http://www.tk8.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ====================
    
    ==== Sponsored Links ====
    Argent
       Comparison Paper: The Argent Guardian Easily Beats Out MOM
       http://list.winnetmag.com/cgi-bin3/DM/y/effZ0CJgSH0CBw0BDWV0AJ
    
    Microsoft(R) TechNet
       Microsoft(R) TechNet Webcasts: essential guidance, industry experts
       http://list.winnetmag.com/cgi-bin3/DM/y/effZ0CJgSH0CBw0BG360AE
    
    Microsoft Security
       Knowledge Improves Security. Visit www.securitywhitepaper.com.
       http://list.winnetmag.com/cgi-bin3/DM/y/effZ0CJgSH0CBw0BHSy0As
    
    ====================
    
    ==== Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    ====================
    
    ==== Contact Our Sponsors ====
    
    Primary Sponsor:
       Postini -- http://www.postini.com
    Hot Release Sponsor:
       Symantec -- http://www.symantec.com
    
    ====================
    
    This email newsletter is brought to you by Windows & .NET Magazine,
    the leading publication for IT professionals deploying Windows and
    related technologies. Subscribe today.
       http://www.winnetmag.com/sub.cfm?code=wswi201x1z
    
    You received this email message because you asked to receive
    additional information about products and services from the Windows &
    .NET Magazine Network. To unsubscribe, send an email message to
    mailto:Security-UPDATE_Unsub@private Thank you!
    
    View the Windows & .NET Magazine privacy policy at
    http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy
    
    Windows & .NET Magazine, a division of Penton Media, Inc.
    221 East 29th Street, Loveland, CO 80538
    Attention: Customer Service Department
    
    Copyright 2004, Penton Media, Inc. All rights reserved.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Fri Apr 30 2004 - 18:38:58 PDT