[ISN] Windows & .NET Magazine Security UPDATE--New Worms Target Unpatched Web Servers--May 5, 2004

From: InfoSec News (isn@private)
Date: Thu May 06 2004 - 03:08:36 PDT

  • Next message: InfoSec News: "[ISN] The Internet's Wilder Side"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Ecora Software
       http://list.winnetmag.com/cgi-bin3/DM/y/efkS0CJgSH0CBw0BHtT0Am
    
    Exchange & Outlook Administrator
       http://list.winnetmag.com/cgi-bin3/DM/y/efkS0CJgSH0CBw0BEf10Au
    
    ====================
    
    1. In Focus: New Worms Target Unpatched Web Servers
    
    2. Security News and Features
       - Recent Security Vulnerabilities
       - News: Problems with Microsoft's Patch MS04-011
       - News: Need ISC Bind DNS Support?
       - News: Network Associates to Consolidate and Change Name
       - News: Microsoft Presents Antispyware Strategy
    
    3. Instant Poll
    
    4. Security Toolkit
       - FAQ
       - Featured Thread
    
    5. New and Improved
       - All-in-One ADSL Modem, Firewall Router, and Switch
    
    ====================
    
    ==== Sponsor: Ecora Software ====
       Rely on our great reports to make your patch management headaches
    go away! Start automating your backlog of security patches today!
    Network Computing magazine has just named our previous version as the
    "Editor's Choice" tool for Patch Management. Our newest version is
    loaded with even more high-performance benefits such as 500% faster
    scanning and analysis loading, cross-platform support, enhanced user
    interfaces, policy compliance features, and our great admin and
    management reports. Go directly to our free trial page and see for
    yourself, first-hand, what our automated patch solution is all about.
    Special Bonus: The first 100 people to trial Patch Manager 3.1 from
    the link below will receive a FREE T-Shirt. Try us now-
       http://list.winnetmag.com/cgi-bin3/DM/y/efkS0CJgSH0CBw0BHtT0Am
    
    ====================
    
    ==== 1. In Focus: New Worms Target Unpatched Web Servers ====
       by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
    
    Last week, I wrote about the most recent security patches from
    Microsoft as well as new exploits that take advantage of related
    problems. I also mentioned that if you haven't loaded the Microsoft
    Security Bulletin MS04-011 (Security Update for Microsoft Windows)
    patch, then your systems are sitting ducks. As it turns out, duck
    hunting season just opened.
    
    Several worms are now spreading and taking advantage of problems that
    can be remedied by the MS04-011 patch. According to the SANS
    Institute's Internet Storm Center, variants of the Gaobot worm target
    systems that don't have the MS04-011 patch. In addition, at least
    three variants of the Sasser worm target the same vulnerabilities.
       http://www.incidents.org/diary.php?date=2004-05-02
    
    Of course, all the companies that provide preventive measures,
    including makers of antivirus software and Intrusion Detection
    Systems, are updating their tools to provide protection. Some have
    also provided removal tools in case your systems have become infected
    by the Sasser worm variants. If your systems have become infected and
    you need quick help removing worms, check with your antivirus vendor
    to determine whether it's released Sasser removal tools.
    
    Microsoft has released a bulletin regarding the Sasser worm as well as
    a tool that helps with worm removal. You can find it at the first URL
    below. If you need help with worm removal, remember that Microsoft
    provides free support for security matters. United States and Canadian
    residents can reach the company toll free at 866-727-2338, or anyone
    can go to the second URL below and click the "Send us an online
    request for support" link.
       http://www.microsoft.com/downloads/details.aspx?familyid=76c6de7e-1b6b-4fc3-90d4-9fa42d14cc17&displaylang=en
       http://www.microsoft.com/security/protect/support.asp
    
    If you've loaded the patch already and have experienced problems or if
    you're considering loading the patch soon, be aware that known
    problems with the patch might affect your network environment. For
    more information, see the first News item below.
    
    ====================
    
    ==== Sponsor: Exchange & Outlook Administrator ====
       Try a Sample Issue of Exchange & Outlook Administrator!
       If you haven't seen Exchange & Outlook Administrator, you're
    missing out on key information that will go a long way towards
    preventing serious messaging problems and downtime. Request a sample
    issue today, and discover tools you won't find anywhere else to help
    you migrate, optimize, administer, and secure Exchange and Outlook.
    Order now!
       http://list.winnetmag.com/cgi-bin3/DM/y/efkS0CJgSH0CBw0BEf10Au
    
    ====================
    
    ==== 2. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    News: Problems with Microsoft's Patch MS04-011
       The Microsoft article "Your computer stops responding, you cannot
    log on to Windows, or your CPU usage for the System process approaches
    100 percent after you install the security update that is described in
    Microsoft Security Bulletin MS04-011,"
    http://support.microsoft.com/?kbid=841382 , released on April 28,
    discusses problems that have been discovered in the recently released
    Microsoft Security Bulletin MS04-011 (Security Update for Microsoft
    Windows). According to the article, problems can arise on Windows 2000
    OSs if any of three drivers (ipsecw2k.sys, imcide.sys, or dlttape.sys)
    are loaded. People might experience lockups at boot time, the
    inability to log on, or 100 percent CPU utilization.
       http://www.winnetmag.com/article/articleid/42505/42505.html
    
    News: Need ISC Bind DNS Support?
       Nonprofit company Internet Software Consortium (ISC), makers of ISC
    Bind DNS software, have announced the availability of support
    contracts. You can choose 24 x 7 support, 12 x 7 support (from 8 A.M.
    to 8 P.M., Eastern Standard Time--EST), or 9 x 5 support (from 9 A.M.
    to 6 P.M., EST, Monday through Friday).
       http://www.winnetmag.com/article/articleid/42459/42459.html
    
    News: Network Associates to Consolidate and Change Name
       Network Associates announced that the company will sell its Sniffer
    product line, focus exclusively on security solutions, and change its
    name to McAfee. Silver Lake Partners and Texas Pacific Group will buy
    the Sniffer technology for $275 million.
       http://www.winnetmag.com/article/articleid/42458/42458.html
    
    News: Microsoft Presents Antispyware Strategy
       Deceptive software, also known as spyware, now accounts for more
    than 50 percent of the Windows failures reported to Microsoft and is
    becoming an important industry concern. Microsoft's partners report
    that spyware is the number-one support problem and is costing the
    industry millions of dollars a year in support costs. Microsoft and
    other companies detailed to the US Federal Trade Commission (FTC) the
    steps they're taking to reduce the threat and problems spyware causes.
       http://www.winnetmag.com/article/articleid/42432/42432.html
    
    ====================
    
    ==== Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    The Conference on Securing and Auditing Windows Technologies, July
    20-21
       New for 2004, The Conference on Securing and Auditing Windows
    Technologies will be held July 20-21, 2004, at the Fairmont Copley
    Plaza in Boston, MA. In vendor-neutral sessions on today's hottest
    topics, you'll get practical strategies for mitigating risk and
    safeguarding your systems. For more information, call 508-879-7999 or
    go to:
       http://list.winnetmag.com/cgi-bin3/DM/y/efkS0CJgSH0CBw0BHtU0An
    
    Register Today for Microsoft Tech Ed 2004
       Dont miss Tech Ed 2004 -- May 23-28, 2004 in San Diego, CA -- the
    definitive Microsoft conference for building, deploying, securing and
    managing connected solutions. You'll find 11 conference tracks and
    over 400 sessions. Get answers to your technical questions, meet
    industry experts, evaluate new products, and take advantage of
    extensive networking opportunities. Register today.
       http://list.winnetmag.com/cgi-bin3/DM/y/efkS0CJgSH0CBw0BGE40AS
    
    Small Servers for Small Businesses Web Seminar
       Today a small business can be as agile as a large business by
    understanding which technology can be leveraged to create a
    centralized server environment. In this free Web seminar, you'll learn
    the perils of peer-to-peer file sharing, backup and recovery,
    migration from desktop to servers, and Small Business Server basics.
    Register now!
       http://list.winnetmag.com/cgi-bin3/DM/y/efkS0CJgSH0CBw0BHpZ0Ao
    
    ====================
    
    ==== 3. Instant Poll ====
    
    Results of Previous Poll
       The voting has closed in the Windows & .NET Magazine Network
    Security Web page nonscientific Instant Poll for the question, "As a
    security administrator, what's your most important task?" Here are the
    results from the 77 votes.
       - 43% Security monitoring and auditing
       - 13% Policy management and enforcement
       - 23% Patch management
       - 19% End-user education
       - 1% Other
    (Deviations from 100 percent are due to rounding.)
    
    New Instant Poll
       The next Instant Poll question is, "Has your company become
    infected by the Sasser or Gaobot worm?" Go to the Security Web page
    and submit your vote for
       - Yes
       - No
       - I'm not sure
       http://www.winnetmag.com/windowssecurity
    
    ==== 4. Security Toolkit ====
    
    FAQ: Password-Change Web Page
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    Q: How can I create a Web page at which users can change their
    passwords?
    
    A. You can write an Active Server Pages (ASP) script that creates a
    password-change Web page. ASP gives you complete access to Microsoft
    Active Directory Service Interfaces (ADSI), which lets you perform a
    variety of functions, such as changing passwords or creating accounts.
    When you write such a script, you must consider factors such as the
    user account under which the script will run and the permissions you
    want to use when the script runs. To see a script and further
    explanation, go to this FAQ on our Web site.
       http://www.winnetmag.com/article/articleid/42425/42425.html
    
    Featured Thread: Group Membership Issue (findgrp error 234)
       (Three messages in this thread)
       A reader writes that he has a problem with the membership of user
    accounts in global groups. One symptom is that some applications are
    not aware of local or domain administrator rights and those
    applications don't allow installation or configuration. When the
    reader executes the findgrp command (from the Microsoft Windows 2000
    Resource Kit) he receives error 234, "finding global groups: Unknown
    Error: 234." However, the local groups are listed correctly.
    
    The reader is using Windows XP Professional Service Pack 1 (SP1) and
    all patches in a Windows 2000 Server Active Directory (AD)
    environment. As far as he can determine, only XP systems have this
    problem. He thinks a particular patch might be causing the behavior
    and would like advice. Lend a hand or read the responses:
    http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=120231
    
    ====================
    
    ==== Events Central ====
       (A complete Web and live events directory brought to you by Windows
    & .NET Magazine: http://www.winnetmag.com/events )
    
    Popular Web Seminar--The Spam Problem Solved: Hensel Phelps
    Construction Company Case Study
       Find out how Hensel Phelps Construction, a multibillion-dollar
    national contractor, has implemented a multilayered antispam solution
    to increase user productivity and decrease the burden on IT staff
    resources, infrastructure, and budget. Sign up now for this free Web
    seminar!
       http://list.winnetmag.com/cgi-bin3/DM/y/efkS0CJgSH0CBw0BGzb0A6
    
    ====================
    
    ==== 5. New and Improved ====
       by Jason Bovberg, products@private
    
    All-in-One ADSL Modem, Firewall Router, and Switch
       TRENDware International announced TEW-435BRM and TW100-BRM504,
    all-in-one ADSL modem, firewall router, and four-port switch packages
    for the small office/home office (SOHO) environment. TW100-BRM504 is
    designed for wired networks, whereas TEW-435BRM supports both wired
    and 802.11g wireless networks. Advanced security features include
    Stateful Packet Inspection (SPI) and a Rules-Based Firewall. You can
    control users' Internet access by URL, time, and MAC address, and you
    can use the product's logs and reports to monitor intrusion attempts
    and traffic. For more information, contact TRENDware International at
    310-891-1100 or on the Web.
       http://www.trendnet.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ====================
    
    ==== Sponsored Links ====
    
    Argent
       Comparison Paper: The Argent Guardian Easily Beats Out MOM
       http://list.winnetmag.com/cgi-bin3/DM/y/efkS0CJgSH0CBw0BDWV0AH
    
    Microsoft(R) TechNet
       Microsoft(R) TechNet Webcasts: essential guidance, industry experts
       http://list.winnetmag.com/cgi-bin3/DM/y/efkS0CJgSH0CBw0BG360AC
    
    ====================
    
    ==== Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    ====================
    
    ==== Contact Our Sponsors ====
    
    Primary Sponsor:
       Ecora Software -- http://www.ecora.com -- 1-877-92-ECORA
    
    ====================
    
    This email newsletter is brought to you by Windows & .NET Magazine,
    the leading publication for IT professionals deploying Windows and
    related technologies. Subscribe today.
       http://www.winnetmag.com/sub.cfm?code=wswi201x1z
    
    You received this email message because you asked to receive
    additional information about products and services from the Windows &
    .NET Magazine Network. To unsubscribe, send an email message to
    mailto:Security-UPDATE_Unsub@private Thank you!
    
    View the Windows & .NET Magazine privacy policy at
    http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy
    
    Windows & .NET Magazine, a division of Penton Media, Inc.
    221 East 29th Street, Loveland, CO 80538
    Attention: Customer Service Department
    
    Copyright 2004, Penton Media, Inc. All rights reserved.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Thu May 06 2004 - 04:20:24 PDT