Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com> === CONTENTS =================================================== IN FOCUS: Defeating Vista Security with Drivers NEWS AND FEATURES - OEM BIOS Emulator Bypasses Vista Activation - Grisoft Offers Free Antirootkit Tool - New Storm Worm Outbreak Spreading Fast - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: 37 Patches on the Way from Oracle - FAQ: Microsoft SCE 2007 - From the Forum: Vote for Your Favorite IPS and Two-Factor Authentication Solutions - Tell Us About the Products You Love! - Share Your Security Tips PRODUCTS - Encrypt Email According to Policy RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: Verio ============================================= Managing Your Web Presence Application pooling may achieve server density but it can put your code at risk. Download this free white paper and find out how to ensure a reliable, secure and scalable Windows-based hosting environment. http://list.windowsitpro.com/t?ctl=529CE:57B62BBB09A692790DDAF3D6C62C9E71 === IN FOCUS: Defeating Vista Security with Drivers ============= by Mark Joseph Edwards, News Editor, mark at ntsecurity / net A couple of interesting developments came to light in the last couple of weeks, both of which affect Windows Vista security to some extent. The first issue centers around Windows Genuine Advantage (WGA). As you'll learn when you read the related news story, "OEM BIOS Emulator Bypasses Vista Activation," below, code has been released that can fool Vista into thinking that it's a genuine copy when it's not. That feat is accomplished by using a third-party driver. While on the surface this doesn't seem like a security problem, it actually is. First of all, imagine some small-to-midsized business (SMB) trying to save money on a migration to Vista. The company might shop around to try to find the best price possible on a new software and hardware combination. The company ends up buying from someone who's actually selling pirated copies of Vista that have a driver installed to fool WGA. Such an unscrupulous seller might just as easily have installed anything on the machines, including botnets, rootkits, and keyloggers that could be undetectable by existing security solutions. These processes could be undetectable because a driver can be used to protect a process so that for the most part the process can't be inspected by another process. And if the process's memory space can't be inspected, then any malware inside it can't be detected. Two weeks ago, Alex Ionescu released a proof-of-concept tool called D- Pin Purr 1.0. The tool, which works only on 32-bit versions of Vista, uses a driver that can protect or unprotect a process. Ionescu wrote, "It is trivial to make a process protected or unprotected by bypassing all the code integrity checks and sandbox in which protected processes are supposed to run." So basically, Ionescu discovered a way to bypass a major security feature of Windows Vista--one that many vendors have been complaining about because it prevents their tools from fully working to some extent or other. If the tool really works as intended (and while I haven't tested it, I suspect that it does), then certainly "bad guys" can create a similar tool to defend their botnet, rootkit, and keylogger code. Sure, elevated privileges might be required to install drivers into Vista, which seems to imply that the potential impact is limited. However, as history clearly shows, intruders routinely combine vulnerabilities and mix in social engineering, so they might eventually be able to get a driver installed. You can read more about Ionescu's tool in his blog at the URL below, where he also provides a download link for D-Pin Purr. http://list.windowsitpro.com/t?ctl=529E1:57B62BBB09A692790DDAF3D6C62C9E71 === SPONSOR: Neverfail ========================================= The Future of Business Continuity Having customers depend on your IT services in order to communicate, purchase, or manage orders is great for your business. But, what happens when your applications or Web sites are suddenly unavailable? Download this free white paper and learn how to eliminate application downtime disruptions of any cause and ensure the continuity of your business. http://list.windowsitpro.com/t?ctl=529CA:57B62BBB09A692790DDAF3D6C62C9E71 === SECURITY NEWS AND FEATURES ================================= OEM BIOS Emulator Bypasses Vista Activation While there are known methods of bypassing Windows Vista activation requirements, a new technique turns out to be the easiest and most effective so far in defeating Microsoft's Windows Genuine Advantage (WGA) technology. http://list.windowsitpro.com/t?ctl=529D7:57B62BBB09A692790DDAF3D6C62C9E71 Grisoft Offers Free Antirootkit Tool Grisoft, widely known for its AVG brand of antivirus solutions, announced that it's now offering a free antirootkit tool, AVG Anti- Rootkit, for Windows 2000 and Windows XP systems. http://list.windowsitpro.com/t?ctl=529D5:57B62BBB09A692790DDAF3D6C62C9E71 New Storm Worm Outbreak Spreading Fast Several companies, including Postini, iDefense Labs, and the SANS Institute, are tracking a new outbreak of a variant of the Storm worm that's producing heavier than normal detection rates around the Internet. http://list.windowsitpro.com/t?ctl=529D6:57B62BBB09A692790DDAF3D6C62C9E71 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=529D0:57B62BBB09A692790DDAF3D6C62C9E71 === SPONSOR: HP ================================================ Free Brief: Personal HP Workstations = Higher ROI? Discover why financial services executives get a LOT more out of their IT investments by investing in HP Personal Workstation Technology. Quickly learn how workstations ensure accuracy and security while driving down short and long term operating costs. This quick-read guide is a must read today. http://list.windowsitpro.com/t?ctl=529DE:57B62BBB09A692790DDAF3D6C62C9E71 === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: 37 Patches on the Way from Oracle by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=529DC:57B62BBB09A692790DDAF3D6C62C9E71 As part of Oracle's quarterly critical patch update, the company will release 37 patches next week. So get ready! http://list.windowsitpro.com/t?ctl=529D8:57B62BBB09A692790DDAF3D6C62C9E71 FAQ: Microsoft SCE 2007 by John Savill, http://list.windowsitpro.com/t?ctl=529DA:57B62BBB09A692790DDAF3D6C62C9E71 Q: What is System Center Essentials (SCE) 2007? Find the answer at http://list.windowsitpro.com/t?ctl=529D4:57B62BBB09A692790DDAF3D6C62C9E71 FROM THE FORUM: Vote for Your Favorite IPS and Two-Factor Authentication Solutions Tell us which security products are working for you. It's not too late to vote for the best host-based intrusion prevention system http://list.windowsitpro.com/t?ctl=529C9:57B62BBB09A692790DDAF3D6C62C9E71 and the best two-factor authentication solution http://list.windowsitpro.com/t?ctl=529C8:57B62BBB09A692790DDAF3D6C62C9E71 TELL US ABOUT THE PRODUCTS YOU LOVE! What products are you using that save you time or make your workload a little lighter? What hot product discoveries have you made that other IT pros need to know about? Let the world know about your experiences in Windows IT Pro's monthly What's Hot department. If we publish your story in What's Hot, we'll send you a Best Buy gift card! Send information about your favorite product and how it has helped you to whatshot@private SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS =================================================== by Renee Munshi, products@private Encrypt Email According to Policy Proofpoint announced a new version of Proofpoint Secure Messaging, its policy-driven email encryption solution. The new version uses Voltage Security's Voltage Identity-Based Encryption (IBE) technology to automatically and dynamically encrypt outbound email based on customizable policies. The updated Proofpoint Secure Messaging module will be available in June 2007 as an optional component for the Proofpoint Messaging Security Gateway appliance and virtual appliance. Proofpoint Secure Messaging works with the Proofpoint Regulatory Compliance and Proofpoint Digital Asset Security content-filtering modules on the appliances. Proofpoint Secure Messaging pricing starts at $20,000. For more information, go to http://list.windowsitpro.com/t?ctl=529E2:57B62BBB09A692790DDAF3D6C62C9E71 === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=529D9:57B62BBB09A692790DDAF3D6C62C9E71 Gain control over the growing amount of file data in your enterprise. Learn how File Area Networks (FANs) can help you centralize file consolidation, migration, replication, and failover. Download this eBook and start streamlining your file management projects today! http://list.windowsitpro.com/t?ctl=529CD:57B62BBB09A692790DDAF3D6C62C9E71 One common set of controls can help you manage compliance across multiple regulations and standards. Download this free IDC white paper and find out how to map controls to the appropriate regulations and save time and expense in demonstrating compliance. http://list.windowsitpro.com/t?ctl=529CC:57B62BBB09A692790DDAF3D6C62C9E71 You can't prevent nature from throwing floods, hurricanes, and earthquakes at your IT systems. You can't always control what people might do to your systems, either. Download this free eBook and learn to protect your business in the face of both natural and human-made disasters. http://list.windowsitpro.com/t?ctl=529CF:57B62BBB09A692790DDAF3D6C62C9E71 === FEATURED WHITE PAPER ======================================= Built-in SQL Server data protection features aren't enough. Learn to use an automated data protection solution that provides 24x7 availability to meet today's critical business demands. http://list.windowsitpro.com/t?ctl=529CB:57B62BBB09A692790DDAF3D6C62C9E71 === ANNOUNCEMENTS ============================================== Introducing a Unique Security Resource Security Pro VIP is an online information center that delivers new articles every week on topics such as perimeter security, authentication, and system patches. Subscribers also receive tips, cautionary advice, direct access to our editors, and a host of other benefits! Order now at an exclusive charter rate and save up to $50! http://list.windowsitpro.com/t?ctl=529D1:57B62BBB09A692790DDAF3D6C62C9E71 Grab Your Share of the Spotlight! Nominate yourself or a peer to become IT Pro of the Month. This is your chance to get the recognition you deserve! Winners will receive over $600 in IT resources and be featured in Windows IT Pro. It's easy to enter--we're accepting June nominations now, but only for a limited time! Submit your nomination today: http://list.windowsitpro.com/t?ctl=529DD:57B62BBB09A692790DDAF3D6C62C9E71 ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below). http://list.windowsitpro.com/t?ctl=529DB:57B62BBB09A692790DDAF3D6C62C9E71 http://list.windowsitpro.com/t?ctl=529E0:57B62BBB09A692790DDAF3D6C62C9E71 Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=529D3:57B62BBB09A692790DDAF3D6C62C9E71 Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=529DF:57B62BBB09A692790DDAF3D6C62C9E71 About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://list.windowsitpro.com/t?ctl=529D2:57B62BBB09A692790DDAF3D6C62C9E71 Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2007, Penton Media, Inc. All rights reserved. __________________________ Subscribe to InfoSec News http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Apr 18 2007 - 23:12:06 PDT