-----Original Message----- From: NIPC Watch [mailto:nipcwatch@private] Sent: Thursday, September 19, 2002 9:28 AM To: Cyber Threats Subject: [Cyber_threats] Daily News 09/19/02 September 18, Federal Computer Week - Cyber strategy: A starting point. The National Strategy to Secure Cyberspace that the Bush administration released today is a draft -- a roadmap that will become more detailed as comments are returned and expertise evolves within government and the private sector, according to the document. Parts of the draft strategy, developed by the Critical Infrastructure Protection Board in cooperation with the private sector, are more detailed than others. Source: http://www.fcw.com/fcw/articles/2002/0916/web-strat-09-18-02.asp September 18, Securiteam - Microsoft Windows XP remote desktop denial of service vulnerability. At the start of the protocol, there is a negotiation of client and server graphics capabilities, in a packet called PDU Confirm Active. A block of 32 bytes in this packet allows the client to disable the drawing commands that it does not support. One of these apparently controls whether the Pattern BLT command is sent. On Windows 2000 Server, disabling this command will make the server send bitmaps instead of Pattern BLT commands. However, Windows XP Professional apparently reboots when it tries to render patterns; since this happens while the login screen is being drawn, this does not require the client to have logged on or authenticated to the server. This applies to all versions of the protocol tested (RDP 4.0, 5.0 and 5.1), and it is reproducible with Windows .NET Standard Server Beta 3. Source: http://www.securiteam.com September 18, Cisco Security Response - Microsoft Windows SMB denial of service vulnerabilities in Cisco products. This advisory describes vulnerabilities that affect Cisco products and applications that are installed on Microsoft operating systems incorporating the use of the Server Message Block (SMB) file sharing protocol. It is based on the vulnerabilities in Microsoft's SMB protocol, not due to a defect of the Cisco product or application. Vulnerabilities were discovered that enable an attacker to execute arbitrary code or perform a denial of service against the server. These vulnerabilities were discovered and publicly announced by Microsoft in their Microsoft Security Bulletin MS02-045. Source: http://www.cisco.com/warp/public/707/Microsoft-SMB-vulnerabilities-MS02-045- pub.shtml Virus: #1 Virus in USA: WORM_KLEZ.H Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 80(http); 520(EFS); 1433(ms-sql-s); 139(netbios-ssn); 21(ftp); 22(ssh); 25(smtp); 111(sunrpc); 1080(socks); 6346; Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Cyber_Threats mailing list Cyber_Threats@listserv http://listserv.infragard.org/mailman/listinfo/cyber_threats
This archive was generated by hypermail 2b30 : Thu Sep 19 2002 - 20:42:42 PDT