CRIME FW: [Cyber_threats] Daily News 09/20/02

From: George Heuston (GeorgeH@private)
Date: Fri Sep 20 2002 - 09:22:22 PDT

  • Next message: Crispin Cowan: "Re: CRIME OpenSSH 3.4p1 cleartext Password Vulnurability" 

    -----Original Message-----
From: NIPC Watch [mailto:nipcwatch@private] 
Sent: Friday, September 20, 2002 7:27 AM
To: Cyber Threats
Subject: [Cyber_threats] Daily News 09/20/02

September 18, Microsoft - Microsoft Security Bulletin - MS02-051.
Cryptographic Flaw in RDP Protocol Can Lead to Information Disclosure. The
Remote Data Protocol (RDP) provides the means by which Windows systems can
provide remote terminal sessions to clients. The protocol transmits
information regarding a terminal sessions' keyboard, mouse and video to the
remote client, and is used by Terminal Services in Windows NT 4.0 and
Windows 2000, and by Remote Desktop in Windows XP. Two security
vulnerabilities, both of which are eliminated by this patch, have been
discovered in various RDP implementations. Source:
http://www.microsoft.com/technet/security/bulletin/MS02-051.asp

September 18, Microsoft - Microsoft Security Bulletin - MS02-052. Flaw in
Microsoft VM JDBC Classes Could Allow Code Execution. The Microsoft VM is a
virtual machine for the Win32® operating environment. The Microsoft VM
shipped in most versions of Windows (a complete list is available in the
FAQ), as well as in most versions of Internet Explorer. It also was
available for some time as a separate download. A new patch for the
Microsoft VM is available, which eliminates three security vulnerabilities.
The attack vectors for all of them would likely be the same. An attacker
would likely create a web page that, when opened, exploits the desired
vulnerability, and either host it on a web page or send it to a user as an
HTML mail. Source:
http://www.microsoft.com/technet/security/bulletin/MS02-052.asp

Virus: #1 Virus in USA: PE_FUNLOVE.4099
Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
Tracking Center [Infected Computers, North America, Past 24 hours, #1 in
United States]

Top 10 Target Ports
80(http); 1433(ms-sql-s); 2002; 21(ftp); 139(netbios-ssn); 6348; 25(smtp);
445(microsoft-ds); 111(sunrpc); 6346(morpheus);
Source: http://isc.incidents.org/top10.html; Internet Storm Center


_______________________________________________
Cyber_Threats mailing list
Cyber_Threats@listserv
http://listserv.infragard.org/mailman/listinfo/cyber_threats

    This archive was generated by hypermail 2b30 : Fri Sep 20 2002 - 10:14:43 PDT