-----Original Message----- From: NIPC Watch [mailto:nipc.watch@private] Sent: Thursday, March 27, 2003 7:13 AM To: Information Technology Subject: [Information_technology] Daily News 3/27/03 March 26, Microsoft Microsoft Security Bulletin MS03-010: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks. There is a vulnerability in the part of Remote Procedure Call (RPC) that deals with message exchange over TCP/IP due to incorrect handling of malformed messages. This vulnerabilty affects the RPC Endpoint Mapper process, which listens on TCP/IP port 135. To exploit this vulnerability, an attacker would need to establish a TCP/IP connection to the Endpoint Mapper process on a remote machine. Once the connection was established, the attacker would begin the RPC connection negotiation before transmitting a malformed message. At this point, the process on the remote machine would fail. The RPC Endpoint Mapper process is responsible for maintaining the connection information for all of the processes on that machine using RPC. Because the Endpoint Mapper runs within the RPC service itself, exploiting this vulnerability would cause the RPC service to fail, with the attendant loss of any RPC-based services the server offers, as well as potential loss of some COM functions. A patch is available at the Microsoft website for Windows 2000 and Windows XP. However, Microsoft is unable to provide a patch for this vulnerability for Windows NT 4.0 and users are encouraged to employ the workaround posted on the Microsoft website, which is to protect the NT 4.0 system with a firewall that blocks Port 135. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/security/bulletin/MS03-010.asp March 26, CERT/CC CERT Advisory CA-2003-11: Multiple Vulnerabilities in Lotus Notes and Domino. In February 2003, NGS Software released several advisories detailing vulnerabilities affecting Lotus Notes clients and Domino servers. Multiple reporters, the close timing, and some ambiguity caused confusion about what releases are vulnerable. The impact of these vulnerabilities range from denial of service to data corruption and the potential to execute arbitrary code. The CERT/CC has issued an advisory to help clarify the details of the vulnerabilities, the versions affected, and the patches that resolve these issues. Please refer to the CERT website for additional information. Source: http://www.cert.org/advisories/CA-2003-11.html March 26, Federal Computer Week Bill would close spectrum loophole. Two congressional lawmakers have reintroduced a bill to ensure that TV broadcasters transfer a 24 MHz piece of spectrum to public safety officials by 2006. The Homeland Emergency Response Operations (HERO) Act, co-sponsored by Reps. Jane Harman (D-CA) and Curt Weldon (R-PA), was introduced March 25 and referred to the House Energy and Commerce Committee. H.R. 1425 firmly sets a December 31, 2006, deadline for the transition, closing what some say is a loophole that would allow broadcasters to continue to use the channels if digital TV wasn't received by a certain percentage of American households. In 1997, Congress passed a law authorizing the Federal Communications Commission to re-allocate radio spectrum from 764 MHz to 776 MHz and from 794 MHz to 806 MHz. TV broadcasters currently use that spectrum (channels 63, 64, 68 and 69), and the law called for it to be re-allocated for public safety uses. The requirement was based on the previous year's Public Safety Wireless Advisory Committee report that public safety agencies lacked adequate radio spectrum and that would hamper emergency responses. Under the current legislation, TV broadcasters have until December 31, 2006, to move or until 85 percent of the households in a market have access to digital TV signals, whichever is later. Source: http://www.fcw.com/geb/articles/2003/0324/web-spectrum-03-26-03.asp March 26, Government Computer News Wireless infrastructure goes unguarded. The national wireless infrastructure "is one of the most important and least protected parts" of U.S. communications capability, a technology strategist said today. David Porte, an executive with technology incubator Astrolabe Innovations of Cambridge, Mass., said the World Trade Center attacks on September 11, 2001, were a case in point. Porte spoke at a Newport, R.I., conference sponsored by the National High-Performance Computing and Communications Council. The trade center towers housed hubs for multiple types of communications, he said: broadcast, land-line telecommunications and cellular phones. Yet when the towers fell, "cell phones became the primary means of national security communications," Porte said. The result was widespread congestion with a ripple effect that ended in loss of many communications spokes, he said. Lack of wireless interoperability also interfered with government communication in that crisis. The wireline infrastructure, although the first to go down on September 11, "was the first to recover because of built-in redundancy," he said. Porte encouraged greater density of cells and wireless hubs, saying, "Government and industry need to get wireless ready for emergencies." Source: http://www.gcn.com/vol1_no1/daily-updates/21500-1.html Internet Security Systems - AlertCon: 1 out of 4 https://gtoc.iss.net/ Last Changed 25 March 2003 Security Focus ThreatCon: 1 out of 4 www.securityfocus.com Last Changed 24 March 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: PE_NIMDA.A-O Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 80 (www), 137 (netbios-ns), 1434 (ms-sql-m), 445 (microsoft-ds), 25 (smtp), 139 (netbios-ssn), 6346 (gnutella-svc), 4662 (eDonkey2000), 0 (---), 113 (ident) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Thu Mar 27 2003 - 15:17:03 PST