-----Original Message----- From: InfraGard [mailto:infragard@private] Sent: Thursday, May 29, 2003 6:51 AM To: Information Technology Subject: [Information_technology] Daily News 5/29/03 May 29, Microsoft Microsoft Security Bulletin MS03-018: Cumulative Patch for Internet Information Service. This patch supercedes all previous patches released for IIS 4.0 and IIS 5.0. It also fixes the following vulnerabilities affecting IIS 4.0, 5.0 and 5.1: a Cross-Site Scripting (CSS) vulnerability affecting IIS 4.0, 5.0 and 5.1 involving the error message that's returned to advise that a requested URL has been redirected; a buffer overrun that results because IIS 5.0 does not correctly validate requests for server side includes; a denial of service vulnerability that results because of a flaw in the way IIS 4.0 and 5.0 allocate memory requests when constructing headers to be returned to a web client; a denial of service vulnerability that results because IIS 5.0 and 5.1 do not correctly handle an error condition when an overly long WebDAV request is passed to them. This patch, rated "Important," requires the patch from Microsoft Security Bulletin MS02-050 to be installed. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/ bulletin/MS03-018.asp May 28, Washington Post FCC urged to release airwaves for public-safety use. A division of Northrop Grumman Corp. said Tuesday that it is petitioning the Federal Communications Commission (FCC) to reallocate 10 megahertz of spectrum in the 700-megahertz frequency range so that the Department of Homeland Security and public-safety agencies can set up advanced wireless communications systems. Northrop is hoping to eventually profit from the federal government's increasing need for a more sophisticated, faster way to coordinate the communications between various branches of the government. The spectrum in question is now used by television broadcasters, although they are expected to abandon it when they adopt newer digital technology. Eventually, most of the spectrum in the 700 megahertz range will be vacated and auctioned off; Northrop wants the additional spectrum to go to the government without getting auctioned off to commercial service providers. Source: http://www.washingtonpost.com/wp-dyn/articles/A46287-2003May27.html?refe rrer =email May 28, Microsoft Microsoft Security Bulletin MS03-019: Flaw in ISAPI Extension for Windows Media Services Could Cause Denial of Service. When Windows Media Services are installed in Windows NT 4.0 Server or added through add/remove programs to Windows 2000, nsiislog.dll is installed to the Internet Information Services (IIS) Scripts directory on the server. A flaw in the way in which nsiislog.dll processes incoming requests could allow and attacker could send specially formed communications to the server that could cause IIS to stop responding to Internet requests. An attacker attempting to exploit this vulnerability would have to be aware which computers on the network had Windows Media Services installed on it and send a specific request to that server. Microsoft has assigned a risk rating of "Moderate" to this vulnerability and a patch is available at the Microsoft website. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/ bulletin/MS03-019.asp May 27, Associated Press Microsoft pulls XP update over glitch. Microsoft withdrew a security update for its Windows XP software Tuesday after it crippled Internet connections for some of the 600,000 users who had installed it since its release Friday. Consumers could reconnect only by removing the update. Microsoft officials said the update apparently was incompatible with popular security software from other companies. The glitch occurs amid a debate in Washington among cybersecurity experts about whether the technology industry should test the reliability and security of such updates more aggressively. Hackers can easily attack government systems where updates aren't installed routinely, but some experts install them only reluctantly because of worries about unintended consequences of some updates. Microsoft was still investigating the glitch and could not say when the update might be available again. Source: http://www.washingtonpost.com/wp-dyn/articles/A45119-2003May27.html Internet Security Systems - AlertCon: 1 out of 4 https://gtoc.iss.net/ Last Changed 8 April 2003 Security Focus ThreatCon: 1 out of 4 www.securityfocus.com Last Changed 18 April 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: PE_FUNLOVE.4099 Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 445 (microsoft-ds), 137 (netbios-ns), 80 (www), 1434 (ms-sql-m), 139 (netbios-ssn), 113 (ident), 0 (---), 4899 (radmin), 17300 (Kuang2TheVirus), 4662 (eDonkey2000) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Thu May 29 2003 - 10:02:25 PDT