-----Original Message----- From: InfraGard [mailto:infragard@private] Sent: Thursday, July 17, 2003 7:33 AM To: Information Technology Subject: [Information_technology] Daily News 7/17/03 July 16, Microsoft Microsoft Security Bulletin MS03-026: Buffer Overrun In RPC Interface Could Allow Code Execution. Remote Procedure Call (RPC) is a protocol used by the Windows operating system which provides an inter-process communication mechanism that allows a program running on one computer to seamlessly execute code on a remote system. There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP which results because of incorrect handling of malformed messages. This vulnerability affects a Distributed Component Object Model (DCOM) interface with RPC, which listens on TCP/IP port 135. This interface handles DCOM object activation requests that are sent by client machines to the server. To exploit this vulnerability, an attacker would need to send a specially formed request to the remote computer on port 135. If successful, an attacker could then run code with Local System privileges on an affected system and then be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install the patch immediately. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/ bulletin/MS03-026.asp July 16, Microsoft Microsoft Security Bulletin MS03-027: Unchecked Buffer in Windows Shell Could Enable System Compromise. An unchecked buffer exists in one of the functions used by the Windows shell to extract custom attribute information from certain folders. An attacker could seek to exploit this vulnerability by creating a Desktop.ini file that contains a corrupt custom attribute, and then host it on a network share. If a user were to browse the shared folder where the file was stored, the vulnerability could then be exploited. A successful attack could have the effect of either causing the Windows shell to fail, or causing an attacker's code to run on the user's computer in the security context of the user. This vulnerability only affects Windows XP Service Pack 1. Microsoft has assigned a risk rating of "Important" to this issue and recommends that system administrators install the patch at the earliest opportunity. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/ bulletin/MS03-027.asp July 16, Microsoft Microsoft Security Bulletin MS03-028: Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack. ISA Server contains a number of HTML-based error pages that allow the server to respond to a client requesting a Web resource with a customized error. A cross-site scripting vulnerability exists in many of these error pages that are returned by ISA Server under specific error conditions. To exploit this flaw, an attacker would have to first be aware of a specific ISA server and its access policies or host an ISA server of their own and create specific access policies designed to exploit this vulnerability. The attacker could then craft a request to trigger a page refusal and host a Web site containing the link, or send the link to the user in the form of an HTML e-mail. After the user previewed or opened the e-mail, the malicious site could be visited automatically without further user interaction. The vulnerability would not normally enable an attacker to gain any privileges on an affected ISA Server computer, breach the firewall, or compromise any cached content, unless the user is operating on the ISA server itself and is using the Web Proxy service to access the Internet. Microsoft has assigned a risk rating of "Important" to this issue and recommends that system administrators install the patch at the earliest opportunity. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/ bulletin/MS03-028.asp July 16, U.S. Department of Homeland Security, FedCIRC DHS/FedCIRC Advisory FA-2003-15 Cisco IOS Interface Blocked by IPv4 Packet. A vulnerability in many versions of Cisco IOS could allow an intruder to execute a denial-of-service attack against a vulnerable device. Cisco IOS is a very widely deployed network operating system. A vulnerability in IOS could allow an intruder to execute a denial-of-service attack against an affected device. Cisco has published an advisory on this topic, available at http://www.cisco.com/warp/public/707/cisco-sa-20030717-block ed.shtml According to Cisco, a device receiving specially crafted IPv4 packets will force the inbound interface to stop processing traffic. This issue can affect all Cisco devices running Cisco IOS software. This vulnerability may be exercised repeatedly resulting in loss of availability until a workaround has been applied or the device has been upgraded to a fixed version of code. The solution to this vulnerability is to apply the appropriate patch from Cisco. Until a patch can be applied, you can mitigate the risks presented by this vulnerability by judicious use of access control lists (ACLs). For more information, see http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml#wor karo unds Source: http://www2.fedcirc.gov/advisories/FA-2003-15.html July 15, Government Accounting Office GAO-03-987T: Polar-Orbiting Environmental Satellites: Project Risks Could Affect Weather Data Needed by Civilian and Military Users. Polar-orbiting environmental satellites that provide the data and imagery used by weather forecasters, climatologists, and the military to map and monitor changes in weather, climate, the ocean, and the environment. In the future, the National Polar-orbiting Operational Environmental Satellite System (NPOESS) is to merge the two current satellite systems. The Government Accounting Office (GAO) found that the NPOESS program faces key programmatic and technical risks that may affect the successful and timely deployment of the system. The NPOESS was supposed to be available to serve as a backup to the March 2008 launch of the final satellite in one of the two current satellite programs--the Polar-orbiting Operational Environmental Satellite (POES) system. However, the first NPOESS satellite will not be ready in time, resulting in a potential gap in satellite coverage should the satellite fail. If the final POES launch fails and if existing satellites are unable to continue operations beyond their expected life spans, the continuity of weather data needed for weather forecasts and climate monitoring will be put at risk. Source: http://www.gao.gov/highlights/d03987thigh.pdf Internet Security Systems - AlertCon: 2 out of 4 https://gtoc.iss.net/ Last Changed 17 July 2003 Security Focus ThreatCon: 2 out of 4 www.securityfocus.com Last Changed 17 July 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: WORM_LOVGATE.F Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 80 (www), 137 (netbios-ns), 445 (microsoft-ds), 1434 (ms-sql-m), 113 (ident), 4662 (eDonkey2000), 139 (netbios-ssn), 25 (smtp), 0 (---), 53 (domain) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Thu Jul 17 2003 - 09:05:23 PDT