-----Original Message----- From: information_technology-admin@private [mailto:information_technology-admin@private] On Behalf Of InfraGard Sent: Monday, October 06, 2003 8:06 AM To: Information Technology Subject: [Information_technology] Daily News 9/06/03 October 03, Microsoft - Microsoft Security Bulletin MS03-040: Cumulative Patch for Internet Explorer. This cumulative patch for Internet Explorer (IE) eliminates the following vulnerabilities: IE does not properly determine an object type returned from a Web server in a popup window, and IE does not properly determine an object type returned from a Web server during XML data binding. A change has been made to the method by which Internet Explorer handles Dynamic HTML (DHTML) Behaviors in the IE Restricted Zone. This cumulative patch will cause window.showHelp( ) to cease to function if you have not applied the HTML Help update. In addition to applying this patch it is recommended that users also install the Windows Media Player update referenced in Knowledge Base Article 828026. This update contains a change to the behavior of Windows Media Player's ability to launch URLs to help protect against DHTML behavior based attacks. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install the patch immediately. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/ bulletin/MS03-040.asp October 02, CNET News - Microsoft patches Exchange glitch. Microsoft released a patch Thursday, October 2, for a newly discovered incompatibility between the new version of the company's Outlook e-mail client and an older version of the Exchange mail server program. Brian Holdsworth of Microsoft said the company had received four reports of problems among customers running version 5.5 of Exchange in combination with a beta version of Outlook 2003. In each case, the Exchange server had to execute a complex set of message-handling rules that eventually caused the server to choke, affecting message processing and server availability. Outlook 2003 will be part of Office 2003, the update of the productivity software set for release later this month. Hundreds of thousands of beta versions of the software were distributed earlier this year. Holdsworth said the issue appears to be rare, but customers experiencing problems with a combination of Exchange 5.5 and Outlook 2003 should contact Microsoft customer support to receive the patch. Source: http://news.com.com/2100-1012_3-5085967.html?tag=nefd_top October 02, Washington Post - Hackers to face tougher sentences. Convicted hackers and virus writers soon will face significantly harsher penalties under new guidelines developed by the U.S. Sentencing Commission that dictate how the government punishes computer crimes. Congress ordered the changes last year, saying that sentences for convicted computer criminals should reflect the seriousness of their crimes. Hackers whose exploits result in injury or death -- if they disable emergency response networks or destroy electronic medical records, for example -- face 20 years to life in prison. Hackers will face up to a 25 percent increase in their sentences if they hijack e-mail accounts or steal personal data. Convicted virus and worm authors face a 50 percent increase. Sentences also will increase by 50 percent for hackers who share stolen personal data with anyone and the sentences will double if the information is posted on the Internet. Jail time will double for hackers who break into government and military computers or networks tied to the power grid or telecommunications network. Hackers who electronically break into bank accounts can be sentenced based on how much money is in the account, even if they don't take any of it. Source: http://www.washingtonpost.com/wp-dyn/articles/A35261-2003Oct2.html Internet Alert Dashboard AlertCon: 1 out of 4 https://gtoc.iss.net Security Focus ThreatCon: 1 out of 4 http://analyzer.securityfocus.com/ Current Virus and Port Attacks Virus: #1 Virus in the United States: WORM_LOVGATE.G Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 135 (epmap), 1434 (ms?sql?m), 139 (netbios?ssn), 137 (netbios?ns), 445 (microsoft?ds), 80 (www), 1433 (ms?sql?s), 17300(Kuang2TheVirus), 53 (domain), 1024 (Jade) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Mon Oct 06 2003 - 09:06:59 PDT