CRIME FW: [Information_technology] Daily News 10/16/03

From: George Heuston (GeorgeH@private)
Date: Thu Oct 16 2003 - 10:09:04 PDT

  • Next message: Seth Arnold: "Re: CRIME [VIRUS] Don't Use this patch immediately !"

    -----Original Message-----
    From: information_technology-admin@private
    [mailto:information_technology-admin@private] On Behalf
    Of InfraGard
    Sent: Thursday, October 16, 2003 6:41 AM
    To: Information Technology
    Subject: [Information_technology] Daily News 10/16/03
    
    October 15, Microsoft - Microsoft Security Bulletin MS03-041:
    Vulnerability
    in Authenticode Verification Could Allow Remote Code Execution. A
    vulnerability in Authenticode could, under certain low memory
    conditions,
    allow an ActiveX control to download and install without presenting the
    user
    with an approval dialog. To exploit this vulnerability, an attacker
    could
    host a malicious Website. If a user then visited that site an ActiveX
    control could be installed and executed on the user's system. An
    attacker
    could also send an HTML e-mail to the user. If the user viewed the HTML
    e-mail an unauthorized ActiveX control could be installed and executed
    on
    the user's system. Exploiting the vulnerability would allow the attacker
    only the same privileges as the user. Microsoft has assigned a risk
    rating
    of "Critical" to this issue and recommends that system administrators
    install the patch immediately. Source:
    http://www.microsoft.com/technet/treeview/default.asp?url=/t
    echnet/security/bulletin/MS03-041.asp
    
    October 15, Microsoft - Microsoft Security Bulletin MS03-042: Buffer
    Overflow in Windows Troubleshooter ActiveX Control Could Allow Code
    Execution. Microsoft's Local Troubleshooter ActiveX control (Tshoot.ocx)
    contains a buffer overflow that could allow an attacker to run code of
    their
    choice on a user's system in the context of the user. Because this
    control
    is marked "safe for scripting", an attacker could exploit this
    vulnerability
    by convincing a user to view a specially crafted HTML page that
    references
    this ActiveX control. To exploit this vulnerability, the attacker would
    have
    to create a specially formed HTML-based e-mail and send it to the user.
    Alternatively an attacker would have to host a malicious Web site that
    contained a Web page designed to exploit this vulnerability. Microsoft
    has
    assigned a risk rating of "Critical" to this issue and recommends that
    system administrators install the patch immediately. Source:
    http://www.microsoft.com/technet/treeview/default.asp?url=/t
    echnet/security/bulletin/MS03-042.asp
    
    October 15, Microsoft - Microsoft Security Bulletin MS03-043: Buffer
    Overrun
    in Messenger Service Could Allow Code Execution. A vulnerability in the
    Messenger Service results because the Service does not properly validate
    the
    length of a message before passing it to the allocated buffer. An
    attacker
    who successfully exploited this vulnerability could be able to run code
    with
    Local System privileges on an affected system, or could cause the
    Messenger
    Service to fail. The attacker could then take any action on the system,
    including installing programs, viewing, changing or deleting data, or
    creating new accounts with full privileges. If users have blocked the
    NetBIOS ports (ports 137-139) - and UDP broadcast packets using a
    firewall,
    others will not be able to send messages to them on those ports.
    Disabling
    the Messenger Service will prevent the possibility of attack. Microsoft
    has
    assigned a risk rating of "Critical" to this issue and recommends that
    system administrators disable the Messenger Service immediately and
    evaluate
    their need to deploy the patch. Source:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
    ity/bulletin/MS03-043.asp
    
    October 15, Microsoft - Microsoft Security Bulletin MS03-044: Buffer
    Overrun
    in Windows Help and Support Center Could Lead to System Compromise. A
    security vulnerability in the Help and Support Center function which
    ships
    with Windows XP and Windows Server 2003 results because a file
    associated
    with the HCP protocol contains an unchecked buffer. An attacker could
    exploit the vulnerability by constructing a URL that, when clicked on by
    the
    user, could execute code of the attacker's choice in the Local Computer
    security context. The URL could be hosted on a web page, or sent
    directly to
    the user in email. In the Web based scenario, where a user then clicked
    on
    the URL hosted on a website, an attacker could have the ability to read
    or
    launch files already present on the local machine. The affected code is
    also
    included in all other supported Windows operating systems, although no
    known
    attack vector has been identified at this time because the HCP protocol
    is
    not supported on those platforms. Microsoft has assigned a risk rating
    of
    "Critical" to this issue and recommends that system administrators
    install
    the patch immediately. Source:
    http://www.microsoft.com/technet/treeview/default.asp?url=/t
    echnet/security/bulletin/MS03-044.asp
    
    October 15, Microsoft - Microsoft Security Bulletin MS03-045: Buffer
    Overrun
    in the ListBox and in the ComboBox Control Could Allow Code Execution .
    The
    ListBox control and the ComboBox control both call a function, which is
    located in the User32.dll file, that contains a buffer overrun. The
    function
    does not correctly validate the parameters that are sent from a
    specially-crafted Windows message. An attacker who had the ability to
    log on
    to a system interactively could run a program that could send a
    specially-crafted Windows message to any applications that have
    implemented
    the ListBox control or the ComboBox control, causing the application to
    take
    any action an attacker specified. This could give an attacker complete
    control over the system by using Utility Manager in Windows 2000.
    Microsoft
    has assigned a risk rating of "Important" to this issue and recommends
    that
    system administrators install the patch immediately. Source:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
    ity/bulletin/MS03-045.asp
    
    October 15, Microsoft - Microsoft Security Bulletin MS03-046:
    Vulnerability
    in Exchange Server Could Allow Arbitrary Code Execution. In Exchange
    Server
    5.5, a vulnerability exists in the Internet Mail Service that could
    allow an
    unauthenticated attacker to connect to the SMTP port on an Exchange
    server
    and issue a specially-crafted extended verb request that could allocate
    a
    large amount of memory. This could shut down the Internet Mail Service
    or
    could cause the server to stop responding because of a low memory
    condition.
    In Exchange 2000 Server, a vulnerability exists that could allow an
    unauthenticated attacker to connect to the SMTP port on an Exchange
    server
    and issue a specially-crafted extended verb request. That request could
    cause a denial of service that is similar to the one that could occur on
    Exchange 5.5. Additionally, if an attacker issues the request with
    carefully
    chosen data, the attacker could cause a buffer overrun that could allow
    the
    attacker to run malicious programs of their choice in the security
    context
    of the SMTP service. Microsoft has assigned a risk rating of "Critical"
    to
    this issue and recommends that system administrators install the patch
    to
    Exchange servers immediately. Source:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
    ity/bulletin/MS03-046.asp
    
    October 15, Microsoft - Microsoft Security Bulletin MS03-047:
    Vulnerability
    in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site
    Scripting
    Attack. A cross-site scripting (XSS) vulnerability results due to the
    way
    that Outlook Web Access (OWA) performs HTML encoding in the Compose New
    Message form. An attacker could seek to exploit this vulnerability by
    having
    a user run script on the attacker's behalf. If the script executes in
    the
    security context of the user, the attacker's code could then execute by
    using the security settings of the OWA Web site (or of a Web site that
    is
    hosted on the same server as the OWA Web site) and could enable the
    attacker
    to access any data belonging to the site where the user has access.
    Microsoft has assigned a risk rating of "Moderate" to this issue and
    recommends that system administrators install the patch immediately.
    Users
    who have customized any of the ASP pages in the File Information section
    in
    this document should backup those files before applying this patch as
    they
    will be overwritten when the patch is applied. A Source:
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
    ity/bulletin/MS03-047.asp
    
    
    Current Alert Levels
    AlertCon: 2 out of 4
    https://gtoc.iss.net Security Focus
    
    ThreatCon: 2 out of 4
    http://analyzer.securityfocus.com/
    Current Virus and Port Attacks
    
    Virus: #1 Virus in the United States: WORM_MSBLAST.A
    Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus
    Tracking Center
    [Infected Computers, North America, Past 24 hours, #1 in United States]
    
    Top 10 Target Ports
    135 (epmap), 1434 (ms?sql?m), 137 (netbios?ns), 445 (microsoft?ds), 1433
    (ms?sql?s), 80 (www), 17300 (Kuang2TheVirus), 139 (netbios?ssn), 4662
    (eDonkey2000), 27374 (SubSeven)
    
    
    _______________________________________________
    Information_technology mailing list
    Information_technology@listserv
    



    This archive was generated by hypermail 2b30 : Thu Oct 16 2003 - 11:04:37 PDT