-----Original Message----- From: information_technology-admin@private [mailto:information_technology-admin@private] On Behalf Of InfraGard Sent: Thursday, October 16, 2003 6:41 AM To: Information Technology Subject: [Information_technology] Daily News 10/16/03 October 15, Microsoft - Microsoft Security Bulletin MS03-041: Vulnerability in Authenticode Verification Could Allow Remote Code Execution. A vulnerability in Authenticode could, under certain low memory conditions, allow an ActiveX control to download and install without presenting the user with an approval dialog. To exploit this vulnerability, an attacker could host a malicious Website. If a user then visited that site an ActiveX control could be installed and executed on the user's system. An attacker could also send an HTML e-mail to the user. If the user viewed the HTML e-mail an unauthorized ActiveX control could be installed and executed on the user's system. Exploiting the vulnerability would allow the attacker only the same privileges as the user. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install the patch immediately. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/security/bulletin/MS03-041.asp October 15, Microsoft - Microsoft Security Bulletin MS03-042: Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution. Microsoft's Local Troubleshooter ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user's system in the context of the user. Because this control is marked "safe for scripting", an attacker could exploit this vulnerability by convincing a user to view a specially crafted HTML page that references this ActiveX control. To exploit this vulnerability, the attacker would have to create a specially formed HTML-based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install the patch immediately. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/security/bulletin/MS03-042.asp October 15, Microsoft - Microsoft Security Bulletin MS03-043: Buffer Overrun in Messenger Service Could Allow Code Execution. A vulnerability in the Messenger Service results because the Service does not properly validate the length of a message before passing it to the allocated buffer. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges. If users have blocked the NetBIOS ports (ports 137-139) - and UDP broadcast packets using a firewall, others will not be able to send messages to them on those ports. Disabling the Messenger Service will prevent the possibility of attack. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators disable the Messenger Service immediately and evaluate their need to deploy the patch. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS03-043.asp October 15, Microsoft - Microsoft Security Bulletin MS03-044: Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise. A security vulnerability in the Help and Support Center function which ships with Windows XP and Windows Server 2003 results because a file associated with the HCP protocol contains an unchecked buffer. An attacker could exploit the vulnerability by constructing a URL that, when clicked on by the user, could execute code of the attacker's choice in the Local Computer security context. The URL could be hosted on a web page, or sent directly to the user in email. In the Web based scenario, where a user then clicked on the URL hosted on a website, an attacker could have the ability to read or launch files already present on the local machine. The affected code is also included in all other supported Windows operating systems, although no known attack vector has been identified at this time because the HCP protocol is not supported on those platforms. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install the patch immediately. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/security/bulletin/MS03-044.asp October 15, Microsoft - Microsoft Security Bulletin MS03-045: Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution . The ListBox control and the ComboBox control both call a function, which is located in the User32.dll file, that contains a buffer overrun. The function does not correctly validate the parameters that are sent from a specially-crafted Windows message. An attacker who had the ability to log on to a system interactively could run a program that could send a specially-crafted Windows message to any applications that have implemented the ListBox control or the ComboBox control, causing the application to take any action an attacker specified. This could give an attacker complete control over the system by using Utility Manager in Windows 2000. Microsoft has assigned a risk rating of "Important" to this issue and recommends that system administrators install the patch immediately. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS03-045.asp October 15, Microsoft - Microsoft Security Bulletin MS03-046: Vulnerability in Exchange Server Could Allow Arbitrary Code Execution. In Exchange Server 5.5, a vulnerability exists in the Internet Mail Service that could allow an unauthenticated attacker to connect to the SMTP port on an Exchange server and issue a specially-crafted extended verb request that could allocate a large amount of memory. This could shut down the Internet Mail Service or could cause the server to stop responding because of a low memory condition. In Exchange 2000 Server, a vulnerability exists that could allow an unauthenticated attacker to connect to the SMTP port on an Exchange server and issue a specially-crafted extended verb request. That request could cause a denial of service that is similar to the one that could occur on Exchange 5.5. Additionally, if an attacker issues the request with carefully chosen data, the attacker could cause a buffer overrun that could allow the attacker to run malicious programs of their choice in the security context of the SMTP service. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install the patch to Exchange servers immediately. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS03-046.asp October 15, Microsoft - Microsoft Security Bulletin MS03-047: Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack. A cross-site scripting (XSS) vulnerability results due to the way that Outlook Web Access (OWA) performs HTML encoding in the Compose New Message form. An attacker could seek to exploit this vulnerability by having a user run script on the attacker's behalf. If the script executes in the security context of the user, the attacker's code could then execute by using the security settings of the OWA Web site (or of a Web site that is hosted on the same server as the OWA Web site) and could enable the attacker to access any data belonging to the site where the user has access. Microsoft has assigned a risk rating of "Moderate" to this issue and recommends that system administrators install the patch immediately. Users who have customized any of the ASP pages in the File Information section in this document should backup those files before applying this patch as they will be overwritten when the patch is applied. A Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS03-047.asp Current Alert Levels AlertCon: 2 out of 4 https://gtoc.iss.net Security Focus ThreatCon: 2 out of 4 http://analyzer.securityfocus.com/ Current Virus and Port Attacks Virus: #1 Virus in the United States: WORM_MSBLAST.A Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 135 (epmap), 1434 (ms?sql?m), 137 (netbios?ns), 445 (microsoft?ds), 1433 (ms?sql?s), 80 (www), 17300 (Kuang2TheVirus), 139 (netbios?ssn), 4662 (eDonkey2000), 27374 (SubSeven) _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Thu Oct 16 2003 - 11:04:37 PDT