-----Original Message----- From: information_technology-admin@private [mailto:information_technology-admin@private] On Behalf Of InfraGard Sent: Thursday, November 13, 2003 9:07 AM To: Information Technology Subject: [Information_technology] Daily News 11/13/03 November 13, Microsoft - Microsoft Security Bulletin MS03-051: Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution. There are two vulnerabilities in Microsoft FrontPage Server Extensions. The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause FrontPage Server Extensions to fail. The attacker could then take any action on the system. The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install the patch immediately. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/MS03-051.asp November 12, Government Accounting Office - GAO-04-55: Uneven Implementation of Wireless Enhanced 911 Raises Prospect of Piecemeal Availability for Years to Come (Report). Enhanced 911 (E911) is in place in most of the country for traditional wireline telephone service, where the telephone number is linked to a street address. Expanding E911 capabilities to mobile phones is inherently more challenging because of the need to determine the caller's geographic location at the moment the call is made. Concerns have been raised about the pace of wireless E911 implementation and whether this service will be available nationwide. GAO reviewed the progress being made in implementing wireless E911 service, the factors affecting this progress, and the role of the federal government in facilitating the nationwide deployment of wireless E911 service. In order to provide the Congress and federal and state officials with an accurate assessment of the progress being made toward full deployment of wireless E911, the GAO recommends that the Department of Transportation work with state officials and public safety groups to develop data identifying which public safety answering points (PSAPs) will need to have E911 equipment upgrades. Highlights: http://www.gao.gov/highlights/d0455high.pdf Source: http://www.gao.gov/new.items/d0455.pdf November 11, Microsoft - Microsoft Security Bulletin MS03-048: Cumulative Security Update for Internet Explorer. There are three vulnerabilities that involve the cross-domain security model of Internet Explorer, which keeps windows of different domains from sharing information. These vulnerabilities could result in the execution of script in the My Computer zone. After the user has visited a malicious Website or viewed a malicious HTML e-mail message an attacker who exploited one of these vulnerabilities could access files on a user's system, and run arbitrary code on a user's system in the security context of the user. Another vulnerability involves the way zone information is passed to an XML object within Internet Explorer. This vulnerability could allow an attacker to read local files on a user's system. Finally, there is a vulnerability that involves performing a drag-and-drop operation during dynamic HTML (DHTML) events in Internet Explorer. This vulnerability could allow a file to be saved in a target location on the user's system if the user clicks a link. No dialog box would request that the user approve this download. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install this patch immediately. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/security/bulletin/MS03-048.asp November 11, Microsoft - Microsoft Security Bulletin MS03-049: Buffer Overrun in the Workstation Service Could Allow Code Execution. A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges. If users have blocked inbound UDP ports 138, 139, 445 and TCP ports 138, 139, 445 by using a firewall an attacker would be prevented from sending messages to the Workstation service. Most firewalls, including Internet Connection Firewall in Windows XP, block these ports by default. Disabling the Workstation service will prevent the possibility of attack. Only Windows 2000 and Window XP are vulnerable to this attack. Microsoft has assigned a risk rating of "Critical" to this issue and recommends that system administrators install the patch immediately. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/security/bulletin/MS03-049.asp November 11, Microsoft - Microsoft Security Bulletin MS03-050: Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run. A vulnerability exists in Microsoft Excel that could allow malicious code execution. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. If an affected spreadsheet was opened, this vulnerability could allow a malicious macro embedded in the file to be executed automatically, regardless of the level at which the macro security is set. The malicious macro could then take the same actions that the user had permissions to carry out. A vulnerability exists in Microsoft Word that could allow malicious code execution. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed. If successfully exploited, an attacker could then take the same actions as the user had permissions to carry out. Microsoft has assigned a risk rating of "Important" to this issue and recommends that system administrators install this patch immediately. Source: http://www.microsoft.com/technet/treeview/default.asp?url=/t echnet/security/bulletin/MS03-050.asp AlertCon: 2 out of 4 https://gtoc.iss.net ThreatCon: 2 out of 4 http://analyzer.securityfocus.com/ Current Virus and Port Attacks Virus: #1 Virus in the United States: WORM_LOVGATE.G Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports 135 (epmap), 1434 (ms?sql?m), 137 (netbios?ns), 4899 (radmin), 445 (microsoft?ds), 80 (www), 139 (netbios?ssn), 1433 (ms?sql?s), 4444 (CrackDown), 57 (priv?term) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Thu Nov 13 2003 - 14:16:13 PST