NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH ALERT 10/14/04 Today's focus: A passel of Microsoft patches
Dear [EMAIL PROTECTED], In this issue: * Patches from Microsoft, Gentoo, SCO, others * Beware latest Forbot, Rbot and Bagle variants * Enterprise security is worst ever, experts say, and other ��interesting reading * Links related to Virus and Bug Patch Alert * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Veritas Meta Group Whitepaper Database Infrastructure Performance Challenges: Approaches to Better Manage Application Database and Storage Subsystem Performance Corporate relational databases now manage the majority of business-critical data within the enterprise. IT organizations face continuing challenges in managing increasingly complex, data-driven application environments. Read this white paper to discover several factors which will converge to challenge the IT organization's ability to manage its database software infrastructure. http://www.fattail.com/redir/redirect.asp?CID=84720 _______________________________________________________________ SECURITY CONCERNS STOPPING YOUR WLAN PLANS? Is it possible to deploy a secure wireless LAN with technology available today? That question preys on the minds of IT executives who are tempted to deploy enterprise WLANs, but are hesitant because of security concerns. Find out what we uncovered when we assembled 23 wireless products trying to get to the answer. Click here: http://www.fattail.com/redir/redirect.asp?CID=84760 _______________________________________________________________ Today's focus: A passel of Microsoft patches By Jason Meserve Not a good week when one article is headlined "Enterprise security is worst ever, experts say" and is followed up with Microsoft detailing/patching seven "critical" updates for just about every version of Windows and some of its popular applications. Never mind the Red Sox are in a 2-0 hole against the Yankees. Today's bug patches and security alerts: Microsoft pushes out seven critical security fixes Microsoft Tuesday released 10 software security patches for its products, including seven it deemed critical and that could allow remote attackers to take control of systems running the company's software. IDG News Service, 10/12/04. <http://www.nwfusion.com/news/2004/1012mspatch.html?nl> Microsoft patches: Cumulative Security Update for Internet Explorer (Critical): <http://www.microsoft.com/technet/security/Bulletin/MS04-038.mspx Vulnerability in Windows Shell Could Allow Remote Code Execution (Critical): <http://www.microsoft.com/technet/security/Bulletin/MS04-037.mspx Vulnerability in Network News Transfer Protocol (NNTP) Could Allow Code Execution (Critical): <http://www.microsoft.com/technet/security/Bulletin/MS04-036.mspx Vulnerability in SMTP Could Allow Remote Code Execution (Critical): http://www.microsoft.com/technet/security/Bulletin/MS04-035.mspx Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (Critical): <http://www.microsoft.com/technet/security/Bulletin/MS04-034.mspx Vulnerability in Microsoft Excel Could Allow Code Execution (Critical): http://www.microsoft.com/technet/security/Bulletin/MS04-033.mspx Security Update for Microsoft Windows (Critical): <http://www.microsoft.com/technet/security/Bulletin/MS04-032.mspx Vulnerability in NetDDE Could Allow Remote Code Execution (Important): http://www.microsoft.com/technet/security/Bulletin/MS04-031.mspx Vulnerability in WebDav XML Message Handler Could Lead to a Denial of Service (Important): http://www.microsoft.com/technet/security/Bulletin/MS04-030.mspx Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (Important): http://www.microsoft.com/technet/security/Bulletin/MS04-029.mspx ********** Gentoo patches shareutils Two buffer overflow vulnerabilities in Gentoo's shareutils application could be exploited by an attacker to run any program on the affected machine. For more, go to: <http://security.gentoo.org/glsa/glsa-200410-01.xml> Gentoo releases fix for PHP bugs Two flaws have been found in Gentoo's PHP implementation. One could disclose parts of the system memory and the other could be exploited to upload files to the affected system. For more, go to: <http://security.gentoo.org/glsa/glsa-200410-04.xml> ********** Debian issues fix for rp-pppoe, pppoe A vulnerability in Roaring Penguin's implementation of PPPoE could be exploited by an attacker to overwrite any file on the affected system. PPPoE is run as setuid root, allowing free reign to anyone that exploits the flaw. For more, go to: <http://www.debian.org/security/2004/dsa-557> Debian patches net-acct Net-acct does not take the proper security precautions when creating temporary files and directories. This could be exploited by a local user. For more, go to: <http://www.debian.org/security/2004/dsa-559> Debian releases patch for libapache-mod-dav A denial-of-service vulnerability in the libapache-mod-dav module is the result of a NULL pointer problem when Apache runs in threaded mode. For more, go to: <http://www.debian.org/security/2004/dsa-558> Debian patches lesstif1-1 Several buffer and integer overflows have been found in lesstif1-1. Debian is urging users to upgrade to the newest release as soon as possible. For more, go to: <http://www.debian.org/security/2004/dsa-560> ********** SCO patches CUPS According to a SCO advisory, "The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service via a certain UDP packet to the IPP port." Download the update here: <ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.15> ********** Today's roundup of virus alerts: JPGTrojan.C - A virus that attempts to exploit the JPEG image handing vulnerability in Windows. It could be used to run files on the infected machine or assign administrator rights to random accounts. (Panda Software) W32/Sdbot-PZ - A bot that spreads via network shares, installing itself in the Windows System folder as "msnmsng.exe". It can provide backdoor access via IRC and disable DCOM and LSA access on the infected machine. (Sophos) W32/Sdbot-QE - Another Sdbot variant that uses network shares to spread. The virus infects the file "svchos.exe" in the Windows System folder. The worm acts a keylogger and screen capture tool for stealing personal information. (Sophos) W32/Pikis-B - An e-mail worm that uses a variety of sender addresses and subject lines to spread. The infected message will contain the URL " <http://www.crack.ru/> " or " <http://www.xakep.ru/> " and the attached file will have an .exe extention. It launches a denial of service against a site by trying to download files and disables security-related applications running on the infected machine. (Sophos) W32/Forbot-BA - Yet another Trojan that provides backdoor access via IRC and spreads through weakly protected network shares. It installs itself as "SysDebug.exe" in the Windows System folder and shows up as the service "Auto updat". It can be used as a proxy, to delete network shares or steal software keys. (Sophos) W32/Forbot-AZ - This Forbot variant installs itself as "syshelped.exe" and can use the infected machine for file transfer, proxy, DDoS and information harvesting purposes. (Sophos) W32/Forbot-BD - Another Forbot variant. This one tries to exploit the Windows LSASS vulnerability has it spreads via network shares. It will install itself in the file "msmsgs.exe" and it can be used for a variety of malicious purposes. (Sophos) W32/Rbot-MI - This Rbot variant spreads like most bots: Through network shares. This particular version installs itself as "UPDATE32.EXE" in the Windows System directory. (Sophos) W32/Bagle-AC - A new Bagle variant that uses the file "loader_name.exe" in the Windows System directory as its infection point. It can spread via popular P2P networks or via e-mail using variety of spoofed messages. It will terminate after January 25, 2005. (Sophos) ********** >From the interesting reading department: Enterprise security is worst ever, experts say Despite the number of IT security products and services cramming the market, businesses are more exposed than ever to emerging threats, according to industry experts speaking at the Etre technology conference in Cannes. IDG News Service, 10/13/04. <http://www.nwfusion.com/news/2004/1012etreent.html?nl> Management strategies: The theft threat Individuals now can copy and transport very large volumes of data in a short time. This exposes companies to a greater potential effect than anything experienced with floppies. Network World, 10/11/04. <http://www.nwfusion.com/careers/2004/101104man.html?nl> Reverse-Engineering the First Pocket PC Trojan, Part 1 We're going to present a detailed analysis of Brador, the inaugural Trojan horse for the Windows Mobile operating system. Informit.com. <http://www.informit.com/articles/article.asp?p=340544> Part 2 here: <http://www.informit.com/articles/article.asp?p=340545> Review: Nortel's Contivity picks up SSL Your end users might like the new SSL VPN Module 1000 that slides into Nortel's Contivity IPSec VPN boxes because it provides easily navigable remote access to a wide group of LAN-based applications at decent speeds. Network World, 10/11/04. <http://www.nwfusion.com/reviews/2004/1011rev.html?nl> CA adds anti-virus, anti-spyware to Cisco NAC program Computer Associates said Wednesday that it was joining a Cisco program to harden enterprise networks against attacks by enforcing security policies on computer hosts that attempt to access network resources. IDG News Service, 10/13/04. <http://www.nwfusion.com/news/2004/1013caadds.html?nl> HP keeps pace with policy-based wares HP last week announced new policy-based network security and bandwidth management software, as well as upgrades, that the company says will let its ProCurve LANSwitch customers better control end-user access to network resources and bandwidth. Network World, 10/11/04. <http://www.nwfusion.com/news/2004/101104hpswitch.html?nl> Caymas appliances restrict access Caymas Systems is introducing appliances that secure network traffic by drawing on existing network infrastructure to enforce restrictions of access to network servers by users on LANs or users connecting via WAN links. Network World Fusion, 10/11/04. <http://www.nwfusion.com/news/2004/1011caymas.html?nl> VPN service exploits multiple MPLS nets Virtela this week is set to unveil a site-to-site VPN service that overcomes one of the biggest hurdles to creating far-flung MPLS networks: It guarantees classes of service across different carriers' backbones. Network World, 10/11/04. <http://www.nwfusion.com/news/2004/101104virtela.html?nl> Back-up protection on tap from storage vendors Symantec, EMC and start-up Permabit last week announced software that helps customers with the replication, migration, and backup and recovery of data. Network World, 10/11/04. <http://www.nwfusion.com/news/2004/101104replica.html?nl> MCI getting a better handle on its VPN services MCI is deploying new technology that the company says will make it easier for the carrier to manage its IP VPN offerings and that should result in better customer service. Network World, 10/11/04. <http://www.nwfusion.com/news/2004/101104mcivpn.html?nl> Bradner: Insecurity (or is that frustration?) at the top I'm not quite sure what a good and effective U.S. government-led cybersecurity effort would do, but the way things are going there doesn't seem too much of a risk of finding out. Network World, 10/11/04. <http://www.nwfusion.com/columnists/2004/101104bradner.html?nl> Blum: Federated identity gets a boost By testing federation products for interoperability and supporting the EAP, the E-Authentication Initiative is having a positive impact on federated identity adoption. If E-Authentication is broadly adopted by federal agencies in production federations, it will spur the formation of multiple federated communities. Network World, 10/11/04. <http://www.nwfusion.com/columnists/2004/101104blum.html?nl> Nutter's Help Desk: Single solution for both spam and viruses? I was recently hired by a company to take care of their growing local area network. The first thing they want me to is to start taking steps to reduce the amount of spam and viruses coming into the company's mail server. What is the best way to handle this? Will one product do it all? Network World, 10/11/04. <http://www.nwfusion.com/columnists/2004/101104nutter.html?nl> _______________________________________________________________ To contact: Jason Meserve Jason Meserve is the Multimedia Editor of Network World Fusion and writes about streaming media, search engines and IP Multicast. Jason can be reached at <mailto:[EMAIL PROTECTED]>. Check out his Multimedia Exchange weblog at: <http://www.nwfusion.com/weblogs/multimedia/> _______________________________________________________________ This newsletter is sponsored by Veritas Meta Group Whitepaper Database Infrastructure Performance Challenges: Approaches to Better Manage Application Database and Storage Subsystem Performance Corporate relational databases now manage the majority of business-critical data within the enterprise. IT organizations face continuing challenges in managing increasingly complex, data-driven application environments. Read this white paper to discover several factors which will converge to challenge the IT organization's ability to manage its database software infrastructure. http://www.fattail.com/redir/redirect.asp?CID=84719 _______________________________________________________________ ARCHIVE LINKS Virus and Bug Patch Alert archive: http://www.nwfusion.com/newsletters/bug/index.html Breaking security news, updated daily http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE CHECK OUT NW FUSION'S WHITE PAPER LIBRARY Visit Today: NW Fusion's White Paper Library with new features and improved capabilities! Sort NW Fusion's library of white papers by Date and Vendor, view white papers by TECHNCIAL CATEGORY, mouse over white paper descriptions and take advantage of our IMPROVED white paper search engine. CLICK HERE: <http://www.nwfusion.com/vendorview/whitepapers.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
