Search This Blog

Monday, June 13, 2005

10 fixes coming from Microsoft this week


NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
06/13/05
Today's focus: 10 fixes coming from Microsoft this week

Dear security.world@gmail.com,

In this issue:

* Patches from Microsoft, SuSE, Gentoo, others
* Beware latests variants of the Banker worm
* Not all agree on 'overhyped' security threats
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Good Technology
Wireless Mobility Special Report

Wireless mobility is always changing. Managing this change on a
corporate level requires both a technical understanding and
managerial control. Are security, integration, optimization,
and support considered? Download this report now to gain
important information for both technical and business decision
maker's on how to manage wireless mobility technology from the
top down. Click here:
http://www.fattail.com/redir/redirect.asp?CID=106716
_______________________________________________________________
THE HOMEOWNER'S GUIDE

Expanding your home network? Helping your neighbors with theirs?
At Network Life you'll find everything you need to stay informed
and ready to meet the home network demands. Read about wireless
security for the SOHO network, building a media center, setting
up a Mac as a NAT server, and more. Click here:
http://www.fattail.com/redir/redirect.asp?CID=106400
_______________________________________________________________

Today's focus: 10 fixes coming from Microsoft this week

By Jason Meserve

Tuesday will be a busy day this week:

Microsoft security updates to cover Windows, Exchange

Microsoft plans to release a total of 10 security fixes,
including "critical" Windows updates, during its Monthly
Security Bulletin release, scheduled for next Tuesday. The
company also plans to release an updated version of its
Microsoft Windows Malicious Software Removal Tool, Microsoft
said Thursday. IDG News Service, 06/09/05.
<http://www.networkworld.com/nlvirusbug2573>

Today's bug patches and security alerts:

Cisco warns of 802.1x flaw in CallManager

A flaw in the way the Cisco Discovery Protocol handles
authentication of voice devices could be exploited by an
attacker to gain access to the network, even if 802.1X is
implemented. For more, go to:
<http://www.networkworld.com/go2/0613bug1e.html>
**********

SuSE patches kernel

SuSE has released an update to its Linux kernel that fixes a
number of flaws in previous releases. The most serious of the
vulnerabilities could be exploited to gain root access on the
affected machine. For more, go to:
<http://www.networkworld.com/go2/0613bug1d.html>
**********

Mandriva fixes wget

Two vulnerabilities have been found in Mandriva's implementation
of wget. One could allow an attacker to get an unauthorized view
of the affected system's directories. Another could be used to
overwrite user configuration files. For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:098>
**********

Gentoo, Ubuntu release patch for gedit

A format string vulnerability in gedit could be exploited by
when a specially crafted file is called by the application. An
attacker could use this to run malicious code on the affected
machine. For more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200506-09.xml>

Ubuntu:
<https://www.ubuntulinux.org/support/documentation/usn/usn-138-1>
**********

FreeBSD patches tcpdump

A number of the tcpdump protocol decoders contain flaws that
could send the network monitoring application into an infinite
loop, resulting in a denial of service. For more, go to:
<http://www.networkworld.com/go2/0613bug1c.html>

FreeBSD fixes gzip flaws

Two vulnerabilities in gzip, an open source
compression/decompression utility, could be exploited by an
attacker to overwrite arbitrary files on the affected machine.
For more, go to:
<http://www.networkworld.com/go2/0613bug1b.html>

FreeBSD issues fix for bind9

A flaw Bind 9 DNS systems with DNSSEC enabled could be exploited
to crash the name server. An attacker would have to send a
specially-crafted packet to cause the system crash. For more, go
to:
<http://www.networkworld.com/go2/0613bug1a.html>
**********

Today's roundup of virus alerts:

Troj/Banker-HC - Another information stealing worm that targets
Brazilian banking Web sites. It uses a random filename as its
infection point. (Sophos)

Troj/Banker-DV - This variant of the Banker worm family installs
itself as "winlogin.exe". (Sophos)

Troj/Banker-DB - Another banker variant. This one attempts to
mail stolen info to a predefined e-mail address. (Sophos)

W32/Chode-C - A worm that spreads through MS Messenger with a
message "hey, is this you?" followed by a link to the virus
itself. If executed, the virus will display a fake error
message. It can be used for a number of malicious applications
such as sending e-mail, participating in DoS attacks and steal
passwords. (Sophos)

W32/Rbot-AEJ - A new Rbot variant that spreads by exploiting a
number of known Windows vulnerabilities. It can be used for
malicious function such as HTTP proxying, downloading code,
stealing local information and participating in DoS attacks. It
installs itself as "system.exe". (Sophos)

W32/Mytob-BD - A new Mytob mass-mailing and backdoor Trojan that
drops "test2.exe" on the infected machine. The malicious e-mail
looks like an account validation or system warning message. It
prevents access to security-related sites by modifying Windows
HOSTS file. (Sophos)

W32/Mytob-U - This Mytob variant is similar to its predecessors
in the way it spreads. It drops "LienVdK.exe" on the infected
machine. (Sophos)

W32/Mytob-AO - A Mytob variant that exploits the Windows LSASS
flaw to infect the machine. It installs "taskgm.exe" on the
host. (Sophos)

W32/Mytob-AP - This variant spreads through an attachment with a
double extension or as a ZIP. It can provide backdoor access
through IRC and limit access to certain Web sites by modifying
the Windows HOSTS file. (Sophos)

W32/Mytob-AQ - This variant is similar to the others. It drops
"Lien Vande Kelder.exe" on the infected machine. (Sophos)

W32/Tirbot-G - A network worm that exploits the Windows LSASS
vulnerability to infect a machine. It installs "mssvp.exe" on
the host and can be used to download additional malicious code.
(Sophos)

Troj/Lineage-O - A password stealing Trojan that targets the
game "Lineage". It copies two files to the infected machine:
"explorer.exe" and "htdll.dll". (Sophos)

W32/Francette-S - A Windows worm that exploits the RPC-DCOM
vulnerability in infect a machine. It provides backdoor access
via IRC and modifies the HOSTS file to prevent access to certain
sites. (Sophos)

Troj/Puppet-A - Another IRC backdoor worm that spreads through
network shares. This one drops "boot.exe" on the infected
machine. (Sophos)

W32/Kelvir-AE - A Windows Messenger worm that spreads through a
message "ahahhaa :p" followed by a URL. (Sophos)

Smitfraud - A new Spyware application that infects system files.
The application installs an anti-spyware program, then tries to
get users to pay for it when it finds an "infection." (Panda
Software)

Skulls.L - A Trojan that infects Symbian phones. What makes it
different than most of the previous variants is that it pretends
to be an F-Secure anti-virus update. (F-Secure)
**********

From the interesting reading department:

Not all agree on 'overhyped' security threats

Two Gartner analysts released their list of the five most
overhyped IT security threats, with IP telephony and malware for
mobile devices making the list, but not all IT security vendors
agreed with the analysts' assessment. IDG News Service,
06/10/05.
<http://www.networkworld.com/nlvirusbug2574>
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
_______________________________________________________________
This newsletter is sponsored by Good Technology
Wireless Mobility Special Report

Wireless mobility is always changing. Managing this change on a
corporate level requires both a technical understanding and
managerial control. Are security, integration, optimization,
and support considered? Download this report now to gain
important information for both technical and business decision
maker's on how to manage wireless mobility technology from the
top down. Click here:
http://www.fattail.com/redir/redirect.asp?CID=106715
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
VoIP SECURITY

For the latest in VoIP security, check out NW's Research Center
on this very topic. Here you will find a collection of the
latest news, reviews, product testing results and more all
related to keeping VoIP networks secure. Click here for more:
<http://www.networkworld.com/topics/voip-security.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)