NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
06/16/05
Today's focus: Microsoft patches and a user inquiry
Dear security.world@gmail.com,
In this issue:
* Patches from Microsoft, Sun, Trustix, others
* Beware worm that spreads through MSN Messenger
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Hewlett Packard
Choosing the Best Architecture
Learn how controller-based architecture for tape libraries best
meets reliability and interoperability requirements in
enterprise storage area networks. Details include how the
introduction of the HP StorageWorks Extended Tape Library
Architecture defines the next generation of tape libraries in
enterprise SAN environments. Download the white paper now!
http://www.fattail.com/redir/redirect.asp?CID=106730
_______________________________________________________________
THE HOMEOWNER'S GUIDE
Expanding your home network? Helping your neighbors with theirs?
At Network Life you'll find everything you need to stay informed
and ready to meet the home network demands. Read about wireless
security for the SOHO network, building a media center, setting
up a Mac as a NAT server, and more. Click here:
http://www.fattail.com/redir/redirect.asp?CID=106401
_______________________________________________________________
Today's focus: Microsoft patches and a user inquiry
By Jason Meserve
One of our readers has written in with an interesting problem:
When doing business over the Internet, I always check for the
https on the address line before entering secure data. About two
and a half months ago, after using Live Update to install
Symantec's weekly updates, I have been noticing that on about
25% of secure sites the secure socket fails to be indicated
(http instead of https). On a few sites, secure login, even
without the https indicated, login fails. These sites include
some that are well known, such as Amazon.com.
I have found that temporarily disabling Norton Internet Security
*totally* will allow the secure socket to work, but this is
trading one insecurity for another. This is the only work-around
that Symantec technical support can come up with, which is
unacceptable. Other contacts with them seem to disappear down a
black hole.
Has any one else come across this problem or have an idea how to
fix it? Drop me a line at <mailto:jmeserve@nww.com>
Today's bug patches and security alerts:
Microsoft patches critical bugs in IE, Windows
Microsoft released 10 security patches, including three deemed
"critical," for bugs in a variety of the company's products.
Released Tuesday as part of the company's monthly updates, the
critical patches repair flaws in Windows and Internet Explorer
that could allow attackers to take complete control of a
computer, Microsoft said. IDG News Service, 06/14/05.
<http://www.networkworld.com/nlvirusbug2657>
Microsoft advisories:
MS05-025: Cumulative Security Update for Internet Explorer:
<http://www.networkworld.com/nlvirusbug2658>
MS05-026: Vulnerability in HTML Help Could Allow Remote Code
Execution:
<http://www.networkworld.com/nlvirusbug2659>
MS05-027: Vulnerability in Server Message Block Could Allow
Remote Code Execution:
<http://www.networkworld.com/nlvirusbug2660>
MS05-028: Vulnerability in Web Client Service Could Allow
Elevation of Privilege:
<http://www.networkworld.com/nlvirusbug2661>
MS05-029: Vulnerability in Outlook Web Access for Exchange
Server 5.5 Could Allow Cross-Site Scripting Attacks:
<http://www.networkworld.com/nlvirusbug2662>
MS05-030: Vulnerability in Outlook Express Could Allow Remote
Code Execution:
<http://www.networkworld.com/nlvirusbug2663>
MS05-031: Vulnerability in Step-by-Step Interactive Training
Could Allow Remote Code Execution:
<http://www.networkworld.com/nlvirusbug2664>
MS05-032: Vulnerability in Microsoft Agent Could Allow Spoofing:
<http://www.networkworld.com/nlvirusbug2665>
MS05-033: Vulnerability in Telnet Client Could Allow Information
Disclosure:
<http://www.networkworld.com/nlvirusbug2666>
MS05-034: Cumulative Security Update for ISA Server 2000:
<http://www.networkworld.com/nlvirusbug2667>
Related advisories:
ISS: Internet Explorer PNG Overflow:
<http://xforce.iss.net/xforce/alerts/id/196>
ISS: Multiple Microsoft Vulnerabilities:
<http://xforce.iss.net/xforce/alerts/id/195>
CERT: Microsoft Windows and Internet Explorer Vulnerabilities:
<http://www.us-cert.gov/cas/techalerts/TA05-165A.html>
**********
Sun patches critical Java flaws
Sun issued alerts this week about vulnerabilities in its Java
platform that security researchers describe as critical that
could allow attackers to execute malicious code on targeted
computers. The affected software is Sun's Java Web Start and
Java Runtime Environment. Weaknesses in the programs could allow
applications to grant themselves permissions to write local
files or execute other applications, allowing an attacker to
gain back-door access to victims' computers. Such an attack
could be carried out without any visible symptoms, Sun said. IDG
News Service, 06/15/05.
<http://www.networkworld.com/news/2005/061505-sun-java.html?nl>
Sun advisories:
Security Vulnerability With Java Web Start:
<http://www.networkworld.com/nlvirusbug2668>
Security Vulnerability With Java Runtime Environment May Allow
Untrusted Applet to Elevate Privileges:
<http://www.networkworld.com/nlvirusbug2669>
**********
Adobe updates License Management Service to fix flaw
A vulnerability in the License Management Service used in many
Adobe products could be exploited by an attacker to gain access
to the affected machine. For more, go to:
<http://www.adobe.com/support/downloads/detail.jsp?ftpID=2955>
**********
Flaws in Gaim patched
Two vulnerabilities have been found in Gaim, an open source IM
client that works with multiple instant messaging services. The
flaws could be exploited to in a denial-of-service attack. For
more, go to:
<http://gaim.sourceforge.net/downloads.php>
Related updates:
Gentoo:
<http://security.gentoo.org/glsa/glsa-200506-11.xml>
Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:099>
Ubuntu:
<https://www.ubuntulinux.org/support/documentation/usn/usn-140-1>
**********
Trustix releases 'multi' patch
A new update from Trustix fixes flaws in Kerberos, mailman,
mod_perl, OpenSSL, PHP, SpamAssassin, tcpdump, Telnet and wget.
The most serious of the flaws could be exploited to run
malicious code on the affected machine. For more, go to:
<http://www.trustix.org/errata/2005/0028/>
**********
Mandriva patches rsh
According to an alert from Mandriva, "A vulnerability in the rcp
protocol was discovered that allows a server to instruct a
client to write arbitrary files outside of the current
directory, which could potentially be a security concern if a
user used rcp to copy files from a malicious server." For more,
go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:100>
**********
Today's roundup of virus alerts:
Troj/Cgab-A - This Trojan exploits the Windows HTML Help Control
flaw to infect a machine. It attempts to download additional
malicious code from a remote site. (Sophos)
W32/Kassbot-F - A Trojan that acts as a backdoor server to allow
access to the infected machine. It spreads through network
shares, dropping "spools.exe" in the Windows system folder. It
can be used to steal username and password information for
specific banking sites and disables access to certain anti-virus
and security Web sites by modifying the HOSTS file. (Sophos)
W32/Mytob-DO - Another day, another Mytob variant. This one too
spreads through e-mail and network shares, exploiting a number
of known Windows vulnerabilities in its attempt to infect. This
variant drops "taskgmr.exe" and "w32dnsl.exe" on its target
machine. (Sophos)
W32/Mytob-AT - This Mytob variant installs "External.exe" on the
infected machine. Its infected e-mails look like a system
message warning of a problem with a password. (Sophos)
W32/Mytob-BH - Yet another Mytob variant. This one drops
"nec.exe" on the infected machine. It also modifies the Windows
HOSTS file to limit access to security-related sites. (Sophos)
W32/Mytob-BI - A similar Mytob variant to Mytob-BH above, except
this one uses "winsys33.exe" as its infection point. (Sophos)
W32/Rbot-AFB - A backdoor worm that provides access to the
infected machine through IRC. It installs itself as "Sygate.exe"
and can be used to capture keystrokes, carry out distributed
denial-of-service attacks and act as a proxy server. (Sophos)
W32/Rbot-AFN - Another Rbot variant that allows backdoor access
via IRC. It installs "winlog.exe" in the Windows System folder.
It exploits a number of known Windows vulnerabilities to infect
its target. (Sophos)
W32/Randon-AN - An IRC backdoor worm that spreads as a
self-extracting archive, dropping a number of files on the
infected machine, including "app.exe" and "netservup.exe".
(Sophos)
Amplusnet - A legitimate tool that that can be used for
malicious activities. Ampulsnet can be used to monitor a user's
Web browsing habits, but can also capture user input such as
passwords. (Panda Software)
W32/Kelvir-AF - A worm that spreads through MSN Messenger. It
sends a message with profanity followed by a link to a malicious
file. (Sophos)
Troj/Stinx-A - A Trojan that drops "svcmfte32.exe" on the
infected machine and allows unauthorized access through IRC. It
can be used to circumvent the Windows firewall and download
malicious code. (Sophos)
Troj/Zapchas-K - This Trojan spreads through an IRC file
transfer using the name "postcard.gif.exe". It provides backdoor
access via IRC. (Sophos)
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Hewlett Packard
Choosing the Best Architecture
Learn how controller-based architecture for tape libraries best
meets reliability and interoperability requirements in
enterprise storage area networks. Details include how the
introduction of the HP StorageWorks Extended Tape Library
Architecture defines the next generation of tape libraries in
enterprise SAN environments. Download the white paper now!
http://www.fattail.com/redir/redirect.asp?CID=106729
_______________________________________________________________
ARCHIVE LINKS
Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html
Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
CALL FOR ENTRIES: 2005 ENTERPRISE ALL-STAR AWARDS
Network World is looking for entries for its inaugural
Enterprise All-Star Awards program. The Enterprise All-Star
Awards will honor user organizations that demonstrate
exceptional use of network technology to further business
objectives. Network World will honor dozens of user
organizations from a wide variety of industries, based on a
technology category. Deadline: July 8. Enter today:
<http://www.networkworld.com/survey/easform.html?net>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
4 comments:
порно молодые онлаин http://free-3x.com/ онлайн видео лесбиянки молоденькие free-3x.com/ порно в онлайне школьницы [url=http://free-3x.com/]free-3x.com[/url]
[url="http://www.webmonkey.com/tutorial/Christmas_carol_scramble/"]christmas carol scramble[/url]
[url="http://www.webmonkey.com/tutorial/Christmas_gift_card_holder/"]christmas gift card holder[/url]
http://www.webmonkey.com/tutorial/Christmas_e_card/
christmas card idea cricut
disney christmas carol
[url="http://www.webmonkey.com/tutorial/Charles_dickens_christmas_carol/"]charles dickens christmas carol[/url]
[http://www.webmonkey.com/tutorial/Christmas_present_for_dad/ christmas present for dad]
[url="http://www.webmonkey.com/tutorial/Christmas_handmade_craft/"]Christmas handmade craft [/url]
[http://www.webmonkey.com/tutorial/Christmas_song_guitar_chord/ christmas song guitar chord]
buy topamax in New Mexico
[http://www.webmonkey.com/tutorial/Great_christmas_present/ great christmas present]
http://www.webmonkey.com/tutorial/Christina_aguilera_christmas_song/
christmas card photo idea
http://www.webmonkey.com/tutorial/Best_christmas_present/
How can i wipe windows xp from my laptop and reinstall windows Me -the laptops first software?
I be struck by recently bought a used laptop that is old. The mortal physically I had bought it from had installed windows xp on it, orderly though it instance came with windows Me. I after to oust the windows xp because it runs slows on the laptop because it takes up more tribute than the windows Me would. Also I paucity to massacre windows xp because it is an proscribed copy. So when I tried to stir one's stumps updates on it, windows would not introduce updates because the windows xp is not genuine. [URL=http://kiafruu.hostific.com]airport terminal building cedar city ut[/URL]
----------------------------------------------------------------------
Answers :
It's haler to relinquish [URL=http://yfyawde.hostific.com/nobela-buod.html]nobela buod[/URL] Windows XP and even-handed upgrade your laptop. It's much better. [URL=http://zolainm.instantfreehosting.com/revell-f-86f-sabre.html]revell f-86f sabre[/URL] In addition, Windows XP is scheme [URL=http://yiewkie.hostific.com/dummy-sucking-adults.html]dummy sucking adults[/URL] heartier then Windows Me. Windows Me is unused and multifarious programs that can come across with XP, can't [URL=http://hiaxunr.instantfreehosting.com/taxidermist-mannequin.html]taxidermist mannequin[/URL] run with Me.
------------------------------
all you have to do is insert the windows me disk into the cd drive. then reboot your laptop, when the resentful [URL=http://onssiyd.hostific.com/illinois-mega-millions.html]illinois mega millions[/URL] sift with all the info comes up and when it asks u to boot from cd [URL=http://kjxaejk.instantfreehosting.com/lambs-pride-yarn.html]lambs pride yarn[/URL] belt any clue when it tells you to then put from there !!! I RECOMEND SINCE ITS AN ILLEAGLE TWIN TO WIPE [URL=http://zgllmuz.hostific.com/jerusalem-artichokes-recipes.html]jerusalem artichokes recipes[/URL] OUT THE [URL=http://youodqx.instantfreehosting.com/38th-district-court-eastpointe-mi.html]38th district court eastpointe mi[/URL] CONTINUOUS HARD GOAD WHEN IT ASKS YOU WHICH HARD [URL=http://xyeyjqa.hostific.com/chistes-pelados.html]chistes pelados[/URL] DRIVE TO POSITION IT ON. THEN SUM ALL THE ABOVE PAUSE ON THE WASTE [URL=http://zxrengh.hostific.com/rob-schilling-pacific-tigers.html]rob schilling pacific tigers[/URL] FLINTY SPUR ONTO A UP TO DATE COLUMN LOCATION, IT WILL-POWER LOOK LIKE C:/ Exposed or something like that
Non-malignant prostatic hyperplasia, commonly known as BPH, is an enlargement of the prostate area. It is more exuberant in older men. As men are comely more educated connected with robustness issues, they turn to medical treatment as a replacement for BPH. Dutas, a generic formation of Avodart([URL=http://jeqpqpv.1freewebspace.com/cheap-avodart.html]cheap avodart[/URL] [URL=http://jeqpqpv.1freewebspace.com/avodart-results.html]avodart results[/URL] [URL=http://jeqpqpv.1freewebspace.com/is-avodart-for-hair-loss-unsafe.html]is avodart for hair loss unsafe[/URL] [URL=http://jeqpqpv.1freewebspace.com/avodart-red-ink-soft-gels.html]avodart red ink soft gels[/URL] [URL=http://jeqpqpv.1freewebspace.com/avodart-affect-on-ejaculation-fluid.html]avodart affect on ejaculation fluid[/URL] ), has been proven as an effective treatment of BPH. BPH and its symptoms that adversely assume the quality of lifestyle can be treated successfully nearby Dutas. The principal clues of BPH is the frequency of basic to urinate. This occurs almost always at continually but then progresses to the have occasion for to urine as often as not throughout the day. BPH sufferers afterwards report a reduction in power in urine stream. Trouble accompanies this reduction. A medical doctor should conduct testing to discover if BPH is the cause of the symptoms. The effectiveness of Dutas is bring about in the chemical unite Dutasteride. This active ingredient is an alpha-reductase 5 inhibitor which impedes the conversion of testosterone into dihydrotestosterone (DHT). DHT is considered a forceful species of testosterone. BPH symptoms vanish promptly the conversion is interrupted. Dutas has been base to be noticeable in BPH towards uncountable sufferers. Prescriptions finasteride and finasteride has been shown to at best inhibit at one isoform of alpha redictase 5. It has been established that Dutasteride has been proven to impede two isoforms. Dutas manifestly appears to victual the unexcelled treatment at one's disposal for BPH. Dutas impel be entranced as directed with some precautions. Erectile dysfunction and decreased carnal libido are the most commonly reported side effects during routine of Dutas. Gynecomastia or enlargement of man's breast tissue is another possible side effect. Additionally, women who are teeming or women inferior to appropriate for enceinte should not be exposed to Dutas; developing virile fetuses can be adversely afflicted on these inhibitors. Dutas can be occupied wholly the skin so special dolour should be exercised notwithstanding enceinte women or women second-rate to fit pregnant. Another side impression of Dutas is a positive one. Some men bear reported braids replenishment while enchanting Dutas. BPH can be treated by way of discussing medications and plausible side effects with a medical professional. Dutas can specify effective treatment of BPH. A worry-free, brisk way of life is well worth the effort.
[URL=http://jeqpqpv.1freewebspace.com/avodart-savings.html]avodart savings[/URL]
[URL=http://jeqpqpv.1freewebspace.com/avodart-rx-for-hairloss.html]avodart rx for hairloss[/URL]
[URL=http://jeqpqpv.1freewebspace.com/avodart-stories.html]avodart stories[/URL]
[URL=http://jeqpqpv.1freewebspace.com/5-mg-dutasteride.html]5 mg dutasteride[/URL]
[URL=http://jeqpqpv.1freewebspace.com/avodart-lead-investigators.html]avodart lead investigators[/URL]
Post a Comment