NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
08/11/05
Today's focus: Microsoft fixes Print Spooler, Plug and Play
flaws
Dear security.world@gmail.com,
In this issue:
* Patches from Microsoft, Sun, Gentoo, others
* Beware new Mytob variant spreads through an e-mail message
titles "Abuse Report"
* Microsoft to reissue Windows 2000 SP4 update, and other
interesting reading
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Tacit Networks
Network World Executive Guide: Staying Focused on the Moving
Target that is Storage
Keeping pace with evolving storage strategies, architectures,
and trends is not unlike keeping pace with your organizations
underlying capacity needs. From ILM strategies to SAN management
to the threat of those USB memory sticks, this Network World
Executive Guide will help you stay focused on the moving target
that is Storage. Register now and get a free copy of Network
World's Storage Executive Guide.
http://www.fattail.com/redir/redirect.asp?CID=109999
_______________________________________________________________
GARTNER'S SECURITY HYPE-O-METER
What is hype and has it influenced your network security
efforts? At a recent Gartner security summit, analysts described
what they say are "The Five Most Overhyped Security Threats,"
risks that have been overblown and shouldn't be scaring everyone
as much as they seem to be. For more, click here:
http://www.fattail.com/redir/redirect.asp?CID=109839
_______________________________________________________________
Today's focus: Microsoft fixes Print Spooler, Plug and Play
flaws
By Jason Meserve
Today's bug patches and security alerts:
Microsoft fixes Print Spooler, Plug and Play flaws
Microsoft has released patches for six flaws in Windows and
Internet Explorer, some of which could allow an attacker to gain
control of a computer system. The patches, which include a fix
for a newly discovered flaw in Microsoft's Plug-and-Play
software, were released Tuesday and comprise Microsoft's regular
patch releases for August. IDG News Service, 08/09/05.
<http://www.networkworld.com/nlvirusbug4974>
Microsoft advisories:
MS05-043: Vulnerability in Print Spooler Service Could Allow
Remote Code Execution:
<http://www.networkworld.com/nlvirusbug4975>
MS05-042: Vulnerabilities in Kerberos Could Allow Denial of
Service, Information Disclosure, and Spoofing:
<http://www.networkworld.com/nlvirusbug4976>
MS05-041: Vulnerability in Remote Desktop Protocol Could Allow
Denial of Service:
<http://www.networkworld.com/nlvirusbug4977>
MS05-040: Vulnerability in Telephony Service Could Allow Remote
Code Execution:
<http://www.networkworld.com/nlvirusbug4978>
MS05-039: Vulnerability in Plug and Play Could Allow Remote Code
Execution and Elevation of Privilege:
<http://www.networkworld.com/nlvirusbug4979>
MS05-038: Cumulative Security Update for Internet Explorer:
<http://www.networkworld.com/nlvirusbug4980>
Other related advisories:
CERT:
<http://www.us-cert.gov/cas/techalerts/TA05-221A.html>
ISS - Multiple Microsoft Vulnerabilities:
<http://xforce.iss.net/xforce/alerts/id/203>
ISS - Windows Plug and Play Remote Compromise:
<http://xforce.iss.net/xforce/alerts/id/202>
**********
Sun releases patch for XView
XView applications running under root privileges could be
exploited to change system files, according to a Sun advisory. A
fix is available:
<http://www.networkworld.com/go2/0808bug2a.html>
**********
Gentoo patches heartbeat
Heartbeat, a sub-system for High-Availability Linux, does not
create temporary files in a secure fashion. An attacker could
exploit this using a symlink attack. For more, go to:
<http://security.gentoo.org/glsa/glsa-200508-05.xml>
**********
iDefense warns of bug in EMC Navisphere Manager
A directory traversal vulnerability in EMC's Navisphere Manager
storage management tool could be exploited by an attacker to
access arbitrary file on the affected system. For more, go to:
<http://www.networkworld.com/go2/0808bug2b.html>
**********
Ubuntu updates ekg, Gadu code libraries
Flaws in the ekg and Gadu code libraries could be exploited to
run malicious applications on an affected system. For more, go
to:
<https://www.ubuntulinux.org/support/documentation/usn/usn-162-1>
Ubuntu releases fix for xpdf
A flaw in the way certain tables and fonts are handled by the
xpdf viewer application could create a large temporary file that
would eat all available disk space, rendering the application
and system unresponsive. For more, go to:
<https://www.ubuntulinux.org/support/documentation/usn/usn-163-1>
Related advisory from KDE:
<http://www.kde.org/info/security/advisory-20050809-1.txt>
**********
Mandriva patches netpbm
According to an alert from Mandriva, "Max Vozeler discovered
that pstopnm, a part of the netpbm graphics utility suite, would
call the GhostScript interpreter on untrusted PostScript files
without using the -dSAFER option when converting a PostScript
file into a PBM, PGM, or PNM file. This could result in the
execution of arbitrary commands with the privileges of the user
running pstopnm if they could be convinced to try to convert a
malicious PostScript file." For more, go to:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:133>
**********
Today's roundup of virus alerts:
Troj/Whistler-F -- A virus that attempts to delete files on the
infected machine. It installs itself as "whismng.exe" in the
System directory and displays the message "You did a piracy, you
deserve it." (Sophos)
Troj/BMDrop-A -- A file dropper that installs "index.exe" in the
Windows System folder. No other word on what type of damage it
may cause. (Sophos)
Troj/HideProc-H -- A Trojan that can be used to hide processes
from the system task manager. It could be be used to cover up
other malicious applications. (Sophos)
Troj/BagleDl-R -- This Trojan injects its malicious payload into
the explorer.exe file. It can be used to limit access to
security related sites by modifying the HOSTS file and to
disable security-related applications. (Sophos)
W32/Sdbot-ABV -- A new Sdbot variant that spreads through
network shares and drops "windir32.exe" in the system folder. It
can be used for a number of malicious purposes including
participating in denial-of-service attacks and stealing local
data. (Sophos)
W32/Mytob-ED -- This new Mytob variant spreads through an e-mail
message titles "Abuse Report". It installs itself as "Lien Van
de Kelder.exe". It can allow backdoor access via IRC and disable
access to security Web sites through modification of the HOSTS
file. (Sophos)
W32/Lebreat-E -- Lebtreat spreads through network shares,
attempting to exploit the Windows LSASS vulnerability. It can be
used in denial-of-service attacks against sophos.com and
kaspersky.com. It copies itself to "beagle.exe" in the Windows
System folder. (Sophos)
Troj/BankSnif-B -- An information stealing Trojan that targets
data entered into a banking Web sites. It installs itself as
"msupdprx.dll", a COM object and Browser Helper Object (BHO) for
Microsoft Internet Explorer, according to Sophos. (Sophos)
Troj/Oran-A -- A Trojan that allows backdoor access and control
of the infected machine. No word on what files it installs.
(Sophos)
Troj/Pyfls-A -- This Trojan drops "b.tmp" in the C: root
directory and can be used to download additional malware.
(Sophos)
W32/Tilebot-B -- An IRC backdoor Trojan that spreads through
network shares and drops "tsecure.exe" on the infected machine.
It also attempts to call out to scripts on four different
domains. (Sophos)
W32/Tilebot-D -- Another Tilebot variant that acts in similar
fashion to Tilebot-B above. This one installs "frepdll.exe" on
the infected host. (Sophos)
Troj/Small-NY -- A Trojan that can access the 'Net and
communicate with remote sites over HTTP. Could be used to
download/install additional malicious code. (Sophos)
**********
From the interesting reading department:
Microsoft to reissue Windows 2000 SP4 update
Microsoft plans to re-release Update Rollup 1 for Windows 2000
Service Pack 4 due to several problems users are having with the
current version, a company executive confirmed Monday. IDG News
Service, 08/08/05.
<http://www.networkworld.com/news/2005/080805-microsoft-sp4.html>
CA security hole points to data backup threats
Computer Associates last week disclosed a major security flaw in
its data backup software , and analysts said the problem is an
example of the kind of vulnerabilities that are making storage
software more attractive to malicious hackers. Computerworld,
08/08/05.
<http://www.networkworld.com/news/2005/080805-ca-security.html>
The top 5: Today's most-read stories
1. Microsoft open source exec: Not the loneliest guy in Redmond
<http://www.networkworld.com/nlvirusbug4981>
2. EMC announces surveillance management application
<http://www.networkworld.com/news/2005/080905-emc.html?t5>
3. DKIM fights phishing and e-mail forgery
<http://www.networkworld.com/nlvirusbug4982>
4. Microsoft fixes Print Spooler, Plug and Play flaw
<http://www.networkworld.com/nlvirusbug4983>
5. Sprint, Nextel expect to finish merger Friday
<http://www.networkworld.com/nlvirusbug4984>
_______________________________________________________________
To contact: Jason Meserve
Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>
Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Tacit Networks
Network World Executive Guide: Staying Focused on the Moving
Target that is Storage
Keeping pace with evolving storage strategies, architectures,
and trends is not unlike keeping pace with your organizations
underlying capacity needs. From ILM strategies to SAN management
to the threat of those USB memory sticks, this Network World
Executive Guide will help you stay focused on the moving target
that is Storage. Register now and get a free copy of Network
World's Storage Executive Guide.
http://www.fattail.com/redir/redirect.asp?CID=109998
_______________________________________________________________
ARCHIVE LINKS
Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html
Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
HARD WORK, GOOD PAY
According to Network World's 2005 Salary Survey, network
professionals are enjoying substantial increases in pay,
especially at the highest- and lowest-tier job titles. But are
those increases coming with higher titles, more work or both?
Find out if compensation alone is keeping network professionals
happy in their careers - or is something else? Click here:
<http://www.networkworld.com/you/2005/072505-salary-survey.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment