Search This Blog

Thursday, October 13, 2005

Microsoft releases nine patches

JASON MESERVE VIRUS AND BUG PATCH ALERT
10/13/05
Today's focus: Microsoft releases nine patches

In this issue:

* Patches from Microsoft, Mandriva, Gentoo, others
* Beware six new Rbot variants
* Securing mobile data more important than viruses, and other
interesting reading
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Xerox

Should you be analyzing document management investments and
understanding the return on this investment. Learn more about
why conducting an assessment of the number of printers, copiers,
and faxes on site, what they're doing, the volume, and who has
access to which devices, can be beneficial to your bottom line.

http://www.fattail.com/redir/redirect.asp?CID=117220
_______________________________________________________________
GRID SURPRISE

Once considered a specialty technology, the latest buzz pegs
grids as great all-around application servers. Network
executives are finding that once grids are installed, they are
useful for a far wider variety of applications than just
computationally heavy ones. Are there any hitches? Click here
for more:
http://www.fattail.com/redir/redirect.asp?CID=117189
_______________________________________________________________

Today's focus: Microsoft releases nine patches

By Jason Meserve

Today's bug patches and security alerts:

Windows 2000 vulnerability could lead to new outbreak

Microsoft has released nine security updates for vulnerabilities
in its software products, including three critical fixes for
Windows and Internet Explorer. Among the updates is a patch for
bugs in two separate components of the Windows operating system
that security researchers believe could be exploited in by
attackers in much the same way that the Zotob family of worms
were used two months ago. IDG News Service, 10/11/05.
<http://www.networkworld.com/go2/1010bug2f.html>

Microsoft advisories:

MS05-052: Cumulative Security Update for Internet Explorer
<http://www.networkworld.com/nl8707>

MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote
Code Execution
<http://www.networkworld.com/nl8708>

MS05-050: Vulnerability in DirectShow Could Allow Remote Code
Execution
<http://www.networkworld.com/nl8709>

MS05-049: Vulnerabilities in Windows Shell Could Allow Remote
Code Execution
<http://www.networkworld.com/nl8710>

MS05-048: Vulnerability in the Microsoft Collaboration Data
Objects Could Allow Remote Code Execution
<http://www.networkworld.com/nl8711>

MS05-047: Vulnerability in Plug and Play Could Allow Remote Code
Execution and Local Elevation of Privilege
<http://www.networkworld.com/nl8712>

MS05-046: Vulnerability in the Client Service for NetWare Could
Allow Remote Code Execution
<http://www.networkworld.com/nl8713>

MS05-045: Vulnerability in Network Connection Manager Could
Allow Denial of Service
<http://www.networkworld.com/nl8714>

MS05-044: Vulnerability in the Windows FTP Client Could Allow
File Transfer Location Tampering
<http://www.networkworld.com/nl8715>

Other related advisories:

ISS advisory:
<http://xforce.iss.net/xforce/alerts/id/206>

CERT advisory:
<http://www.us-cert.gov/cas/techalerts/TA05-284A.html>
**********

Mandriva patches openssh

A flaw in the way GSSAPI credentials are handled could allow the
information to be exposed to unauthorized users. For more, go
to:

<http://www.mandriva.com/security/advisories?name=MDKSA-2005:172>

Mandriva releases fixes for Mozilla Firefox, Thunderbird

A new update for Firefox fixes a bug that could impact cursor
movement and patches a potential symlink vulnerability that
could be exploited to overwrite files. A similar vulnerability
affects Thunderbird. For more, go to:

Firefox update:

<http://www.mandriva.com/security/advisories?name=MDKSA-2005:173>

Thunderbird update:

<http://www.mandriva.com/security/advisories?name=MDKSA-2005:174>

Mandriva issues patch for Hylafax

The Hylafax fax server package does not create temporary files
in a secure manner. A local attacker could exploit this to
overwrite files on the affected machine. For more, go to:

<http://www.mandriva.com/security/advisories?name=MDKSA-2005:177>

Mandriva patches webmin

According to an alert from Mandriva, "Miniserv.pl in Webmin
1.220, when 'full PAM conversations' is enabled, allows remote
attackers to bypass authentication by spoofing session IDs via
certain metacharacters (line feed or carriage return)." For
more, go to:

<http://www.mandriva.com/security/advisories?name=MDKSA-2005:176>

**********

Debian, Gentoo patch weex

A format string vulnerability in weex, an FTP client for
updating Web sites, could be exploited to run malicious code on
the affected machine. For more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-855>

Gentoo:
<http://security.gentoo.org/glsa/glsa-200510-09.xml>
**********

FreeBSD, Gentoo, Mandriva patch OpenSSL

A flaw in the way OpenSSL handles a newer version of the SSL
protocol could result in a less secure version of SSL to be
used. An attacker could exploit this to tamper with the data
being transmitted. For more, go to:

FreeBSD:
<http://www.networkworld.com/go2/1010bug2e.html>

Gentoo:
<http://security.gentoo.org/glsa/glsa-200510-11.xml>

Mandriva:

<http://www.mandriva.com/security/advisories?name=MDKSA-2005:179>

**********

Linux vendors patch xine-lib

A format string in xine-lib, a multimedia code library that
handles audio CD information, could be exploited to run
malicious code on the affected machine. For more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-863>

Gentoo:
<http://security.gentoo.org/glsa/glsa-200510-08.xml>

Mandriva:

<http://www.mandriva.com/security/advisories?name=MDKSA-2005:180>

Ubuntu:
<http://www.networkworld.com/go2/1010bug2d.html>
**********

Debian, Ubuntu patch Shorewall

A flaw in the way the Shorewall firewall generates iptables
could allow greater permissions than originally specified. For
more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-849>

Ubuntu:
<http://www.networkworld.com/go2/1010bug2c.html>
**********

Debian, Ubuntu patch Ruby

Ruby, a scripting language, does not properly enforce the "safe
level" mechanism, allowing attackers to gain elevated privileges
and potentially run arbitrary code on the affected machine. For
more, go to:

Debian (Ruby):
<http://www.debian.org/security/2005/dsa-860>

Debian (Ruby 1.6):
<http://www.debian.org/security/2005/dsa-862>

Ubuntu:
<http://www.networkworld.com/go2/1010bug2b.html>
**********

Debian patches masqmail

Two vulnerabilities have been found in the masqmail mailer
application. One could lead to files being overwritten in a
symlink attack, the other to malicious files being executed on
the affected machine. For more, go to:
<http://www.debian.org/security/2005/dsa-848>
**********

Today's roundup of virus alerts:

W32/Agobot-TP -- An Agobot variant that moves through network
shares and exploits a number of known Windows vulnerabilities to
infect a host. It drops "svchost32.exe" in the Windows System
folder and can be used a SOCKS proxy, for port scanning and in
denial-of-service attacks - all remotely controlled through IRC.
(Sophos)

W32/Agobot-TR -- This Agobot variant allows control over a
number of malicious applications via IRC. In addition, it
modifies the Windows HOSTS file to limit access to security
related Web sites. It drops "winlogoff.exe" in the Windows
System folder. (Sophos)

W32/Kangaroo-B -- A virus that monitors the windows title bar,
looking for drive letters. When it finds one, it copies
"kangen.exe" to that file. The virus puts a Word file on the
machine that has an Indonesian pop song embedded. (Sophos)

W32/Erkez-G -- An e-mail and peer-to-peer worm that seeks out
directories that start with "musi", "shar", or "uploa" and drops
files in there. The infected files are "AntiVirus Update.exe"
and "antivirus_update.exe" in the Windows System folder. The
e-mail message uses a number of characteristics, but most of the
potential subject lines are foreign. (Sophos)

Troj/Mirchack-A -- This a hacked version of the mIRC32 client
that allows a backdoor to the IRC network. (Sophos)

W32/Rbot-AQQ -- A new Rbot variant that drops "lsasss.exe" in
the Windows System folder. It allows backdoor access via IRC.
(Sophos)

32/Rbot-AQW -- Yet another Rbot variant that exploits a number
of known Windows flaws to infect a machine. It allows backdoor
access via IRC. (Sophos)

W32/Rbot-ARD -- Another Rbot variant that provides backdoor
access via IRC. It spreads through network shares with weak
passwords or to machines infected with another virus or
non-patched Windows flaws. (Sophos)

W32/Rbot-ARE -- The fourth Rbot variant uses IRC to provide
backdoor access to the infected host. It drops "expl0rer.pif" in
the Windows System folder. (Sophos)

W32/Rbot-ARH -- The fifth Rbot variant works in similar fashion
to the other four we've covered today. This one installs
"mswi32.pif" in the Windows System folder. (Sophos)

W32/Rbot-ARI -- Rbot number six this week drops "up32.pif" in
the Windows System folder. (Sophos)

W32/Codbot-AD -- A network worm that installs "winjava.exe" in
the Windows System directory and can be used to control the
infected host via IRC. (Sophos)

Troj/Iyus-N -- A virus that arrives as a CAB file containing
"setting.inf" and "install.exe". The virus tries to download
additional code from a remote Web site and attempts to terminate
security related applications. (Sophos)

Troj/Lecna-D -- A backdoor Trojan that tries to download an
additional executable (netscv.exe) from a remote site via HTTP.
It does install "USBTest.sys" in the Windows\Systems\drivers
folder. (Sophos)

W32/Brontok-A -- An e-mail worm that searches for addresses on
the infected host. It spreads through a message with
"Kangen.exe" attached. It will restart the infected machine each
time it encounters a certain string in the Windows title bar.
(Sophos)

W32/Forbot-CI -- A Forbot variant that allows the infected
machine to be used for a number of malicious purposes, including
starting and HTTP and FTP server, executing commands and
stealing passwords. It installs itself as "svshost.exe" in the
Windows System directory. (Sophos)

W32/Alasrou-A -- An e-mail harvesting worm that exploits the
Windows LSASS flaw to infect a machine as it spreads through
network shares. It drops "file1.exe" in the Temp directory and
FTPs its bounty to a remote site. (Sophos)

W32/Mytob-DW -- This Mytob variant can spread through network
shares and e-mail. It creates "hellmsn.exe" in the root
directory and can allow backdoor access via IRC. (Sophos)

W32/Lebreat-A -- A virus that spreads via e-mail and can be used
in a denial-of-service attack against www.symantec.com. It uses
port 8885 to do so. The infected message looks like an account
warning (i.e. "Your credit card was charged for $500 USD. For
additional information see the attachment." (Sophos)

W32/Spybot-DX -- A backdoor Trojan that allows access to the
infected machine via IRC. It installs "rundll.exe" in the
Windows System folder. No other word on what damage can be
caused by Spybot-DX. (Sophos)

W32/Stubbot-D -- A virus that exploits Windows vulnerabilities
and other machines infected with the MyDoom virus as it spreads
through network shares. It drops "stubbish.exe" in the Windows
folder and allows backdoor access through IRC. (Sophos)
**********

From the interesting reading department:

Securing mobile data more important than viruses

Enterprises with workers that can access corporate data from
mobile devices should be less concerned about mobile viruses and
more focused on setting and enforcing rules for securing the
data, said speakers at Symbian's Smartphone Show in London on
Tuesday. IDG News Service, 10/12/05.

<http://www.networkworld.com/nlsecuritynewsal8584nltradealert8693
>

Is security software the next battle for Microsoft?

Microsoft's moves into the security software market could be an
agitator for more anti-trust concerns over how it uses its
market strength for other software offerings. IDG News Service,
10/12/05.
<http://www.networkworld.com/go2/1010bug2a.html>
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by Xerox

Should you be analyzing document management investments and
understanding the return on this investment. Learn more about
why conducting an assessment of the number of printers, copiers,
and faxes on site, what they're doing, the volume, and who has
access to which devices, can be beneficial to your bottom line.

http://www.fattail.com/redir/redirect.asp?CID=117219

_______________________________________________________________
FEATURED READER RESOURCE

Network World Technology Insider on Security: Is Encryption the
Perspective?

Encryption won't solve all your security issues but these days
there is no excuse for not safeguarding your organization's
sensitive data. From Clear Choice product coverage to new
regulations and high-profile breaches, this Technology Insider
on Security covers it all. Click here to read now:

<http://www.networkworld.com/nlantispamnewsal7558nlciscoalert7416
nlconvergence7366nldatacenter7531nldsv7447nlfinancialnewsa7389nlg
ibrad7526nlgrease7362nlibmnewsalert7422nlisp7451nlitedu7455nllan7
490nllinux7406nlmobile7483nlmsg7498nlnetflash7375nlnetop7501nlnet
systemsmgmt7402nlnetwork7541nlnovell7504nlnsm7459nloptical7379nlo
utsource7467nlsec7411nlsecuritynewsal7443nlservers7507nlsmallbusi
nesst7509nlsoholife7468nlstandardsandre7395nlstorage7512nltechupd
ate7463nltheedge7515nlthisweek5069nltradealert8699nlvirusbug5096n
lvoipalert7435nlvpn7518nlwan7521nlwebapps7439nlwir7476nlwnt7472>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at <http://www.subscribenw.com/nl2>

International subscribers click here:
<http://nww1.com/go/circ_promo.html>
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)