Thursday, July 07, 2005

Microsoft offers workaround for IE vulnerability


NETWORK WORLD NEWSLETTER: JASON MESERVE'S VIRUS AND BUG PATCH
ALERT
07/07/05
Today's focus: Microsoft offers workaround for IE vulnerability

Dear security.world@gmail.com,

In this issue:

* Patches from Microsoft, Adobe, Cisco, others
* Beware fake Microsoft security alert
* Are firewalls expendable?
* Links related to Virus and Bug Patch Alert
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by AppStream
Dynamic Management of Software Licenses
A Whitepaper by Hurwitz & Associates:

Companies utilize 20 percent or less of their desktop software.
Learn how one company saves over $6 million dollars in licensing
costs, and distributes, updates and upgrades software with
little to no IT intervention. Click here to download this
whitepaper
http://www.fattail.com/redir/redirect.asp?CID=107817
_______________________________________________________________
WHERE ARE YOU SPENDING AND WHAT ARE YOU CONCERNED ABOUT?

According to the most recent NW500, spending is up on key
networking technologies. Security remains your biggest concern.
WLAN deployment is at its greatest and unabated data growth
keeps storage high on the priority list. But what about Wi-Fi,
VoWi-Fi and ILM? Check out the results of this year's NW500.
Click here:
http://www.fattail.com/redir/redirect.asp?CID=107649
_______________________________________________________________

Today's focus: Microsoft offers workaround for IE vulnerability

By Jason Meserve

Workaround for IE vulnerability
By Jason Meserve
<mailto:jmeserve@nww.com>

A little off topic, but since many of our readers where multiple
hats, I thought I'd pass this along:

Wainhouse Research is running its quarterly survey on Web
conferencing usage and preferences, called WebMetrics, through
July 19. Prizes include Amazon gift certificates and a 20GB
iPod. If you're an interested user or buyer of web
conferencing, you should take the survey:
<http://www.wainhouse.com/nw>

Today's bug patches and security alerts:

Microsoft offers workaround for IE vulnerability

Microsoft has released software that can be used to mitigate a
critical vulnerability in Internet Explorer that was first
reported last week. The bug, which concerns the way Internet
Explorer handles ActiveX components, can cause the browser to
crash and could be used by an attacker to run unauthorized
software on the IE user's machine, according to Microsoft. IDG
News Service, 07/06/05.
<http://www.networkworld.com/news/2005/070605-microsoft-ie.html>

Related:

IE bug can crash browser, 06/30/05
<http://www.networkworld.com/news/2005/063005-ie-bug.html>

Microsoft security advisory:
<http://www.microsoft.com/technet/security/advisory/903144.mspx>

Microsoft releases Windows 2000 Service Pack 4 Update Rollup 1

A long name for a new security update for Windows 2000 that
contains all fixes since Windows 2000 Service Pack 4 was
released at the end of April. Get more information on the update
and download it here:
<http://www.networkworld.com/go2/0704bug1j.html>
**********

Attackers seek vulnerable Veritas Backup installations

Attackers are already exploiting security flaws last week
reported by Veritas in its remote back-up agent to take control
of computers running the software, according to the U.S.
Computer Emergency Readiness Team. It urged users of the
software, Veritas Backup Exec Remote Agent for Windows Servers,
to apply a security patch issued by Veritas. IDG News Service,
06/30/05.
<http://www.networkworld.com/go2/0704bug1i.html>

Related CERT advisory:
<http://www.us-cert.gov/cas/techalerts/TA05-180A.html>
**********

Adobe patches Acrobat Reader flaw

An attacker could embed malicious JavaScript in a PDF document,
allowing them to run arbitrary code on the affected machine,
according to an alert from Adobe. All though the potential for
exploitation is slim, Adobe is urging users to upgrade:
<http://www.adobe.com/support/techdocs/331709.html>
**********

Cisco fixes RADIUS authentication flaw

Certain devices running Cisco's IOS operating system and using
RADIUS could have their authentication system bypassed. Cisco
has released an update to fix this flaw:
<http://www.networkworld.com/nlvirusbug3067>
**********

Buffer overflow in zlib patched

Linux vendors have released fixes for a buffer overflow in zlib,
a file compression utility. An attacker could exploit the flaw
in a denial-of-service attack or to potentially run malicious
code on the affected machine. For more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-740>

FreeBSD:
<http://www.networkworld.com/go2/0704bug1h.html>

SuSE:
<http://www.networkworld.com/nlvirusbug3068>
**********

FreeBSD patches bzip2

Bzip2, another compression tool, contains flaws in the way it
extracts compressed files. An attacker could exploit this to
send the application into an infinite loop or potentially
overwrite files on the affected machine. For more, go to:
<http://www.networkworld.com/go2/0704bug1g.html>

FreeBSD updates tcp

The TCP stack that comes with FreeBSD is vulnerable to a
denial-of-service attack. A patch is available. For more, go to:
<http://www.networkworld.com/go2/0704bug1f.html>

FreeBSD fixes ipfw

A flaw in ipfw, an IP packet filtering tool, could be exploited
to pass through packets that should have been discarded. For
more, go to:
<http://www.networkworld.com/go2/0704bug1e.html>
**********

Clam AntiVirus flaw fixed

Multiple denial-of-service vulnerabilities have been found in
the open source Clam AntiVirus tool kit, according to alerts
from iDefense. Patches are available. For more, go to:

iDefense advisories:

Cabinet File Handling DoS Vulnerability:
<http://www.networkworld.com/go2/0704bug1d.html>

MS-Expand File Handling DoS Vulnerability:
<http://www.networkworld.com/go2/0704bug1c.html>

Patches:

Debian:
<http://www.debian.org/security/2005/dsa-737>

Gentoo:
<http://security.gentoo.org/glsa/glsa-200506-23.xml>
**********

Gentoo, SuSE release patches for RealPlayer

As we reported last week, RealNetworks has issued patches for
its RealPlayer media client that fixes four vulnerabilities in
older versions. The flaws could be exploited to install spyware
or to take control of the affected machine. Gentoo and SuSE have
issued an update for clients that run on their respective
operating systems. For more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200507-04.xml>

SuSE:
<http://www.networkworld.com/go2/0704bug1b.html>
**********

Gentoo, SuSE patch heimdal

According to a SuSE advisory, "A remote buffer overflow has been
fixed in the heimdal/kerberos telnetd daemon which could lead to
a remote user executing code as root by overflowing a buffer."
For more, go to:

Gentoo:
<http://security.gentoo.org/glsa/glsa-200506-24.xml>

SuSE:
<http://www.networkworld.com/go2/0704bug1a.html>
**********

Trustix releases another multi update

Trustix is a lot like Microsoft, rolling out bug fixes in
batches rather than individually. The latest Trustix "multi"
update fixes problems in clamav, cpplus, dev, imagemagick,
kerberos5, kernel, openldap, pam_ldap, perl-net-server, php,
php4, sqlgrey and swup. For more, go to:
<http://www.trustix.org/errata/2005/0031/>
**********

Debian, Mandriva release patch for SpamAssassin

An attacker could send malformed messages through SpamAssassin,
causing the filtering applications to crash. For more, go to:

Debian:
<http://www.debian.org/security/2005/dsa-736>

Mandriva:
<http://www.mandriva.com/security/advisories?name=MDKSA-2005:106>
**********

Debian patches trac

A flaw in Trac, a Web-based management system for bug tracking
and wiki projects, could allow an attacker to run malicious
applications on the affected machine. For more, go to:
<http://www.debian.org/security/2005/dsa-739>

Debian fixes sudo

A race condition in Sudo could be exploited to run applications
with the privileges on another user. For more, go to:
<http://www.debian.org/security/2005/dsa-735>
**********

Ubuntu fixes dbus

A flaw in the way dbus messages are sent between applications
could be exploited by another user to view the data being sent.
For more, go to:
<https://www.ubuntulinux.org/support/documentation/usn/usn-144-1>

Ubuntu releases fix for amd64 kernel

A flaw in the ptrace() function used in the Ubuntu amd64 kernel
could be exploited to crash the affected kernel. For more, go
to:
<https://www.ubuntulinux.org/support/documentation/usn/usn-143-1>
*********

Today's roundup of virus alerts:

Fake Microsoft security alert includes Trojan patch

A new wave of spam that disguises itself as a Microsoft security
bulletin contains a link to malicious software that gives
attackers complete access to the infected machine, security
researchers are reporting. IDG News Service, 06/30/05.
<http://www.networkworld.com/nlvirusbug3069>

Troj/Proxy-M - A server Trojan that can be used as a Spam relay.
It exploits the Word Buffer Overrun Vulnerability and installs
"csrss.exe" on the infected machine. (Sophos)

W32.Codbot.AL - This Trojan can act as an FTP server, keylogger,
and be used to steal information from the infected machine. It
spreads through network shares by exploiting a number of known
Windows vulnerabilities and can be controlled remotely through
an IRC channel. (Panda Software)

W32/Codbot-N - This Codbot variant drops "dfrgfat16.exe" in the
Windows System directory of the infected machine. It can be
controlled via IRC and used for a number of malicious
applications. (Sophos)

W32/Codbot-AG - Another Codbot sibling that exploits Windows
System flaws to spread. It drops a number of files on the
infected system. (Sophos)

W32.Semapi.A - A mass-mailer worm that uses variable attachment
names and message attributes to spread. It does pop-up a message
claiming the "semapi.dll" file cannot be found. (Panda Software)

W32/Mytob-BY - A new Mytob mailer worm that looks like an
account warning or password expiration message. It usually has
an attachment with a double extension and can install
"nibie.exe", "skybotx.exe" or "wdns33.exe" on the infected
machine. (Sophos)

Troj/BagleDl-R - This Bagle variant acts as a downloader,
injecting malicious code into "EXPLORER.EXE" and dropping
"winshost.exe" in the Windows System directory. It modifies the
Windows HOSTS file to limit access to security-related Web
sites. (Sophps)

W32/Sdbot-AYF - A new Sdbot variant that spreads through network
shares and drops "WinAwk.exe" in the Windows System folder. It
can be used as FTP server or download/run additional malicious
code. (Sophos)

W32/Kelvir-AJ - A Windows Messenger worm that displays the
instant message "hahaaaa you are in the weebs picture ;) <URL>".
Click on the URL will bring users to a malicious Web site.
(Sophos)

W32/Kelvir-CB - Another Windows Messenger worm that tries to get
a user to click a link. This version uses the message "Doesnt
this kind of look like you?" followed by a URL. (Sophos)

Mitglieder.DQ - An e-mail worm that pops open the Windows Paint
program when the infected attachment is opened. It disables
security applications running on the infected machine. (Panda
Software)

Troj/Zlob-K - A downloader application that tries to install
malware on the infected machine. It adds a pointer to
"MSMSGS.EXE" in the Windows registry and injects code into
explorer.exe. (Sophos)

Troj/Insor-B - A proxy application that installs "iedld32.dll"
on the infected machine. (Sophos)

W32/Traxg-B - A worm that spreads through Outlook, creating
random files on the target host. It may also drop "folder.htt"
into the c: root directory. (Sophos)

Troj/Banker-DV - Another one of those password-stealing Trojan
that target customers of Brazilian banks. (Sophos)

Troj/Multidr-DQ - This Trojan drops multiple files on the target
machine, including services.exe, sservice.exe and fservice.exe.
All the files are installed in the Windows System folder.
(Sophos)

Troj/Psyme-CA - A virus designed to exploit the XMLHTTP and
ADODB Stream vulnerabilities in Internet Explorer. The virus can
overwrite any installation of Windows Media Player. (Sophos)

W32/Rbot-AGP - An Rbot Trojan that spreads through network
shares, dropping "svkp.sys" in the Windows System directory.
(Sophos)

From the interesting reading department:

Are firewalls expendable?

The firewall's fate is up for debate. For more than a decade,
firewalls have stood guard at the perimeter of corporate
networks to defend against the Internet's perils. But a growing
number of security managers, united under the banner of the
Jericho Forum, want to retire this stalwart because they say it
hinders e-commerce. Network World, 07/04/05.
<http://www.networkworld.com/news/2005/070405perimeter.html>
_______________________________________________________________
To contact: Jason Meserve

Jason Meserve is the Multimedia Editor at Network World and
writes about streaming media, search engines and IP Multicast.
Jason can be reached at <mailto:jmeserve@nww.com>. Check out his
Multimedia Exchange weblog at:
<http://www.networkworld.com/weblogs/multimedia/>

Check out our weekly Network World Radio program at:
<http://www.networkworld.com/radio/>
_______________________________________________________________
This newsletter is sponsored by AppStream
Dynamic Management of Software Licenses
A Whitepaper by Hurwitz & Associates:

Companies utilize 20 percent or less of their desktop software.
Learn how one company saves over $6 million dollars in licensing
costs, and distributes, updates and upgrades software with
little to no IT intervention. Click here to download this
whitepaper
http://www.fattail.com/redir/redirect.asp?CID=107816
_______________________________________________________________
ARCHIVE LINKS

Virus and Bug Patch Alert archive:
http://www.networkworld.com/newsletters/bug/index.html

Breaking security news, updated daily
http://www.networkworld.com/topics/security.html
_______________________________________________________________
FEATURED READER RESOURCE
TEN WAYS TO STOP SPYWARE

You will get spam down to a manageable level this year, but then
spyware will kick in. Spyware cleaners will help, but won't
eradicate all the unwanted activity at the office, at home.
Here's a ten step guide you can follow to curb the spyware
problem:
<http://www.networkworld.com/nlvirusbug3070>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments:

Post a Comment