Symantec has released a new virus definitions update for Norton Antivirus.
McAfee Virus definition has been updated to version 4145
This vulnerability involves an LDAP function that is only available if the LDAP server has been configured to support LDAP over SSL sessions, and whose purpose is to allow users to change the data attributes of directory principals. By design, the function should check the authorizations of the user before completing the request; however, it contains an error that manifests itself only when the directory principal is a domain user and the data attribute is the domain password -- when this is the case, the function fails to check the permissions of the requester, with the result that it could be possible for a user to change any other user´s domain login password.
An attacker could change another user´s password for either of two purposes: to cause a denial of service by preventing the other user >from logging on, or in order to log into the user´s account and gain any privileges the user had. Clearly, the most serious case would be one in which the attacker changed a domain administrator´s password and logged into the administrator´s account.
A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-036.asp for information on obtaining this patch.
An attacker could change another user´s password for either of two purposes: to cause a denial of service by preventing the other user >from logging on, or in order to log into the user´s account and gain any privileges the user had. Clearly, the most serious case would be one in which the attacker changed a domain administrator´s password and logged into the administrator´s account.
A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-036.asp for information on obtaining this patch.
Symantec has released a new virus definitions update for Norton Antivirus.
A new variant of the originally reported vulnerability has been
found. The patch has been updated to address both the original and new variants.
Issue
A remote denial of service vulnerability has been discovered in a component of Microsoft(r) NetMeeting. The denial of service can occur when a malicious client sends a particular malformed string to a port which the NetMeeting service is listening on and with Remote Desktop Sharing enabled.
Although the NetMeeting application is provided as part of Windows(r) 2000 products, the application and affected component is not enabled by default, and customers who have not enabled it would not be at risk >from this vulnerability.
A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms00-077.asp for information on obtaining this patch.
found. The patch has been updated to address both the original and new variants.
Issue
A remote denial of service vulnerability has been discovered in a component of Microsoft(r) NetMeeting. The denial of service can occur when a malicious client sends a particular malformed string to a port which the NetMeeting service is listening on and with Remote Desktop Sharing enabled.
Although the NetMeeting application is provided as part of Windows(r) 2000 products, the application and affected component is not enabled by default, and customers who have not enabled it would not be at risk >from this vulnerability.
A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms00-077.asp for information on obtaining this patch.
Word, like other members of the Office product family, provides a security mechanism that requires the user´s approval to run macros.
By design, any time a document is opened Word scans it for macros. If any are found, they are handled in accordance with user´s selected security settings. By default in Word 2000 and 2002, only macros that are signed by a trusted party are enabled; all others are disabled. In Word 97, if the document contains macros, the user is prompted regarding whether to enable them or disable them.
A vulnerability results because it is possible to modify a Word document in such a way as to prevent the security scanner from recognizing an embedded macro while still allowing it to execute. Exploiting the vulnerability would enable an attacker to cause a macro to run automatically when such a document was opened. Such a macro would be able to take any action that the user herself could take. This could include disabling the user´s Word security settings so that subsequently-opened Word documents would no longer be checked for macros.
A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-034.asp for information on obtaining this patch.
By design, any time a document is opened Word scans it for macros. If any are found, they are handled in accordance with user´s selected security settings. By default in Word 2000 and 2002, only macros that are signed by a trusted party are enabled; all others are disabled. In Word 97, if the document contains macros, the user is prompted regarding whether to enable them or disable them.
A vulnerability results because it is possible to modify a Word document in such a way as to prevent the security scanner from recognizing an embedded macro while still allowing it to execute. Exploiting the vulnerability would enable an attacker to cause a macro to run automatically when such a document was opened. Such a macro would be able to take any action that the user herself could take. This could include disabling the user´s Word security settings so that subsequently-opened Word documents would no longer be checked for macros.
A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-034.asp for information on obtaining this patch.
FrontPage Server Extensions ship as part of IIS 4.0 and 5.0, and facilitate the development of Web sites and Web-based applications. FrontPage Server Extensions includes an additional, optional sub-component called Visual Studio RAD (Remote Application Deployment) Support. This sub-component allows Visual InterDev 6.0 users to register and unregister COM objects on an IIS 4.0 or 5.0 Server. This sub-component contains an unchecked buffer in a section that processes input information. An attacker could exploit this vulnerability against any server with this sub-component installed by establishing a web session on with the server and passing a specially malformed packet to the server component. The attacker could use that packet to thereby load code of his choice for execution on the server. An attack that exploits this vulnerability would execute in the IUSR_machinename context (see Q142868). However, it is possible under certain circumstances to execute code in the SYSTEM context.
It is important to note that this feature is not installed by default with FPSE. It is also not installed by default on either of IIS 4.0 or 5.0. Also, when the feature is selected during installation, a
warning message is raised alerting the administrator that this feature should not be installed on production machines, especially if the production machine has Internet access. This is because this feature is only intended for facilitating internal development. The administrator must acknowledge the warning to successfully install the feature.
A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-035.asp for information on obtaining this patch.
It is important to note that this feature is not installed by default with FPSE. It is also not installed by default on either of IIS 4.0 or 5.0. Also, when the feature is selected during installation, a
warning message is raised alerting the administrator that this feature should not be installed on production machines, especially if the production machine has Internet access. This is because this feature is only intended for facilitating internal development. The administrator must acknowledge the warning to successfully install the feature.
A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-035.asp for information on obtaining this patch.
Microsoft has developed an improved version of the Cipher.exe tool, offering an important new option – the ability to permanently overwrite (or "wipe") all of the deleted data on a hard disk.
Download
Download
MooSoft has posted a new trojan definitions database update for "The Cleaner"
Database v3242, dated June 20, 2001, 3445 trojan definitions.
-------------------------
Added AIMBus
Added CS
Added Muska52
Added Small Fun
Added Theef
Updated BioNet
Updated Buschtrommel
Updated Cyn
Updated Latinus
Updated Little Witch
Updated Magistr
Updated Remote Hack
Download
Database v3242, dated June 20, 2001, 3445 trojan definitions.
-------------------------
Added AIMBus
Added CS
Added Muska52
Added Small Fun
Added Theef
Updated BioNet
Updated Buschtrommel
Updated Cyn
Updated Latinus
Updated Little Witch
Updated Magistr
Updated Remote Hack
Download
Symantec has released a new virus definitions update for Norton Antivirus.
This update will work on the following products:
NAV for Lotus Notes (Intel)
NAV for MS Exchange (Intel)
NAV 4.0, 5.0 and 2000 for Win9x
NAV 4.0, 5.0 and 2000 for WinNT
NAV 2000 for Win2000
NAV for Firewalls
pcAnywhere32 7.5 and higher for WinNT
Norton Utilities for Windows 95/98 (all versions)
Norton SystemWorks (all versions)
Download
This update will work on the following products:
NAV for Lotus Notes (Intel)
NAV for MS Exchange (Intel)
NAV 4.0, 5.0 and 2000 for Win9x
NAV 4.0, 5.0 and 2000 for WinNT
NAV 2000 for Win2000
NAV for Firewalls
pcAnywhere32 7.5 and higher for WinNT
Norton Utilities for Windows 95/98 (all versions)
Norton SystemWorks (all versions)
Download
As part of its installation process, IIS installs several ISAPI extensions -- .dlls that provide extended functionality. Among these is idq.dll, which is a component of Index Server (known in Windows 2000 as Indexing Service) and provides support for administrative scripts (.ida files) and Internet Data Queries (.idq files).
A security vulnerability results because idq.dll contains an
unchecked buffer in a section of code that handles input URLs. An attacker who could establish a web session with a server on which idq.dll is installed could conduct a buffer overrun attack and execute code on the web server. Idq.dll runs in the System context, so exploiting the vulnerability would give the attacker complete control of the server and allow him to take any desired action on it.
The buffer overrun occurs before any indexing functionality is requested. As a result, even though idq.dll is a component of Index Server/Indexing Service, the service would not need to be running in order for an attacker to exploit the vulnerability. As long as the script mapping for .idq or .ida files were present, and the attacker were able to establish a web session, he could exploit the vulnerability.
Read more
A security vulnerability results because idq.dll contains an
unchecked buffer in a section of code that handles input URLs. An attacker who could establish a web session with a server on which idq.dll is installed could conduct a buffer overrun attack and execute code on the web server. Idq.dll runs in the System context, so exploiting the vulnerability would give the attacker complete control of the server and allow him to take any desired action on it.
The buffer overrun occurs before any indexing functionality is requested. As a result, even though idq.dll is a component of Index Server/Indexing Service, the service would not need to be running in order for an attacker to exploit the vulnerability. As long as the script mapping for .idq or .ida files were present, and the attacker were able to establish a web session, he could exploit the vulnerability.
Read more
Symantec has released a new virus definitions update for Norton Antivirus.
Microsoft has updated the "Incorrect Attachment Handling in Exchange OWA Can Execute Script" security bulletin to version 3.0
MooSoft has posted a new trojan definitions update for the Cleaner
Microsoft has updated the "Incorrect Attachment Handling in Exchange OWA Can Execute Script" Security Bulletin to 2.0
Reason for Revision:
====================
- Exchange 5.5 has been determined to be affected by the vulnerability. We have developed an Exchange 5.5 patch.
- The originally released Exchange 2000 patch has been determined to contain a regression error that can cause performance problems on the servers it is installed on. We have eliminated the regression error and updated the patch; we recommend that customers who installed the original patch install the updated one.
Download
Reason for Revision:
====================
- Exchange 5.5 has been determined to be affected by the vulnerability. We have developed an Exchange 5.5 patch.
- The originally released Exchange 2000 patch has been determined to contain a regression error that can cause performance problems on the servers it is installed on. We have eliminated the regression error and updated the patch; we recommend that customers who installed the original patch install the updated one.
Download
Issue:
======
This bulletin discusses a total of seven vulnerabilities affecting the Windows 2000 Telnet service. The vulnerabilities fall into three broad categories: privilege elevation, denial of service and information disclosure.
Two of the vulnerabilities could allow privilege elevation, and have their roots in flaws related to the way Telnet sessions are created. When a new Telnet session is established, the service creates a named pipe, and runs any code associated with it as part of the initialization process. However, the pipe´s name is predictable, and if Telnet finds an existing pipe with that name, it simply uses it. An attacker who had the ability to load and run code on the server could create the pipe and associate a program with it, and the Telnet service would run the code in Local System context when it stablished the next Telnet session.
Four of the vulnerabilities could allow denial of service attacks. None of these vulnerabilities have anything in common with each other.
- One occurs because it is possible to prevent Telnet from terminating idle sessions; by creating a sufficient number of such sessions, an attacker could deny sessions to any other user.
- One occurs because of a handle leak when a Telnet session is terminated in a certain way. By repeatedly starting sessions and then terminating them, an attacker could deplete the supply of handles on the server to point where it could no longer perform useful work.
- One occurs because a logon command containing a particular malformation causes an access violation in the Telnet service.
- One occurs because a system call can be made using only normal user privileges, which has the effect of terminating a Telnet session.
The final vulnerability is an information disclosure vulnerability that could make it easier for an attacker to find Guest accounts exposed via the Telnet server. It has exactly the same cause, scope and effect as a vulnerability affecting FTP and discussed in Microsoft Security Bulletin MS01-026.
Download
======
This bulletin discusses a total of seven vulnerabilities affecting the Windows 2000 Telnet service. The vulnerabilities fall into three broad categories: privilege elevation, denial of service and information disclosure.
Two of the vulnerabilities could allow privilege elevation, and have their roots in flaws related to the way Telnet sessions are created. When a new Telnet session is established, the service creates a named pipe, and runs any code associated with it as part of the initialization process. However, the pipe´s name is predictable, and if Telnet finds an existing pipe with that name, it simply uses it. An attacker who had the ability to load and run code on the server could create the pipe and associate a program with it, and the Telnet service would run the code in Local System context when it stablished the next Telnet session.
Four of the vulnerabilities could allow denial of service attacks. None of these vulnerabilities have anything in common with each other.
- One occurs because it is possible to prevent Telnet from terminating idle sessions; by creating a sufficient number of such sessions, an attacker could deny sessions to any other user.
- One occurs because of a handle leak when a Telnet session is terminated in a certain way. By repeatedly starting sessions and then terminating them, an attacker could deplete the supply of handles on the server to point where it could no longer perform useful work.
- One occurs because a logon command containing a particular malformation causes an access violation in the Telnet service.
- One occurs because a system call can be made using only normal user privileges, which has the effect of terminating a Telnet session.
The final vulnerability is an information disclosure vulnerability that could make it easier for an attacker to find Guest accounts exposed via the Telnet server. It has exactly the same cause, scope and effect as a vulnerability affecting FTP and discussed in Microsoft Security Bulletin MS01-026.
Download
Symantec has released a new virus definitions update for Norton Antivirus.
