Invalid RDP Data Can Cause Memory Leak in Terminal Services

Security 10941 Published by Philipp Esselbach 0

The Windows 2000 Terminal Service and Windows NT 4.0 Terminal Server Edition contains a memory leak in one of the functions that processes incoming Remote Data Protocol data via port 3389. Each time an RDP packet containing a specific type of malformation is processed, the memory leak depletes overall server memory by a small amount.

If an attacker sent a sufficiently large quantity of such data to an affected machine, he could deplete the machine's memory to the point where response time would be slowed or the machine's ability to respond would be stopped altogether. All system services would be affected, including but not limited to terminal services. Normal operation could be restored by rebooting the machine.

A patch is available to fix this vulnerability. Please read the Security Bulletin for information on obtaining this patch.

Read more

SirCam hits FBI cyber-protection unit

Security 10941 Published by Philipp Esselbach 0

Thanks to Atreyu for this one:
A researcher in the Federal Bureau of Investigation's cyber-protection unit unleashed a fast-spreading Internet virus that e-mailed private FBI documents to outsiders--all on the eve of a Senate hearing into troubles at the unit.

Read more

Services for Unix 2.0 Telnet and NFS Services Contain Memory Leaks

Security 10941 Published by Philipp Esselbach 0

Among the components provided by Services for Unix (SFU) 2.0 are services that implement the NFS (Network File System) and Telnet protocols. Both services contain memory leaks that could be triggered by a user request. An attacker who repeatedly sent such a request could deplete the kernel memory on the server to the point where
performance slowed and the system could potentially fail.

A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-039.asp for information on obtaining this patch.

SirCam worm unlikely to become epidemic

Security 10941 Published by Philipp Esselbach 0

The SirCam worm continued to spread Tuesday, although antivirus experts said it still paled in comparison to other destructive programs.

"We escalated this to ´high risk,´ but it is not a blockbuster virus on the order of Love Letter or Melissa, said David Perry, global director of education for antivirus-software maker Trend Micro. "This is a summer-cold virus."

Read more

SirCam clogs mailboxes, spreads secrets

Security 10941 Published by Philipp Esselbach 0

The SirCam worm continued to gain momentum Monday, carrying with it the potential not only to slow corporate e-mail servers but also to send along company secrets.

The worm, which cropped up last week, continued to infect systems across the world over the weekend.

Read more

Outlook View Control Exposes Unsafe Functionality

Security 10941 Published by Philipp Esselbach 0

The Microsoft Outlook View Control is an ActiveX control that allows Outlook mail folders to be viewed via web pages. The control should only allow passive operations such as viewing mail or calendar data. In reality, though, it exposes a function that could allow the web page to manipulate Outlook data. This could enable an attacker to delete mail, change calendar information, or take virtually any other action through Outlook including running arbitrary code on the user´s machine.

Hostile web sites would pose the greatest threat with respect to this vulnerability. If a user could be enticed into visiting a web page controlled by an attacker, script or HTML on the page could invoke the control when the page was opened. The script or HTML could then use the control to take whatever action the attacker desired on the user´s Outlook data.

A patch is available to fix this vulnerability. Please read the Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms01-038.asp

Fake security bulletin hides Leave worm

Security 10941 Published by Philipp Esselbach 0

A new variant of the Leave worm is doing the rounds in the guise of a Microsoft security bulletin, according to antivirus experts.

The worm first appeared last month as a self-propagating virus that infected machines already made vulnerable by the SubSeven Trojan horse. Among other things, it synchronises an infected computer´s clock with that of the US Naval Observatory.

Read more

Previous Page

Next Page

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...