MooSoft has posted a new trojan definitions update for The Cleaner
MooSoft has posted a new trojan definitions update for The Cleaner
Issue:
======
WebDAV is an extension to the HTTP protocol that allows remote authoring and management of web content. In the Windows 2000 implementation of the protocol, IIS 5.0 performs initial processing of all WebDAV requests, then forwards the appropriate commands to the WebDAV process. However, a flaw exists in the way WebDAV handles a particular type of malformed request. If a stream of such requests were directed at an affected server, it would consume all CPU availability on the server.
Because the discoverer of this vulnerability has chosen to publish code to exploit this vulnerability before a patch could be developed, Microsoft has developed a workaround that can be used to defend against attack. Knowledge Base article Q241520 provides step-by-step instructions for changing the permissions on the .DLL that provides WebDAV services in order to effectively disable it on the machine. When a patch is available, we will re-release this bulletin and provide updated information.
Read more
======
WebDAV is an extension to the HTTP protocol that allows remote authoring and management of web content. In the Windows 2000 implementation of the protocol, IIS 5.0 performs initial processing of all WebDAV requests, then forwards the appropriate commands to the WebDAV process. However, a flaw exists in the way WebDAV handles a particular type of malformed request. If a stream of such requests were directed at an affected server, it would consume all CPU availability on the server.
Because the discoverer of this vulnerability has chosen to publish code to exploit this vulnerability before a patch could be developed, Microsoft has developed a workaround that can be used to defend against attack. Knowledge Base article Q241520 provides step-by-step instructions for changing the permissions on the .DLL that provides WebDAV services in order to effectively disable it on the machine. When a patch is available, we will re-release this bulletin and provide updated information.
Read more
The IE security architecture provides a caching mechanism that is used to store content that needs to be downloaded and processed on the user´s local machine. The purpose of the cache is to obfuscate the physical location of the cached content, in order to ensure that the web page or HTML e-mail will work through the IE security architecture to access the information. This ensures that the uses of the information can be properly restricted.
A vulnerability exists because it is possible for a web page or HTML e-mail to learn the physical location of cached content. Armed with this information, an attacker could cause the cached content to be opened in the Local Computer Zone. This would enable him to launch compiled HTML help (.CHM) files that contain shortcuts to executables, thereby enabling him to run the executables.
Read more
A vulnerability exists because it is possible for a web page or HTML e-mail to learn the physical location of cached content. Armed with this information, an attacker could cause the cached content to be opened in the Local Computer Zone. This would enable him to launch compiled HTML help (.CHM) files that contain shortcuts to executables, thereby enabling him to run the executables.
Read more
Symantec has released a new virus definitions update for Norton AntiVirus.
This update will work on the following products:
NAV for Lotus Notes (Intel)
NAV for MS Exchange (Intel)
NAV 4.0, 5.0 and 2000 for Win9x
NAV 4.0, 5.0 and 2000 for WinNT
NAV 2000 for Win2000
NAV for Firewalls
pcAnywhere32 7.5 and higher for WinNT
Norton Utilities for Windows 95/98 (all versions)
Norton SystemWorks (all versions)
Download
This update will work on the following products:
NAV for Lotus Notes (Intel)
NAV for MS Exchange (Intel)
NAV 4.0, 5.0 and 2000 for Win9x
NAV 4.0, 5.0 and 2000 for WinNT
NAV 2000 for Win2000
NAV for Firewalls
pcAnywhere32 7.5 and higher for WinNT
Norton Utilities for Windows 95/98 (all versions)
Norton SystemWorks (all versions)
Download
IIS 5.0 contains a flaw affecting the way that an URL is handled if it has a specific construction and its length is within a very narrow range of values. If such an URL were repeatedly sent to an affected system, a confluence of events could cause a memory allocation error that would result in the failure of the IIS service.
Exchange 2000 is affected by the same vulnerability. To support web-based mail clients, it introduces the ability to address items on the store via URLs. This is done in part by using IIS 5.0, and in part via code that is specific to Exchange 2000. Both pieces of code contain the flaw, but the effect of exploiting the vulnerability via either would be the same -- it could be used to cause the IIS service to fail, but could not be used to attack the Exchange service itself. That is, successfully attacking an Exchange server via this vulnerability would disrupt web-based mail clients´ use of the server, but not that of MAPI-based mail clients like Outlook.
Read more/Download
Exchange 2000 is affected by the same vulnerability. To support web-based mail clients, it introduces the ability to address items on the store via URLs. This is done in part by using IIS 5.0, and in part via code that is specific to Exchange 2000. Both pieces of code contain the flaw, but the effect of exploiting the vulnerability via either would be the same -- it could be used to cause the IIS service to fail, but could not be used to attack the Exchange service itself. That is, successfully attacking an Exchange server via this vulnerability would disrupt web-based mail clients´ use of the server, but not that of MAPI-based mail clients like Outlook.
Read more/Download
The Windows 2000 event viewer snap-in has an unchecked buffer in a section of the code that displays the detailed view of event records. If the event viewer attempted to display an event record that contained specially malformed data in one of the fields, either of two outcomes would result. In the less serious case, the event viewer would fail. In the more serious case, code of the attacker´s choice could be made to run via a buffer overrun.
By design, unprivileged processes can log events in the System and Application logs, and interactively logged-on, unprivileged users can view them. However, only privileged processes can log events in the Security log, and only interactively logged-on administrators can view them. If the vulnerability were exploited to run code of the attacker´s choice, the code would run in the security context of the user who viewed the affected record.
Read more/Download
By design, unprivileged processes can log events in the System and Application logs, and interactively logged-on, unprivileged users can view them. However, only privileged processes can log events in the Security log, and only interactively logged-on administrators can view them. If the vulnerability were exploited to run code of the attacker´s choice, the code would run in the security context of the user who viewed the affected record.
Read more/Download
Outlook Express provides several components that are used both by it
and Outlook, if Outlook is installed on the machine. One such
component, used to process vCards, contains an unchecked buffer.
By creating a vCard and editing it to contain specially chosen data,
then sending it to another user, an attacker could cause either of
two effects to occur if the recipient opened it. In the less serious
case, the attacker could cause the mail client to fail. If this
happened, the recipient could resume normal operation by restarting
the mail client and deleting the offending mail. In the more serious
case, the attacker could cause the mail client to run code of her
choice on the user´s machine. Such code could take any desired
action, limited only by the permissions of the recipient on the
machine.
Read more/Download
and Outlook, if Outlook is installed on the machine. One such
component, used to process vCards, contains an unchecked buffer.
By creating a vCard and editing it to contain specially chosen data,
then sending it to another user, an attacker could cause either of
two effects to occur if the recipient opened it. In the less serious
case, the attacker could cause the mail client to fail. If this
happened, the recipient could resume normal operation by restarting
the mail client and deleting the offending mail. In the more serious
case, the attacker could cause the mail client to run code of her
choice on the user´s machine. Such code could take any desired
action, limited only by the permissions of the recipient on the
machine.
Read more/Download
A core service running on all Windows 2000 domain controllers (but
not on any other machines) contains a flaw affecting how it processes
a certain type of invalid service request. Specifically, the service
should handle the request at issue here by determining that it is
invalid and simply dropping it; in fact, the service performs some
resource-intensive processing and then sends a response.
If an attacker sent a continuous stream of such requests to an
affected machine, it could consume most or all of the machine´s CPU
availability. This could cause the domain controller to process
requests for service slowly or not at all, and could limit the number
of new logons the machine could process and the number of Kerberos
tickets that could be issued.
Affected Software:
Microsoft
Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Download
not on any other machines) contains a flaw affecting how it processes
a certain type of invalid service request. Specifically, the service
should handle the request at issue here by determining that it is
invalid and simply dropping it; in fact, the service performs some
resource-intensive processing and then sends a response.
If an attacker sent a continuous stream of such requests to an
affected machine, it could consume most or all of the machine´s CPU
availability. This could cause the domain controller to process
requests for service slowly or not at all, and could limit the number
of new logons the machine could process and the number of Kerberos
tickets that could be issued.
Affected Software:
Microsoft
Windows 2000 ServerMicrosoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Download
Symantec has posted a new virus definitions update for Norton Antivirus.
Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows Media Player 7. This vulnerability could potentially enable a malicious user to cause a program of his choice to run on another user's computer.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq01-010.asp
Affected Software Versions
Microsoft Windows Media Player 7
Patch Availability
Microsoft Windows Media Player 7:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27961
Windows Media Player 7. This vulnerability could potentially enable a malicious user to cause a program of his choice to run on another user's computer.Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq01-010.asp
Affected Software Versions
Microsoft Windows Media Player 7
Patch Availability
Microsoft Windows Media Player 7:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27961
Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows NT 4.0 servers that provide secure remote sessions. The vulnerability could allow an attacker to prevent an affected machine from providing useful service.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq01-009.asp
Affected Software Versions
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Enterprise Edition
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Patch Availability
Windows NT 4.0 Server and Windows NT 4.0 Server, Enterprise Edition:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27836
Windows NT 4.0 Server, Terminal Server Edition:
To be released shortly
Note: This patch can be applied to systems running Windows NT 4.0 Service Pack 6a. The fix will be included in Windows NT 4.0 Service Pack 7.
Windows NT 4.0 servers that provide secure remote sessions. The vulnerability could allow an attacker to prevent an affected machine from providing useful service.Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq01-009.asp
Affected Software Versions
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Enterprise Edition
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Patch Availability
Windows NT 4.0 Server and Windows NT 4.0 Server, Enterprise Edition:
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27836
Windows NT 4.0 Server, Terminal Server Edition:
To be released shortly
Note: This patch can be applied to systems running Windows NT 4.0 Service Pack 6a. The fix will be included in Windows NT 4.0 Service Pack 7.
Symantec has posted new virus definitions for Norton Antivirus.
A virus posing as a photo of Russian tennis player Anna Kournikova spread aggressively on Monday, as major security companies rushed to update their antivirus software to detect the fast-spreading e-mail virus.
Read more
Read more
Symantec has released new virus definitions for Norton Antivirus
Microsoft has released a patch that eliminates a security vulnerability in Microsoft Windows 2000. The vulnerability could, under certain conditions, allow an attacker to gain complete control over an affected machine.
Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq01-007.asp
Affected Software Versions
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Patch Availability
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27526
Note: This patch can be installed on systems running Windows 2000 Gold, Service Pack 1, and Service Pack 2. It will be included in Service Pack 3.
Windows 2000. The vulnerability could, under certain conditions, allow an attacker to gain complete control over an affected machine.Frequently asked questions regarding this vulnerability and the patch can be found at http://www.microsoft.com/technet/security/bulletin/fq01-007.asp
Affected Software Versions
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Patch Availability
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=27526
Note: This patch can be installed on systems running Windows 2000 Gold, Service Pack 1, and Service Pack 2. It will be included in Service Pack 3.
