|
|
Microsoft | Worms | Other Threats |
On April 13, Microsoft released patches for flaws affecting Windows, Internet Explorer, and Outlook Express. Some of these could make the operating system vulnerable to new worms or viruses similar to the highly destructive MSBlast worm, which has infected at least eight million Windows computers since last August. For details, see
A flaw in Windows' ASN.1 Library could allow malicious code execution. Affected software includes:
For more details, including some important caveats, see Microsoft Security Bulletin MS04-007 (“ASN.1 Vulnerability Could Allow Code Execution…”) at http://www.microsoft.com/technet/security/bulletin/ms04-007.mspx
UO Windows users: Test your PC for the MS04-007 vulnerability, as well as MS03-026 and MS03-029, by using the “Test My Computer” link at http://pctest.uoregon.edu/ The latest version of the free Windows Security CD distributed by Microcomputer Services (151 McKenzie) contains the patches for all of these critical flaws.
An “important” flaw that could be exploited by malicious code was detected in Virtual PC for Mac early this year. Versions 6.0, 6.01, 6.02, and 6.1 are affected. For details, see Microsoft Security Bulletin MS04-005 (“Vulnerability in PC for Mac could lead to privilege elevation…”) at http://www.microsoft.com/technet/security/bulletin/ms04-005.mspx
Early in March, Microsoft warned of vulnerabilities in three of its top products (Outlook 2002, Windows Media Services, and MSN Messenger 6.0 and 6.1).
Outlook. Of the three, Outlook 2002's vulnerability is considered the most dangerous, as it could ultimately allow attackers to gain control of a user's computer and run malicious code. You can get the Outlook 2002 Security Patch KB828040, along with downloading instructions, at http://support.microsoft.com/?kbid=828040
MSN. This flaw could allow attackers to view the contents of a victim's hard drive during a chat session, especially if anonymous callers are not blocked. More information is available on Symantec's security response site at http://securityresponse.symantec.com/avcenter/security/Content/9828.html
For patches and downloading information, see MS04-010 at http://www.microsoft.com/technet/security/bulletin/ms04-010.mspx
Media Services. A flaw in the way Windows Media Services software handles TCP/IP connections could allow a denial-of-service attack on the server. See Symantec's security response site at http://securityresponse.symantec.com/avcenter/security/Content/9825.html for details. The patch is available at http://www.microsoft.com/downloads/details.aspx?FamilyId=7F4C067C-5D34-48FB-A9FA-C2200243D4D2&displaylang=en
On February 12, Microsoft confirmed that portions of the source code for Windows NT 4.0 and 2000—including code for Internet Explorer 5—had been illegally posted on the Internet.
Security researchers subsequently found and tested a flaw that exists in all versions of IE 5 for all Windows versions as a result of the code leak. Microsoft advises IE users to upgrade to IE 6 immediately.
For details, see
Internet Explorer users are vulnerable to a flaw that allows a malicious user
to create a hyperlink to a counterfeit website. The bogus site appears benign
and legitimate in every way, thus easily fooling visitors into downloading files
that harbor computer viruses. Information on how to protect yourself from this
scam, known as “spoofing,” is available at
http://support.microsoft.com/default.aspx?scid=kb;en-us;833786
Also see Security Bulletin MS04-004, “Cumulative Security Update for Internet Explorer,” which replaces MS03-048, at http://www.microsoft.com/technet/security/bulletin/ms04-004.mspx
In February, Microsoft launched a Windows Security CD giveaway program for users of Windows XP, Me, 200,98, and 98 SE (Second Edition). The CD contains all MS “critical” patches through October 2003, as well as free antivirus and firewall trial software. It is intended to reach users whose slower Internet connections prohibit them from being able to download patches over the network. To order the free CD, go to http://www.microsoft.com/security/protect/cd/order.asp
The BBC News Online reported recently that malicious hackers are waiting for Microsoft to identify loopholes and issue patches before devising their attacks. The report said that often the patch itself was the catalyst for exploiting a particular vulnerability, indicating the need for users to patch security loopholes as soon as possible. For details, see “Hackers exploit Windows patches” at http://news.bbc.co.uk/1/hi/technology/3485972.stm
In late January, a series of mass-mailing worms variously known as W32.Beagle or Bagle began circulating on the Internet. As of March 22, there were more than a dozen known variants of the worm, which arrive via email and create a security hole (“backdoor”) through which they can penetrate a victim's machine.
Beagle.F and Beagle.G also attempt to spread across filesharing networks such as Kazaa and iMesh. Beagle.Q infects its victims without requiring them to open an attachment. All variants use “spoofed” or forged From: email addresses. Beagle worm attachments have the suffix .zip (Beagle.G uses password-protected zip files in an effort to break auto-unzipping virus scanners).
The Beagle.J variant that hit campus on March 2 fooled many UO users because it purported to be an official security warning from campus authorities. Microcomputer Services has published information on protecting yourself against the Beagle.J worm and other variants on its security website at http://micro.uoregon.edu/av/beagleJ.html
Another mass-mailing worm that began circulating in February, and, like Beagle, propagates via .zip files and may also spread through filesharing networks. For more information, see http://www.symantec.com/avcenter/venc/data/w32.netsky.r@mm.html
Using similar tactics as Beagle and Netsky, and masquerading as an email error, this worm rapidly spread worldwide in January, causing billions in economic damage in 215 countries. See http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html
The authors of Beagle and Netsky have been sparring with each other, creating ever more powerful versions of their viruses and multiplying headaches for users. See http://www.sophos.com/virusinfo/articles/wormwar.html and http://news.bbc.co.uk/2/hi/technology/3532009.stm for details.
This highly destructive worm, which was discovered on March 20, can corrupt hardware and damage files. For information about the worm, see http://isc.sans.org/diary.html?date=2004-03-20 Information about the vulnerable products and patches is available at http://xforce.iss.net/xforce/alerts/id/166 See also Symantec's report at http://www.symantec.com/avcenter/venc/data/w32.witty.worm.html
To stay abreast of late-breaking viruses, see Symantec's comprehensive security site listing the latest virus threats at http://securityresponse.symantec.com/avcenter/vinfodb.html
Three serious flaws have been discovered in Linux core software in the past six months. The flaws could enable an attacker to gain root privileges on a user's computer. For details, see http://news.com.com/2100-1002_3-5162055.html?tag=nefd_top
Some versions of WinZip, a popular non-Microsoft utility for Windows that manages Zip files, have a serious security flaw that could allow attackers to execute malicious code. Users can protect themselves by turning off WinZip's automatic handling of Zip files in Windows Explorer and Windows XP. For details, see http://www.eweek.com/article2/0,4149,1540280,00.asp
All versions of the FreeBSD operating system are vulnerable to a denial-of-service attack unless they upgrade. For more information, including links to software updates, go to http://www.internetnews.com/dev-news/article.php/3320751