|
|
Microsoft Windows | Other Alerts | Mac OS X | Late-Breaking Alerts |
All versions of Microsoft Internet Explorer are vulnerable to an exploit that could allow an attacker to execute malicious code once a victim is tricked into viewing an HTML document (either a web page or HTML email). This exploit code is publicly available, and attacks have already been reported.
Users can reduce their risk by running Windows Update. To get more information and to download the cumulative update for Microsoft RPC/DCOM (828741), see MS Security Bulletin MS-012 at http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx
References:
In May, a major security flaw was discovered in the popular email client Eudora. The flaw specifically involves attachments opened in Microsoft Internet Explorer and affects all versions of Eudora. As of June 28, no patches had been released.
The main exploit can be avoided by cutting and pasting URLs that appear in Eudora email messages rather than clicking to open them. (This is good advice no matter what browser you use.) However, other security advisories suggest not using Eudora at all.
For those who continue using Eudora, Microcomputer Services has posted step-by-step instructions for turning off Eudora's vulnerable features at http://micro.uoregon.edu/security/eudora/
For details on Eudora's vulnerabilities, see
The MS04-011 patch is critical for Hosts Running Secure (via SSL) Services on Remotely Accessible NT/2K/XP/2003 Platforms. System administrators are urged to apply this patch, which fixes server vulnerabilities that could allow buffer overruns and remote code execution. Many of the security lists, including CERT, have reported that the exploit code for this vulnerability is in active use.
ActiveDirectory, Exchange Server, Internet Information Server (IIS), or any other software that utilizes the Microsoft SSL library are at risk. For details, see Microsoft Security Bulletin MS04-11 at http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx and Knowledge Base Article KB835732 at http://support.microsoft.com/default.aspx?scid=kb;[LN];KB835732
In June, RealNetworks Inc. acted to correct a critical security flaw that impacts millions of users of its popular RealOne Player and RealPlayer software. The flaw could potentially allow a hacker to execute malicious code on a targeted machine. The code runs in the security context of the logged-on user. Affected versions include:
To update your Windows system, go to RealNetwork's Customer Support page at http://service.real.com/help/faq/security/040610_player/EN
For further details on the problem see SearchSecurity.com's article, "High severity flaw plagues RealOne Player, RealPlayer" at http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci969919,00.html
On June 8, Microsoft issued a "moderate" security warning for a DirectPlay vulnerability in Windows XP/98/98SE/Me and issued fixes for the problem. It's recommended that all Windows users consider applying the security update available on Microsoft's Security Bulletin MS04-016 page at http://www.microsoft.com/technet/security/bulletin/MS04-016.mspx
This page also contains a complete list of affected software and components.
This worm spreads by exploiting multiple vulnerabilities, including weak passwords, to modify victims' files. It affects Windows 2000, NT, and XP systems. For details, current virus definitions, and removal instructions, see Symantec's Security Response page at http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.wx.html
Also see Symantec's information on the W32.Gaobot.AUS worm (http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.aus.html) and W32.Gaobot.SN worm (http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.sn.html).
Don't forget that current students, faculty, and staff are eligible to receive a free Windows Security CD, which contains vital antiviral updates and system patches specific to Windows machines. The CD is periodically updated to stay abreast of new security developments.
To obtain your copy of the CD, go to the Microcomputer Services Help Desk on the ground floor of McKenzie Hall (151 McKenzie) and present your UO ID to a consultant.
If exploited, this vulnerability could allow a denial of service attack against existing TCP connections. You'll find a detailed explanation of the vulnerability, as well as available remedies, on the NISCC Vulnerability Advisory page at http://www.uniras.gov.uk/vuls/2004/236929/
A vulnerability in the 802.11 wireless standard could allow a relatively unsophisticated attacker to shut down networks within five seconds. Wide exploitation of this flaw is not expected. For details, see http://www.theregister.co.uk/2004/05/13/wifi_security_flaw/
Information on three vulnerabilities affecting several Symantec firewall products is available from US-CERT at the sites listed below. Users are advised to apply available patches:
If left unpatched, a security flaw in the Safari web browser could allow a remote user to execute malicious code over the network. Apple Security Update 2004-06-07 (available at http://www.apple.com/support/downloads/ ) fixes this and several other security holes for Mac OS 10.3.4 (Panther) and Mac OS 10.2.8 (Jaguar) systems and servers.
For details, see
Easy way to stay current on Apple software downloads and patches: Mac OS X users can keep their systems up-to-date and patched more easily by setting up a frequent "Software Update" schedule in the System Preferences menu. "Software Update" checks for new software downloads and alerts you daily, weekly, or monthly, according to your preference.
To set this feature, open the Apple menu in the upper left corner of your screen and select "System Preferences." Click the "Update Software" button and check the box "Check for updates." Then select "daily," "weekly," or "monthly" from the "Check for updates" pull-down menu.
This virus masquerades as a Microsoft Word 2004 installer named "Microsoft Word 2004 OS X Web Install." Once activated, it attempts to delete a victim's home directory and its contents without warning.
For details and antivirus downloads, see Symantec's Security Response bulletin at http://securityresponse.symantec.com/avcenter/venc/data/macos.mw2004.trojan.html
If you regularly run Norton Antivirus LiveUpdate, you should already have the latest antivirus definitions. To stay abreast of late-breaking viruses, see Symantec's comprehensive list of the latest virus threats at http://securityresponse.symantec.com/avcenter/vinfodb.html
Mozilla Security Issue (Windows only)
To protect themselves from a recently discovered shell: protocol security issue,
users of Mozilla, Firefox, and Thunderbird who run Windows should either
update to the newest full release of each of these products or install a
security patch released on July 8. To learn more about the issue and how
to fix it, go to
http://www.mozilla.org/security/shell.html
Nearly a dozen browsers are vulnerable to a particular form of "spoofing" (faking) that can allow malicious content to be injected into a browser window that is owned by a trusted site. The following browsers are known to be vulnerable, and there may yet be more:
For more details, and to check your browser for this vulnerability using Secunia's test, go to http://secunia.com/advisories/11978/
In July, Microsoft issued a stop-gap fix for one of many malicious exploits that have plagued Internet Explorer in recent months and prompted some security agencies (notably US-CERT) to recommend that users consider switching to another browser altogether. This particular flaw, which is related to the ADODB.Stream object in the operating system's Data Access Components, will be eradicated in Windows XP Service Pack 2, slated for release in August. For details, see
This nasty, difficult-to-eradicate browser hijacker makes life miserable for Windows users in many ways. In addition to significantly slowing PC performance, CoolWebSearch can cause Windows to freeze, crash, or randomly reboot. It installs dozens of bookmarks to porn sites on your Windows desktop, adds a toolbar to Internet Explorer, and changes your home page without your consent. For more details on this malicious trojan, see "CoolWebSearch is winning Trojan war" at http://theregister.com/2004/06/29/cws_shredder/
A security researcher recently reported a glitch in Norton AntiVirus (NAV) that under certain conditions can trigger a denial of service attack. The problem has been traced to the NAV file repair engine and occurs when NAV scans some specially crafted compressed files. For details, see the advisory at http://www.geocities.com/visitbipin/Nav_dos_part_3.html