|
|
Windows 9x/Me | Microsoft Data Access Components | Disguised Email Worm | Microsoft's Virtual Machine | Latest MP3 Worms | WEP Security
If you haven't yet installed the patch, don't delay any
longer
A recent wave of viral infections points up the fact that many Windows users
are still vulnerable to a flaw that was first reported in October 2000. (Also
see the Computing News article, "… TCP File Sharing Vulnerable to
Password Probes" at http://cc.uoregon.edu/cnews/spring2001/winwarning.html)
If you run Windows 95/98/Me with File and Print sharing enabled, you are potentially vulnerable because of a flaw in the way the File and Print Sharing service implements password protection for a directory that's shared over a network. Unless you install the patch for this vulnerability, you run the risk of having a malicious user easily retrieve, modify, or delete any file within the network share.
Note: Only share level access permissions on Windows 95/98/ME machines are vulnerable. Because they can only be set up with user-level file share access controls, Windows NT and Windows 2000 machines are not susceptible.
Where's the patch? You may download the patch from Microsoft's Security Bulletin MS00-072 page at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-072.asp
This page also contains detailed instructions for applying the patch to your site, as well as a method for verifying that it's been correctly installed.
Extra protection from Symantec. In recent months, we have had almost daily reports of W32 Opaserv worm infection on the unpatched machines of dialin Windows users. Computing Center network security staff saw one recent instance in which Norton Antivirus apparently did not detect a variant of this worm, so if you want to be sure you're protected on all fronts, install the Microsoft patch and get Symantec's removal tool at http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.removal.tool.html
Computing Center staff are emailing warnings to UO computing account-holders when they detect an infected machine.
With the exception of Windows XP, most Windows systems are affected by a buffer overrun vulnerability in versions of Microsoft Data Access Components (MDAC) prior to version 2.7.
Web servers running versions of MDAC earlier than 2.7 are at risk, and Internet Explorer 5.x and 6.0 web clients are also affected. (Note that despite the fact that it uses IE 6.0, Windows XP is not vulnerable because it ships with MDAC 2.7.)
This vulnerability could be exploited to run code of the attacker's choice on a compromised system, and warrants a maximum severity rating of "critical."
Get the patch. Any IIS server with MDAC and all Internet Explorer clients should apply the patch immediately. Full details are available in Microsoft Security Bulletin MS02-065 at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-065.asp
Late last fall, Symantec Security Response uncovered a new type of worm that masquerades as an electronic greeting card in order to exploit the contents of Outlook address books for spamming purposes.
Known as the "W32.Friendgreet.worm," the new worm is not classified as a malicious threat because it is activated only if you agree to download software so that you can read your "E-Card from…<someone you know>"
You can spare yourself—and the people in your Outlook address book—spamming grief by simply refusing to open the installer package and not accepting the End User License Agreements (EULAs).
The latest information on this worm, as well as some websites that may harbor
it, is available on Symantec's security response page at
http://www.sarc.com/avcenter/venc/data/friendgreetings.html
Update fixes all known VM vulnerabilities in one fell swoop
In December, Microsoft issued the latest in a series of eight different warnings about security flaws in its implementation of the Java Virtual Machine (VM).
This latest flaw affects Windows 95, 98, 98SE, ME, NT 4.0, 2000, and XP—as well as several versions of Internet Explorer—and has the potential to enable an attacker to gain control of a user's system.
All versions of the Microsoft VM earlier than 5.00.3809 are affected.
The other Microsoft VM vulnerabilities (such as codebase spoofing and domain spoofing) were not considered as serious and earned only "important" and "moderate" warnings from the software developer.
Upgrade to Microsoft VM version 5.00.3809. You can fix all eight VM vulnerabilities by installing this new version of the Microsoft VM.
For a full description of VM vulnerabilities, as well as download information
and details on how to install the update for your particular version of Windows,
see Microsoft Knowledge Base Article MS02-069, "Flaw
in Microsoft VM May Compromise Windows," at
http://support.microsoft.com/default.aspx?scid=KB;en-us;810030&
Music file swapping can be dangerous to your computer's health.
The security firm Foundstone recently reported two new security vulnerabilities that could allow an attacker to completely take over a computer system via a malicious MP3 or WMA audio file.
Research sparks controversy about wireless network security
The Wired Equivalent Privacy algorithm, or WEP, recently came under fire from three security researchers in Berkeley, California. Nikita Borisov, Ian Goldberg, and David Wagner discovered a number of flaws in the algorithm when they put it to the test. Their conclusion? Despite its claim to privacy protection, WEP, which is part of the 802.11 standard, falls short.
For full details on the trio's analysis, se http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
A rebuttal by the chair of IEEE 802.11 (the Institute of Electrical and Electronics Engineers, Inc.) appears on http://slashdot.org/articles/01/02/15/1745204.shtml
Network administrators who want to learn more about wireless network security should check http://oreilly.com/catalog/802dot11/