Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #214

from [Marc Fossi] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #214
Date: Fri, 12 Nov 2004 11:11:47 -0700 (MST) 
SecurityFocus Microsoft Newsletter #214
----------------------------------------

This Issue is Sponsored By: Check Point

Your internal network is vulnerable and must be protected
from worms, Trojan horses, spyware and other threats.
Download a free, fact-filled Internal Security Information
Kit to learn how. Includes new META Group white paper, Flash
demo, and much more. Download now-free!

http://www.securityfocus.com/sponsor/CheckPoint_ms-secnews_041109

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. The Cost of Security Training
     2. Trends in Web Application Security
     3. Phishing For Savvy Users
II. MICROSOFT VULNERABILITY SUMMARY
     1. Microsoft Internet Explorer HTML Form Malformed A Tag Status...
     2. Cherokee HTTPD Auth_Pam Authentication Remote Format String ...
     3. PostgreSQL Unspecified RPM Initialization Script Vulnerabili...
     4. Cisco Secure Access Control Server Remote Authentication Byp...
     5. MailEnable Professional Webmail Unspecified Vulnerability
     6. RARLAB WinRAR Repair Archive Undisclosed Vulnerability
     7. Microsoft Internet Explorer IFRAME Status Bar URI Obfuscatio...
     8. Proxytunnel Remote Format String Vulnerability
     9. Sun Java System Web And Application Servers Remote Denial Of...
     10. TIPS MailPost Remote Debug Mode Information Disclosure Vulne...
     11. TIPS MailPost APPEND Variable Cross-Site Scripting Vulnerabi...
     12. TIPS MailPost Error Message Cross-Site Scripting Vulnerabili...
     13. TIPS MailPost Remote File Enumeration Vulnerability
     14. F-Secure Anti-Virus For Microsoft Exchange Password Protecte...
     15. Gallery Unspecified Remote HTML Injection Vulnerability
     16. Microsoft ISA Server Unspecified Vulnerability
     17. Moodle Remote Glossary Module SQL Injection Vulnerability
     18. IceWarp Web Mail Multiple Remote Vulnerabilities
     19. AntiBoard Unspecified SQL Injection Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
     1. root_drv.sys rootkit (Thread)
     2. SecurityFocus Microsoft Newsletter #213 (Thread)
     3. Event Log - Controling critical files and folders. (Thread)
     4. Notifying users of password expiration via e-mail` (Thread)
     5. AW: Remove "Shutdown" command from w2k PCs but enabl... (Thread)
     6. GPO that forces users to use a proxy server. (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
     1. CAT Cellular Authentication Token and eAuthentication Servic...
     2. KeyCaptor Keylogger
     3. SpyBuster
     4. FreezeX
     5. NeoExec for Active Directory
     6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
     1. creddump
     2. WapgGuihttp://workspaces.gotdotnet.com/wapggui 1.0
     3. antinat v0.81
     4. PopMessenger 1.60
     5. ByteShelter I 1.0
     6. DiskInternals Uneraser 2.01
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION

I. FRONT AND CENTER
-------------------
1. The Cost of Security Training
By Don Parker

The cost of providing security training to your staff may be high, but what
is the cost of not providing any training at all?

http://www.securityfocus.com/columnists/275


2. Trends in Web Application Security
By Kapil Raina

This article discusses current trends in penetration testing for web
application security, and in particular discusses a framework for selecting
the best tool or tools to use for this increasingly common type of application.

http://www.securityfocus.com/infocus/1809


3. Phishing For Savvy Users
By Scott Granneman

Recent "phishing" episodes are still often overlooked by tech-savvy users,
but a lesson in history shows how entire nations have been fooled.

http://www.securityfocus.com/columnists/274

II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft Internet Explorer HTML Form Malformed A Tag Status...
BugTraq ID: 11565
Remote: Yes
Date Published: Oct 30 2004
Relevant URL: http://www.securityfocus.com/bid/11565
Summary:
Microsoft Internet Explorer is reported prone to a URI obfuscation weakness.

This issue may be leveraged by an attacker to display false information in the 
status bar of an unsuspecting user, allowing an attacker to present web pages 
to users that seem to originate from a trusted location.

This vulnerability is reported to affect Internet Explorer 6 SP2, other 
versions might also be affected.

This issue is similar to BID 10023.

2. Cherokee HTTPD Auth_Pam Authentication Remote Format String ...
BugTraq ID: 11574
Remote: Yes
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11574
Summary:
It is reported that Cherokee is susceptible to a remote format string 
vulnerability. This issue is due to a failure of the application to properly 
sanitize user-supplied input before using it as the format specifier in a 
formatted printing function.

A remote attacker may exploit this vulnerability to execute arbitrary code in 
the context of the affected service.

3. PostgreSQL Unspecified RPM Initialization Script Vulnerabili...
BugTraq ID: 11575
Remote: Unknown
Date Published: Nov 01 2004
Relevant URL: http://www.securityfocus.com/bid/11575
Summary:
An unspecified RPM initialization script vulnerability affects PostgreSQL.  The 
underlying issue causing this vulnerability is currently unknown.

The impact of this issue is currently unknown.  This BID will be updated 
immediately upon the release of more information.

4. Cisco Secure Access Control Server Remote Authentication Byp...
BugTraq ID: 11577
Remote: Yes
Date Published: Nov 02 2004
Relevant URL: http://www.securityfocus.com/bid/11577
Summary:
Cisco Secure Access Control Server is affected by a remote authentication 
bypass vulnerability.  This issue is due to a failure of the software to 
properly validate user credentials prior to granting access.

The problem presents itself when an attacker attempts to authenticate to the 
affected server.  Apparently the application will grant access to any attacker 
that presents a valid user name and a certificate that is cryptographically 
correct.

An attacker can leverage this issue to gain unauthorized remote access to any 
devices or networks that rely on the affected software for access control.

5. MailEnable Professional Webmail Unspecified Vulnerability
BugTraq ID: 11578
Remote: Yes
Date Published: Nov 02 2004
Relevant URL: http://www.securityfocus.com/bid/11578
Summary:
MailEnable Professional Webmail is reported prone to an unspecified potential 
security vulnerability.  The cause and impact of this issue is currently 
unknown.  Due to the nature of the software, this issue is likely remotely 
exploitable.

MailEnable Professional 1.5 and prior versions are affected by this 
vulnerability.

6. RARLAB WinRAR Repair Archive Undisclosed Vulnerability
BugTraq ID: 11581
Remote: No
Date Published: Nov 02 2004
Relevant URL: http://www.securityfocus.com/bid/11581
Summary:
RARLAB WinRAR is reported prone to an undisclosed vulnerability. The issue is 
reported to exist in the 'Repair Archive' functionality of WinRAR.

The details of this vulnerability are not known; this BID will be updated as 
further information in regards to this vulnerability becomes available.

7. Microsoft Internet Explorer IFRAME Status Bar URI Obfuscatio...
BugTraq ID: 11590
Remote: Yes
Date Published: Nov 02 2004
Relevant URL: http://www.securityfocus.com/bid/11590
Summary:
Microsoft Internet Explorer is reported prone to a URI obfuscation weakness.

This issue may be leveraged by an attacker to display false information in the 
status bar of an unsuspecting user, allowing an attacker to present web pages 
to users that seem to originate from a trusted location.

This vulnerability is reported to affect Internet Explorer 6, other versions 
might also be affected.

8. Proxytunnel Remote Format String Vulnerability
BugTraq ID: 11592
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11592
Summary:
Proxytunnel is prone to a remotely exploitable format string vulnerability.  
This vulnerability is exposed when the proxy server handles malicious input 
from another remote server.  This issue occurs when the software is run in 
daemon mode.

Successful exploitation of this vulnerability may allow for execution of 
arbitrary code in the context of the proxy server.

9. Sun Java System Web And Application Servers Remote Denial Of...
BugTraq ID: 11593
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11593
Summary:
A remote denial of service vulnerability affects the Sun Java Web Server and 
the Sun Java Application Server.  This issue is due to a failure of the server 
applications to process malformed data.

An attacker may exploit this issue to cause the affected server to crash, 
denying service to legitimate users.

10. TIPS MailPost Remote Debug Mode Information Disclosure Vulne...
BugTraq ID: 11595
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11595
Summary:
TIPS MailPost is affected by a remote debug mode information disclosure 
vulnerability.  This issue is due to a design error that allows for the 
disclosure of sensitive information.

An attacker may leverage this issue to gain knowledge of sensitive information 
such as the server Web root directory and the Web server versions. Information 
disclosed in this way may facilitate further attacks.

11. TIPS MailPost APPEND Variable Cross-Site Scripting Vulnerabi...
BugTraq ID: 11596
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11596
Summary:
MailPost is reported prone to a cross-site scripting vulnerability.  This issue 
presents itself due to insufficient sanitization of user-supplied data and can 
allow an attacker to execute arbitrary HTML and script code in a user's browser.

This vulnerability may allow for theft of cookie-based authentication 
credentials or other attacks.

MailPost 5.1.1sv is reported prone to this issue.  It is possible that other 
versions are affected as well.

12. TIPS MailPost Error Message Cross-Site Scripting Vulnerabili...
BugTraq ID: 11598
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11598
Summary:
MailPost is reported prone to a cross-site scripting vulnerability. This issue 
presents itself due to insufficient sanitization of user-supplied data and can 
allow an attacker to execute arbitrary HTML and script code in a user's browser 
through a malicious error message returned from the application.

This attack would occur in the security context of the affected web site and 
may allow for theft of cookie-based authentication credentials or other attacks.

MailPost 5.1.1sv is reported prone to this issue. It is possible that other 
versions are affected as well.

13. TIPS MailPost Remote File Enumeration Vulnerability
BugTraq ID: 11599
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11599
Summary:
TIPS MailPost is affected by a remote file enumeration vulnerability.  This 
issue is due to a failure to properly sanitize user requests.

An attacker may leverage this issue to gain knowledge of the existence of files 
outside the Web root directory. Information disclosed in this way may 
facilitate further attacks.

14. F-Secure Anti-Virus For Microsoft Exchange Password Protecte...
BugTraq ID: 11600
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11600
Summary:
F-Secure Anti-Virus for Microsoft Exchange is reported prone to a scanner 
bypass vulnerability. It is reported that a specially crafted archive that is 
nested within another archive is sufficient to trigger this vulnerability. Such 
an archive may contain malicious applications and will not be detected and 
quarantined at the email gateway.

15. Gallery Unspecified Remote HTML Injection Vulnerability
BugTraq ID: 11602
Remote: Yes
Date Published: Nov 03 2004
Relevant URL: http://www.securityfocus.com/bid/11602
Summary:
An unspecified HTML injection vulnerability reportedly affects Gallery.  This 
issue is due to a failure of the application to properly sanitize user-supplied 
input.

An attacker may leverage this issue to execute arbitrary script code in the 
browser of an unsuspecting user.  This may facilitate the theft of cookie-based 
authentication credentials as well as other attacks.

16. Microsoft ISA Server Unspecified Vulnerability
BugTraq ID: 11605
Remote: Unknown
Date Published: Nov 04 2004
Relevant URL: http://www.securityfocus.com/bid/11605
Summary:
Microsoft has published advance notification that they will be releasing a 
security update for Internet Security and Acceleration (ISA) Server.  Fixes are 
pending release on November 9th, 2004.  No further details are known.

17. Moodle Remote Glossary Module SQL Injection Vulnerability
BugTraq ID: 11608
Remote: Yes
Date Published: Nov 05 2004
Relevant URL: http://www.securityfocus.com/bid/11608
Summary:
Moodle is affected by a remote SQL injection vulnerability in its glossary 
module.  This issue is due to a failure of the application to properly sanitize 
user-supplier input.

An attacker may leverage this issue to execute arbitrary SQL queries against 
the underlying database, potentially facilitating disclosure or corruption of 
sensitive data.  Other attacks are also possible.

18. IceWarp Web Mail Multiple Remote Vulnerabilities
BugTraq ID: 11611
Remote: Yes
Date Published: Nov 05 2004
Relevant URL: http://www.securityfocus.com/bid/11611
Summary:
Reportedly, multiple remote vulnerabilities affect IceWarp Web Mail.  These 
issues are due to access validation and design errors.

An attacker may leverage these issues to populate a file on an affected 
computer,  in a known location and potentially reveal a user's authentication 
credentials.  These issues may aid in further attacks.

19. AntiBoard Unspecified SQL Injection Vulnerability
BugTraq ID: 11613
Remote: Yes
Date Published: Nov 05 2004
Relevant URL: http://www.securityfocus.com/bid/11613
Summary:
An unspecified SQL injection vulnerability reportedly affects AntiBoard.  This 
issue is due to a failure of the application to properly sanitize user-supplied 
input prior to including it in an SQL query.

Successful exploitation could result in compromise of the application, 
disclosure or modification of data or may permit an attacker to exploit 
vulnerabilities in the underlying database implementation.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. root_drv.sys rootkit (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/380625

2. SecurityFocus Microsoft Newsletter #213 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/380236

3. Event Log - Controling critical files and folders. (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/380235

4. Notifying users of password expiration via e-mail` (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/380203

5. AW: Remove "Shutdown" command from w2k PCs but enabl... (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/380158

6. GPO that forces users to use a proxy server. (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/380147

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, 
Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:

Low cost, easy to use Two Factor Authentication One Time Password token using 
the Cellular. Does not use SMS or communication, manages multiple OTP accounts 
- new technology. For any business that want a safer access to its Internet 
Services. More information at our site.

We also provide eAuthentication service for businesses that will not buy an 
Authentication product but would prefer to pay a monthly charge for 
authentication services from our our CAT Server.

2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:

KeyCaptor is your solution for recording ALL keystrokes of ALL users on your 
computer!  Now you have the power to record emails, websites, documents, chats, 
instant messages, usernames, passwords, and MUCH MORE!

With our advanced stealth technology, KeyCaptor will not show in your processes 
list and cannot be stopped from running unless you say so!

3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:

Our award winning spyware / adware scanner and removal software, SpyBuster will 
scan your computer for over 4,000 known spyware and adware applications. 
SpyBuster protects your computer from data stealing programs that can expose 
your personal information.

SpyBuster scanning technology allows for a quick and easy sweep, so you can 
resume your work in minutes.

4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:

FreezeX prevents all unauthorized programs, including viruses, keyloggers and 
spy ware from executing. Powerful and secure, FreezeX ensures that any new 
executable, program, or application that is downloaded, introduced via 
removable media or the network will never install

5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:

NeoExec® is an operating system extension for Windows 2000/XP that allows the 
setting of privileges at the application level rather than at the user level.

NeoExec® is the ideal solution for applications that require elevated 
privileges to run as the privileges are granted to the application, not the 
user.

NeoExec® is the only solution on the market capable of modifying at runtime the 
processes' security context -- without requiring a second account as with RunAs 
and RunAs-derived products.

6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:

It's the end of your worries about top-secret data of your company, your 
confidential files or the pictures from the last party. All these will be 
hidden beyond the reach of ANY intruder and you will be the only one able to 
handle them. And what you want to delete will be DELETED. It is the ultimate 
security tool to protect your sensitive information on PC, meeting the three 
most important security issues: Integrity, Confidentiality and Availability. 
This product gives you the features of a "folder locker" and a "secure eraser".

Your secret information is available only trough this software and there is no 
other mean to access it. The information is protected at file system level and 
it cannot be accidentally deleted or overwritten neither in Safe mode nor in 
other operating system. This program doesn't make your operating system 
unstable as other related product do and protects your information from being 
seen, altered or deleted by an unauthorized user with or without his wish. The 
program allows you to permanently erase your sensitive data using secure wiping 
methods leaving no trace of your information. Depending on the selected wiping 
method your data is unrecoverable using software or even hardware recovery 
techniques.

V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. creddump
By: Massimiliano Montoro
Relevant URL: http://www.oxid.it/downloads/creddump.zip
Platforms: Windows XP
Summary:

Credential Manager is a new SSO solution that Microsoft offers in Windows 
Server 2003 and Windows XP to provide a secured store for credential 
information. It and allows you to input user name and passwords for various 
network resources and applications once, and then have the system automatically 
supply that information for subsequent visits to those resources without your 
intervention.

2. WapgGuihttp://workspaces.gotdotnet.com/wapggui 1.0
By: William D. Bartholomew
Relevant URL: http://workspaces.gotdotnet.com/wapggui
Platforms: Windows 2000, Windows XP
Summary:

A free, open-source, user-friendly interface to run the WAPG password 
generator. Supports generation of random and pronounceable passwords, 
specifying minimum and maximum length, specifying what character classes should 
or must be used, and much more.

3. antinat v0.81
By: Malcolm Smith
Relevant URL: http://yallara.cs.rmit.edu.au/~malsmith/products/antinat/
Platforms: MacOS, POSIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

The Antinat SOCKS Server is a multi-threaded, scalable SOCKS server with a 
client library for writing proxy-based applications. It supports SOCKS 4, SOCKS 
5, authentication, firewalling, UDP, and name resolution.

4. PopMessenger 1.60
By: LeadMind Development
Relevant URL: http://www.leadmind.com
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

Chat and send text messages and files to anyone on your LAN easily and securely!

5. ByteShelter I 1.0
By: MazZoft NDA
Relevant URL: http://www.mazzoft.com/bs1.zip
Platforms: Windows 2000, Windows 95/98
Summary:

This steganography tools lets you conceal data in Outlook e-mail messages and 
.doc files.

6. DiskInternals Uneraser 2.01
By: Alexey Babenko
Relevant URL: http://diskinternals.com/download/Uneraser_Setup.zip
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

DiskInternals Uneraser can recover any deleted file, including documents, 
photos, mp3 and zip files, or even folders and damaged disks. In addition to 
HDD, the program supports any type of storage media (music sticks, cameras, 
flash drives, USB drives, etc)! It works with encrypted files and helps you 
undelete file lost because of a virus attack or an employee's malicious 
behavior. No special skills needed; 100% free to try.

VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

VII. SPONSOR INFORMATION
-----------------------

This Issue is Sponsored By: Check Point

Your internal network is vulnerable and must be protected
from worms, Trojan horses, spyware and other threats.
Download a free, fact-filled Internal Security Information
Kit to learn how. Includes new META Group white paper, Flash
demo, and much more. Download now-free!

http://www.securityfocus.com/sponsor/CheckPoint_ms-secnews_041109

------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #214, Marc Fossi <=
Previous by Date:  Supported products in Windows Security Center (WSC), fIrestOrm
Next by Date:  Re: Supported products in Windows Security Center (WSC), Bob Jones
Previous by Thread:  Supported products in Windows Security Center (WSC), fIrestOrm
Next by Thread:  Microsoft rights management server alternatives, Lists
Indexes:  [Date] [Thread] [Top] [All Lists]