Toolkits to Unblock/Block Delivery of Windows XP SP2:
"While recognizing the security benefits of Windows XP SP2, some organizations have requested the ability to temporarily disable delivery of this update via Automatic Updates (AU) and Windows Update (WU). These organizations have populations of PCs, upon which they have enabled AU. This is done to ensure that these PCs receive all critical security updates. Since SP2 will start to be delivered to PCs running Windows XP or Windows XP with SP1 via AU starting on August 16, these customers would like to temporarily block the delivery of SP2 in order to provide additional time for validation and testing of the update. In response to these requests, Microsoft is providing this set of tools."
Un-block Delivery of Windows XP SP2 to a PC Through Automatic Updates and Windows Update
http://www.microsoft.com/downloads/details.aspx?FamilyID=b2300c7b-f3d7-48d6-b86c-1256c0321727&DisplayLang=en" target="_blank
Temporarily Block Delivery of Windows XP SP2 to a PC Through Automatic Updates and Windows Update
http://www.microsoft.com/downloads/details.aspx?FamilyID=871e8b42-c6d7-4402-a5a9-9d52a9cd2500&DisplayLang=en" target="_blank
Toolkit to Temporarily Block Delivery of Windows XP SP2 to a PC Through Automatic Updates and Windows
http://www.microsoft.com/downloads/details.aspx?FamilyID=8bce6bba-ea5d-4425-89c1-c1cb1ccd463c&DisplayLang=en" target="_blank
http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=32676&messageID=375942
Saturday, August 14, 2004
Friday, August 13, 2004
AIM Beta Fixes Security Hole
AIM Beta Fixes Security Hole:
"America Online Inc. has released a beta version of AOL Instant Messenger that fixes a critical security hole that could open users to remote attack.
As previously reported, AOL had promised to fix the vulnerability in an upgraded version of AIM. On Tuesday, it made a test version of AIM 5.9 available for download.
http://www.eweek.com/article2/0,,1634224,00.asp?kc=ewnws081104dtx1k0000599"
Security researchers had found that AIM 5.5 for Windows, and possibly earlier versions, was vulnerable to an attacker executing arbitrary code.
An attacker could initiate a buffer overflow through AIM's "Away" feature if a user were to click on a malicious link sent in an instant message. The "Away" features allows AIM users to send automatic messages about their presence status.
AOL spokesman Andrew Weinstein said the Dulles, Va., company knew of no active exploits of the vulnerability. Security research company iDEFENSE Inc., which put out an advisory this week, had informed AOL of the issue about a month ago, giving AOL an opportunity to plug the hole, Weinstein said.
The fix also will be incorporated into the full release of AIM 5.9, which a spokeswoman said is expected in early fall.…
http://www.eweek.com/article2/0,,1634224,00.asp?kc=ewnws081104dtx1k0000599
"America Online Inc. has released a beta version of AOL Instant Messenger that fixes a critical security hole that could open users to remote attack.
As previously reported, AOL had promised to fix the vulnerability in an upgraded version of AIM. On Tuesday, it made a test version of AIM 5.9 available for download.
http://www.eweek.com/article2/0,,1634224,00.asp?kc=ewnws081104dtx1k0000599"
Security researchers had found that AIM 5.5 for Windows, and possibly earlier versions, was vulnerable to an attacker executing arbitrary code.
An attacker could initiate a buffer overflow through AIM's "Away" feature if a user were to click on a malicious link sent in an instant message. The "Away" features allows AIM users to send automatic messages about their presence status.
AOL spokesman Andrew Weinstein said the Dulles, Va., company knew of no active exploits of the vulnerability. Security research company iDEFENSE Inc., which put out an advisory this week, had informed AOL of the issue about a month ago, giving AOL an opportunity to plug the hole, Weinstein said.
The fix also will be incorporated into the full release of AIM 5.9, which a spokeswoman said is expected in early fall.…
http://www.eweek.com/article2/0,,1634224,00.asp?kc=ewnws081104dtx1k0000599
Wednesday, August 11, 2004
Between the Lines : Opera not exactly the safe alternative - ZDNet.com
Between the Lines : Opera not exactly the safe alternative - ZDNet.com:
"Opera not exactly the safe alternative"
In the wake of several critical flaws in Internet Explorer that surfaced in July (and that were subsequently patched by Microsoft), some security pros were recommending abstinence from using IE. Mozilla’s Firefox and Opera’s namesake browser were cited as alternatives. Even I heeded the advice and switched to Opera. But, in addition to some usability problems I encountered, Opera isn’t exactly turning out to be the safe haven I hoped it was. According to a recently updated security advisory from GreyMagic Software, a vulnerability in Opera has not only left Windows systems exposed, but assumed-to-be impenetrable Mac and Linux systems as well. The vulnerability exists in Opera versions up to and including version 7.53. While an update (version 7.54) is available from Opera’s Web site, the vulnerability calls into question whether Opera needs some better security talent on its development team. GreyMagic’s advisory notes that Opera overlooked the vulnerability when it addressed a previously issued advisory. This isn’t the first bad news for alternative browsers. Just last week, researchers identified a non-IE-specific buffer-overflow vulnerability in the Portable Network Graphics (PNG) image file format.…
http://blogs.zdnet.com/index.php?p=312
"Opera not exactly the safe alternative"
In the wake of several critical flaws in Internet Explorer that surfaced in July (and that were subsequently patched by Microsoft), some security pros were recommending abstinence from using IE. Mozilla’s Firefox and Opera’s namesake browser were cited as alternatives. Even I heeded the advice and switched to Opera. But, in addition to some usability problems I encountered, Opera isn’t exactly turning out to be the safe haven I hoped it was. According to a recently updated security advisory from GreyMagic Software, a vulnerability in Opera has not only left Windows systems exposed, but assumed-to-be impenetrable Mac and Linux systems as well. The vulnerability exists in Opera versions up to and including version 7.53. While an update (version 7.54) is available from Opera’s Web site, the vulnerability calls into question whether Opera needs some better security talent on its development team. GreyMagic’s advisory notes that Opera overlooked the vulnerability when it addressed a previously issued advisory. This isn’t the first bad news for alternative browsers. Just last week, researchers identified a non-IE-specific buffer-overflow vulnerability in the Portable Network Graphics (PNG) image file format.…
http://blogs.zdnet.com/index.php?p=312
Windows XP Service Pack 2
Windows XP Service Pack 2:
"The package was released on August 6, but it will not appear immediately on www.windowsupdate.com. Turning on Automatic Updates is the best way to upgrade. Microsoft will use metered downloads to update users steadily without bogging down the entire Internet."
http://www.pcmag.com/print_article/0,1761,a=132722,00.asp
"The package was released on August 6, but it will not appear immediately on www.windowsupdate.com. Turning on Automatic Updates is the best way to upgrade. Microsoft will use metered downloads to update users steadily without bogging down the entire Internet."
SP2 is dedicated to enhancing security in a variety of ways. Microsoft had originally planned for SP2 to turn on automatic updates by default to ensure that as many users as possible installed important patches. But this turned out to be illegal in some countries. Instead, users will be forced to choose "on" or "off" (see Figure 1 ) during installation (or, we assume, on first boot for machines that come with SP2 preinstalled).
Automatic updates currently install only critical patches for Windows; in SP2, they'll install both critical and security patches for Windows as well as some other Microsoft applications. If a download is interrupted, Windows Update will restart at the point where the interruption occurred. At shutdown, if updates have been downloaded but not installed, Windows will offer to install them and then shut down.…
http://www.pcmag.com/print_article/0,1761,a=132722,00.asp
Download details: Windows XP Service Pack 2 for IT Professionals and Developers
Download details: Windows XP Service Pack 2 for IT Professionals and Developers:
"This installation package is intended for IT professionals and developers downloading and installing on multiple computers on a network. If you're updating just one computer, please visit http://www.microsoft.com/protect."
There are a few people who will upgrade their nets one computer at a time. This post is for small nonprofits, community centers, and home networks.
http://www.microsoft.com/downloads/details.aspx?FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a&DisplayLang=en
"This installation package is intended for IT professionals and developers downloading and installing on multiple computers on a network. If you're updating just one computer, please visit http://www.microsoft.com/protect."
There are a few people who will upgrade their nets one computer at a time. This post is for small nonprofits, community centers, and home networks.
http://www.microsoft.com/downloads/details.aspx?FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a&DisplayLang=en
Tuesday, August 10, 2004
AIM Security Hole Opens Users to Remote Attack
AIM Security Hole Opens Users to Remote Attack:
"…oversized values passed to the 'goaway' function of AIM's 'aim:' URI handler may be used to overwrite the pointer to the Structured Exception Handler, which could then be used to execute code written by the attacker."
The attack would appear as a link in the instant messaging window, and the user would have to click on the link in order to be subject to the vulnerability.
America Online Inc.'s AIM 5.5 has been tested and shown to be vulnerable, but iDEFENSE suspects that previous versions are also vulnerable. The iDEFENSE advisory says that AOL "recommends that Windows users of AIM upgrade to the latest beta version to be released on Aug. 9.
"This new version of AIM addresses the vulnerability described herein and can be obtained via the AOL Instant Messenger portal.…"
http://www.eweek.com/article2/0,1759,1633779,00.asp?kc=ewnws081004dtx1k0000599
"…oversized values passed to the 'goaway' function of AIM's 'aim:' URI handler may be used to overwrite the pointer to the Structured Exception Handler, which could then be used to execute code written by the attacker."
The attack would appear as a link in the instant messaging window, and the user would have to click on the link in order to be subject to the vulnerability.
America Online Inc.'s AIM 5.5 has been tested and shown to be vulnerable, but iDEFENSE suspects that previous versions are also vulnerable. The iDEFENSE advisory says that AOL "recommends that Windows users of AIM upgrade to the latest beta version to be released on Aug. 9.
"This new version of AIM addresses the vulnerability described herein and can be obtained via the AOL Instant Messenger portal.…"
http://www.eweek.com/article2/0,1759,1633779,00.asp?kc=ewnws081004dtx1k0000599
Bagle Worm Variant Slips Through Defenses
Bagle Worm Variant Slips Through Defenses:
"Another variant of the ubiquitous Bagle worm is now making its way across the Internet, flooding in-boxes with infected Zip files. The newest member of the Bagle family, named Bagle.AQ, arrives via an e-mail message with a spoofed sending address and no subject line. The only text in the message body is typically one or two words, either 'price' or 'new price.'
The name of the infected Zip file that accompanies the message is some variation on that theme as well. The files often are named Price.zip or New_price.zip, and may have a number appended to the end of the file name. "
Bagle.AQ first appeared Monday and began circulating in earnest in the early afternoon Eastern time. Some users reported getting as many as 100 infected messages in an hour. Virus researchers said they first began seeing Bagle.AQ at about 8 a.m. Monday and have been seeing thousands of copies an hour.
If a user opens the Zip file with an application such as Windows Internet Explorer that is not a standalone Zip file handler, the user will see an HTML file that contains exploit code. The file will then execute an included .exe file, which is a Trojan, according to McAfee Inc.'s analysis. The Trojan then connects to a number of remote sites to download the actual viral code.
This new variant is one of the few worms or viruses known to download its viral payload remotely after it is already resident on a PC. It is not until the code is actually pulled down by the Trojan that Bagle.AQ begins trying to replicate itself by sending out e-mails.…
http://www.eweek.com/article2/0,1759,1633740,00.asp?kc=ewnws081004dtx1k0000599
"Another variant of the ubiquitous Bagle worm is now making its way across the Internet, flooding in-boxes with infected Zip files. The newest member of the Bagle family, named Bagle.AQ, arrives via an e-mail message with a spoofed sending address and no subject line. The only text in the message body is typically one or two words, either 'price' or 'new price.'
The name of the infected Zip file that accompanies the message is some variation on that theme as well. The files often are named Price.zip or New_price.zip, and may have a number appended to the end of the file name. "
Bagle.AQ first appeared Monday and began circulating in earnest in the early afternoon Eastern time. Some users reported getting as many as 100 infected messages in an hour. Virus researchers said they first began seeing Bagle.AQ at about 8 a.m. Monday and have been seeing thousands of copies an hour.
If a user opens the Zip file with an application such as Windows Internet Explorer that is not a standalone Zip file handler, the user will see an HTML file that contains exploit code. The file will then execute an included .exe file, which is a Trojan, according to McAfee Inc.'s analysis. The Trojan then connects to a number of remote sites to download the actual viral code.
This new variant is one of the few worms or viruses known to download its viral payload remotely after it is already resident on a PC. It is not until the code is actually pulled down by the Trojan that Bagle.AQ begins trying to replicate itself by sending out e-mails.…
http://www.eweek.com/article2/0,1759,1633740,00.asp?kc=ewnws081004dtx1k0000599
eWEEK.com's Special Report on Windows XP Evolution
eWEEK.com's Special Report on Windows XP Evolution:
"Windows XP Evolution"
"Windows XP Evolution"
Opinion: Implementing XP SP2 is almost as much work as installing a new operating system, and Microsoft needs to get the word out to its channel's customers.
The next major version of Windows may still be hovering just out of sight, but today's security problems are very much with us and looming larger all the time.
Redmond gives IT pros and developers the green light to download the 272MB package—but single users are still waiting.
IT pros point to Norton AntiVirus, legacy products and some custom apps as particularly vulnerable to incompatibilities with Windows XP Service Pack 2.
After several delays, Microsoft has finally handed over the code for Windows XP Service Pack 2 to manufacturers.
Monday, August 09, 2004
Image flaw pierces PC security - News - ZDNet
Image flaw pierces PC security - News - ZDNet:
"Six vulnerabilities in a common code that handles an open-source image format could allow intruders to compromise computers running Linux and may allow attacks against Windows PCs as well as Macs running OS X.
The security issues appear in a library supporting the portable network graphics (PNG) format, used widely by programs such as the Mozilla and Opera browsers and various e-mail clients. The most critical issue, a memory problem known as a buffer overflow, could allow specially created PNG graphics to execute a malicious program when the application loads the image.
Among the programs that use libPNG and are likely to be affected by the flaws are the Mail application on Apple Computer's Mac OS X, the Opera and Internet Explorer browsers on Windows, and the Mozilla and Netscape browsers on Solaris, according to independent security researcher Chris Evans, who discovered the issues. Apple and Microsoft could not immediately be reached for comment. Evans did not test every platform to check which vulnerabilities work, he said.…"
http://zdnet.com.com/2100-1105_2-5298999.html?tag=adnews
"Six vulnerabilities in a common code that handles an open-source image format could allow intruders to compromise computers running Linux and may allow attacks against Windows PCs as well as Macs running OS X.
The security issues appear in a library supporting the portable network graphics (PNG) format, used widely by programs such as the Mozilla and Opera browsers and various e-mail clients. The most critical issue, a memory problem known as a buffer overflow, could allow specially created PNG graphics to execute a malicious program when the application loads the image.
Among the programs that use libPNG and are likely to be affected by the flaws are the Mail application on Apple Computer's Mac OS X, the Opera and Internet Explorer browsers on Windows, and the Mozilla and Netscape browsers on Solaris, according to independent security researcher Chris Evans, who discovered the issues. Apple and Microsoft could not immediately be reached for comment. Evans did not test every platform to check which vulnerabilities work, he said.…"
http://zdnet.com.com/2100-1105_2-5298999.html?tag=adnews
Subscribe to:
Posts (Atom)
Posts
