- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
One of our readers has written in with an interesting problem:
When doing business over the Internet, I always check for the https on the address line before entering secure data. About two and a half months ago, after using Live Update to install Symantec's weekly updates, I have been noticing that on about 25% of secure sites the secure socket fails to be indicated (http instead of https). On a few sites, secure login, even without the https indicated, login fails. These sites include some that are well known, such as Amazon.com.
I have found that temporarily disabling Norton Internet Security *totally* will allow the secure socket to work, but this is trading one insecurity for another. This is the only work-around that Symantec technical support can come up with, which is unacceptable. Other contacts with them seem to disappear down a black hole.
Has any one else come across this problem or have an idea how to fix it? Drop me a line at jmeserve@nww.com
Today's bug patches and security alerts:
Microsoft patches critical bugs in IE, Windows
Microsoft released 10 security patches, including three deemed "critical," for bugs in a variety of the company's products.
Released Tuesday as part of the company's monthly updates, the critical patches repair flaws in Windows and Internet Explorer
that could allow attackers to take complete control of a computer, Microsoft said. IDG News Service, 06/14/05.
http://www.networkworld.com/news/2005/061405-microsoft-patch.html?nl
Microsoft advisories:
MS05-025: Cumulative Security Update for Internet Explorer:
http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx
MS05-026: Vulnerability in HTML Help Could Allow Remote Code Execution:
http://www.microsoft.com/technet/security/Bulletin/MS05-026.mspx
MS05-027: Vulnerability in Server Message Block Could Allow Remote Code Execution:
http://www.microsoft.com/technet/security/Bulletin/MS05-027.mspx
MS05-028: Vulnerability in Web Client Service Could Allow Elevation of Privilege:
http://www.microsoft.com/technet/security/Bulletin/MS05-028.mspx
MS05-029: Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks:
http://www.microsoft.com/technet/security/Bulletin/MS05-029.mspx
MS05-030: Vulnerability in Outlook Express Could Allow Remote Code Execution:
http://www.microsoft.com/technet/security/Bulletin/MS05-030.mspx
MS05-031: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution:
http://www.microsoft.com/technet/security/Bulletin/MS05-031.mspx
MS05-032: Vulnerability in Microsoft Agent Could Allow Spoofing:
http://www.microsoft.com/technet/security/Bulletin/MS05-032.mspx
MS05-033: Vulnerability in Telnet Client Could Allow Information Disclosure:
http://www.microsoft.com/technet/security/Bulletin/MS05-033.mspx
MS05-034: Cumulative Security Update for ISA Server 2000:
http://www.microsoft.com/technet/security/Bulletin/MS05-034.mspx
Related advisories:
ISS: Internet Explorer PNG Overflow:
http://xforce.iss.net/xforce/alerts/id/196
ISS: Multiple Microsoft Vulnerabilities:
http://xforce.iss.net/xforce/alerts/id/195
CERT: Microsoft Windows and Internet Explorer Vulnerabilities:
http://www.us-cert.gov/cas/techalerts/TA05-165A.html
**********
Sun patches critical Java flaws
Sun issued alerts this week about vulnerabilities in its Java platform that security researchers describe as critical that
could allow attackers to execute malicious code on targeted computers. The affected software is Sun's Java Web Start and Java
Runtime Environment. Weaknesses in the programs could allow applications to grant themselves permissions to write local files
or execute other applications, allowing an attacker to gain back-door access to victims' computers. Such an attack could be
carried out without any visible symptoms, Sun said. IDG News Service, 06/15/05.
http://www.networkworld.com/news/2005/061505-sun-java.html?nl
Sun advisories:
Security Vulnerability With Java Web Start:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101748-1
Security Vulnerability With Java Runtime Environment May Allow Untrusted Applet to Elevate Privileges:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
**********
Adobe updates License Management Service to fix flaw
A vulnerability in the License Management Service used in many Adobe products could be exploited by an attacker to gain access
to the affected machine. For more, go to:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=2955
**********
Flaws in Gaim patched
Two vulnerabilities have been found in Gaim, an open source IM client that works with multiple instant messaging services.
The flaws could be exploited to in a denial-of-service attack. For more, go to:
http://gaim.sourceforge.net/downloads.php
Related updates:
Gentoo:
http://security.gentoo.org/glsa/glsa-200506-11.xml
Mandriva:
http://www.mandriva.com/security/advisories?name=MDKSA-2005:099
Ubuntu:
https://www.ubuntulinux.org/support/documentation/usn/usn-140-1
**********
Trustix releases 'multi' patch
A new update from Trustix fixes flaws in Kerberos, mailman, mod_perl, OpenSSL, PHP, SpamAssassin, tcpdump, Telnet and wget.
The most serious of the flaws could be exploited to run malicious code on the affected machine. For more, go to:
http://www.trustix.org/errata/2005/0028/
**********
Mandriva patches rsh
According to an alert from Mandriva, "A vulnerability in the rcp protocol was discovered that allows a server to instruct
a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user
used rcp to copy files from a malicious server." For more, go to:
http://www.mandriva.com/security/advisories?name=MDKSA-2005:100
**********
Today's roundup of virus alerts:
Troj/Cgab-A - This Trojan exploits the Windows HTML Help Control flaw to infect a machine. It attempts to download additional malicious code from a remote site. (Sophos)
W32/Kassbot-F - A Trojan that acts as a backdoor server to allow access to the infected machine. It spreads through network shares, dropping "spools.exe" in the Windows system folder. It can be used to steal username and password information for specific banking sites and disables access to certain anti-virus and security Web sites by modifying the HOSTS file. (Sophos)
W32/Mytob-DO - Another day, another Mytob variant. This one too spreads through e-mail and network shares, exploiting a number of known Windows vulnerabilities in its attempt to infect. This variant drops "taskgmr.exe" and "w32dnsl.exe" on its target machine. (Sophos)
W32/Mytob-AT - This Mytob variant installs "External.exe" on the infected machine. Its infected e-mails look like a system message warning of a problem with a password. (Sophos)
W32/Mytob-BH - Yet another Mytob variant. This one drops "nec.exe" on the infected machine. It also modifies the Windows HOSTS file to limit access to security-related sites. (Sophos)
W32/Mytob-BI - A similar Mytob variant to Mytob-BH above, except this one uses "winsys33.exe" as its infection point. (Sophos)
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment