Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Microsoft fixes Print Spooler, Plug and Play flaws

Patches from Microsoft, Sun, Gentoo, others Beware new Mytob variant spreads through an e-mail message titles "Abuse Report" Microsoft to reissue Windows 2000 SP4 update, and other interesting reading
Security: Threat Alert By Jason Meserve , Network World , 08/11/2005
Sign up for this newsletter now!

Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Today's bug patches and security alerts:

Microsoft fixes Print Spooler, Plug and Play flaws

Microsoft  has released patches for six flaws in Windows and Internet Explorer, some of which could allow an attacker to gain control of a computer system. The patches, which include a fix for a newly discovered flaw in Microsoft's Plug-and-Play software, were released Tuesday and comprise Microsoft's regular patch releases for August. IDG News Service, 08/09/05.
http://www.networkworld.com/news/2005/080905-microsoft-patch.html

Microsoft advisories:

MS05-043: Vulnerability in Print Spooler Service Could Allow Remote Code Execution:
http://www.microsoft.com/technet/security/Bulletin/MS05-043.mspx

MS05-042: Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing:
http://www.microsoft.com/technet/security/Bulletin/MS05-042.mspx

MS05-041: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service:
http://www.microsoft.com/technet/security/Bulletin/MS05-041.mspx

MS05-040: Vulnerability in Telephony Service Could Allow Remote Code Execution:
http://www.microsoft.com/technet/security/Bulletin/MS05-040.mspx

MS05-039: Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege:
http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx

MS05-038: Cumulative Security Update for Internet Explorer:
http://www.microsoft.com/technet/security/Bulletin/MS05-038.mspx


Other related advisories:

CERT:
http://www.us-cert.gov/cas/techalerts/TA05-221A.html

ISS - Multiple Microsoft Vulnerabilities:
http://xforce.iss.net/xforce/alerts/id/203

ISS - Windows Plug and Play Remote Compromise:
http://xforce.iss.net/xforce/alerts/id/202
**********


Sun releases patch for XView

XView applications running under root privileges could be exploited to change system files, according to a Sun advisory. A fix is available:
http://www.networkworld.com/go2/0808bug2a.html
**********


Gentoo patches heartbeat

Heartbeat, a sub-system for High-Availability Linux, does not create temporary files in a secure fashion. An attacker could exploit this using a symlink attack. For more, go to:
http://security.gentoo.org/glsa/glsa-200508-05.xml
**********


iDefense warns of bug in EMC Navisphere Manager

A directory traversal vulnerability in EMC's Navisphere Manager storage management tool could be exploited by an attacker to access arbitrary file on the affected system. For more, go to:
http://www.networkworld.com/go2/0808bug2b.html
**********


Ubuntu updates ekg, Gadu code libraries

Flaws in the ekg and Gadu code libraries could be exploited to run malicious applications on an affected system. For more, go to:
https://www.ubuntulinux.org/support/documentation/usn/usn-162-1


Ubuntu releases fix for xpdf

A flaw in the way certain tables and fonts are handled by the xpdf viewer application could create a large temporary file that would eat all available disk space, rendering the application and system unresponsive. For more, go to:
https://www.ubuntulinux.org/support/documentation/usn/usn-163-1

Related advisory from KDE:
http://www.kde.org/info/security/advisory-20050809-1.txt
**********


Mandriva patches netpbm

According to an alert from Mandriva, "Max Vozeler discovered that pstopnm, a part of the netpbm graphics utility suite, would call the GhostScript interpreter on untrusted PostScript files without using the -dSAFER option when converting a PostScript file into a PBM, PGM, or PNM file.  This could result in the execution of arbitrary commands with the privileges of the user running pstopnm if they could be convinced to try to convert a malicious PostScript file." For more, go to:
http://www.mandriva.com/security/advisories?name=MDKSA-2005:133
**********

 

Today's roundup of virus alerts:

Troj/Whistler-F -- A virus that attempts to delete files on the infected machine. It installs itself as "whismng.exe" in the System directory and displays the message "You did a piracy, you deserve it." (Sophos)

Troj/BMDrop-A -- A file dropper that installs "index.exe" in the Windows System folder. No other word on what type of damage it may cause. (Sophos)

Troj/HideProc-H -- A Trojan that can be used to hide processes from the system task manager. It could be be used to cover up other malicious applications. (Sophos)

Troj/BagleDl-R -- This Trojan injects its malicious payload into the explorer.exe file. It can be used to limit access to security related sites by modifying the HOSTS file and to disable security-related applications. (Sophos)

W32/Sdbot-ABV -- A new Sdbot variant that spreads through network shares and drops "windir32.exe" in the system folder. It can be used for a number of malicious purposes including participating in denial-of-service attacks and stealing local data. (Sophos)

Jason Meserve is multimedia editor at Network World.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed