* Delayed patch ends Microsoft's patch-free month early * NGSSoftware warns of Sybase vulnerabilities * Cisco declines to address security issue highlighted in our Tester's Challenge, and other interesting reading Today’s bug patches and security alerts:Delayed patch ends Microsoft’s patch-free month earlyA glitch in Microsoft’s Windows Update automated patching service caused a security fix that was released last month to be delivered to computer users on Tuesday, the same day Microsoft proclaimed December would be a patch-free month. IDG News Service, 12/11/03.https://www.nwfusion.com/news/2003/1211delaypatch.html?nl Original Microsoft advisory:https://www.microsoft.com/technet/security/bulletin/MS03-051.asp **********NGSSoftware warns of Sybase vulnerabilitiesNGSSoftware Insight Security Research is warning of a number of vulnerabilities in Sybase’s Adaptive Server Anywhere, the rational database core of SQL Anywhere Studio 8. Issues found include format string, buffer overflow, denial-of-service and other vulnerabilities. For more, go to:https://www.nextgenss.com/advisories/sybase.txt**********Gentoo, Slackareware patch cvs A flaw in versions of the cvs server prior to 1.11.10 could be exploited to create directories and files at the root level of the affected machine. For more, go to:Gentoo:https://forums.gentoo.org/viewtopic.php?t=114012Slackware: https://www.nwfusion.com/go2/1215bug1a.html**********Gentoo patches gnupgA flaw in the way gnupg deals with type 20 ElGamal sign+encrypt keys could allow for an unauthorized user to recover private keys from a signature. For more, go to:https://forums.gentoo.org/viewtopic.php?t=114413**********Mandrake Linux patches net-snmpAccording to an alert from Mandrake Linux, “A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view.” For more, go to:https://www.nwfusion.com/go2/1215bug1b.html**********Today’s roundup of virus alerts:Scold.A — A worm that’s designed to “collapse computers and networks”, Scold.A spreads via e-mail and creates copies of itself on the infected machines. (Panda Software)Alphx.B — Spreads via AOL Instant Messenger. It contacts everyone in the infected machine’s buddy list inviting them to visit a Web page, where the malicious code is downloaded to the target machine. (Panda Software)W32/Agobot-BM — A backdoor Trojan that connects to an IRC server to listen for commands from an attacker. The virus disguises itself as the Windows Media Player application. (Sophos)**********From the interesting reading department:Tester’s Challenge: Dumb defaults updateOur inaugural Tester’s Challenge called on vendors, particularly Cisco, to address why their products still support unsecure access and management protocols – such as earlier versions of Secure Shell, SNMP and HTTP – out of the box. Network World, 12/15/03.https://www.nwfusion.com/go2/1215bug1c.htmlReview: ArcSight’s flexibility and interface helps it lead the pack of security data organizers We test security event management tools from ArcSight, e-Security, Network Intelligence, Tenable Network Security and netForensics. Network World, 12/15/03.https://www.nwfusion.com/reviews/2003/1215semrev.html?nlVendors bulk up patch managementPatch management vendors BigFix and LanDesk are upgrading their software to meet corporate demand for more-comprehensive tools that go beyond the discovery and installation of new patches. Network World, 12/15/03.https://www.nwfusion.com/news/2003/1215patch.html?nl2004 seen bringing more, worse cyberattacksThe New Year will offer weary network administrators little respite from a new generation of Internet worms, viruses and targeted hacks that appeared in 2003, according to security experts. IDG News Service, 12/11/03.https://www.nwfusion.com/news/2003/1211infos200.html?nlRemote access finds another optionIP Dynamics is announcing an enterprise network version of its carrier-class software that creates secure connections over the Internet – an alternative to Secure Sockets Layer and IP Security remote-access technologies. Network World, 12/15/03.https://www.nwfusion.com/news/2003/1215ipdynamics.html?nlMicrosoft readies Windows XP Service Pack 2 betaMicrosoft is gearing up for the first beta test of a set of updates for Windows XP designed to bolster the operating system’s security and add features such as support for the latest version of Bluetooth and a new wireless LAN client. IDG News Service, 12/11/03.https://www.nwfusion.com/news/2003/1211microreadi.html?nlInfoSecurity Conference focuses on management, mobility“Management” and “mobility” were words on the tips of many attendees’ tongues at the InfoSecurity 2003 Conference and Exhibition in New York, as leading security technology vendors displayed products for managing security devices, combating spam and securing mobile devices. IDG News Service, 12/12/03.https://www.nwfusion.com/news/2003/1212infoswra.html?nl Related content news EU approves $1.3B in aid for cloud, edge computing New projects focus on areas including open source software to help connect edge services, and application interoperability. By Sascha Brodsky Dec 05, 2023 3 mins Technology Industry Edge Computing Cloud Computing brandpost Sponsored by HPE Aruba Networking Bringing the data processing unit (DPU) revolution to your data center By Mark Berly, CTO Data Center Networking, HPE Aruba Networking Dec 04, 2023 4 mins Data Center feature 5 ways to boost server efficiency Right-sizing workloads, upgrading to newer servers, and managing power consumption can help enterprises reach their data center sustainability goals. By Maria Korolov Dec 04, 2023 9 mins Green IT Servers Data Center news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe