• United States

Microsoft fixes multiple Windows Media flaws

Jun 26, 20035 mins

* Patches from Microsoft, Red Hat * Beware W32/Magold-D, a virus that spreads via every means possible * Symantec under fire for bugs, flaws, and other interesting reading

Today’s bug patches and security alerts:

Microsoft patches Windows Media Services vulnerability

A flaw in the ISAPI interface used to log IP multicast traffic served from a machine running Windows Media Services could be exploited by a malicious user in a denial-of-service attack or to potentially run arbitrary code on the affected machine. The attacker would have to use a specially-crafted HTTP request to exploit the flaw. For more, go to:

Microsoft Windows Media Player flaw patched

A flaw in an ActiveX control used for embedding Windows Media Player in Web page could be exploited by a malicious Web page author to view certain information on the affected machine. A fix is available for the problem. For more, go to:


Red Hat updates ypserv

A flaw in the way ypserv’s Network Information Service (NIS) server deals with ignored responses could be exploited in denial-of-service attack against the affected machine. For more, go to:

Red Hat releases fixes in updated XFree86 package

A new XFree86 package for Red Hat Linux 8.0 contains a number of bug and security fixes. For more, go to:

Updated bash packages available from Red Hat

A number of bugs have been fixed in the GNU Bourne-Again Shell (bash) package for Red Hat Linux. The flaws mainly impact the package’s usability. For more, go to:


Today’s roundup of virus alerts:

W32/Nofer-B – A virus that spreads via e-mail. It extracts target addresses from a variety of sources on the infected machine. No word on damage caused by the virus. (Sophos)

W32/Redist-C – This virus spreads via e-mail (using a number of different message characteristics) and peer-to-peer networks. The virus deletes all files with the extension starting with “MP” and “WM”. It also logs keystrokes and mails them to a hotmail address as well as shuts down a range of security applications. (Sophos)

W32/Magold-D – A virus that spreads via every means possible: e-mail, peer-to-peer, network shares and IRC channels. It e-mails information about the infected machine back to the author, kills various security applications, overwrites certain files and displays random messages on the screen. (Sophos)

W32/Nofer-C – Another e-mail virus that extracts addresses from a number of sources on the infected machine. No word on any permanent damage caused by the virus. (Sophos)

Troj/Hacline-B – A Trojan horse that attempts to give outside users access to the infected machine via potential passwords stored in a file called “IPCPASS.TXT”. (Sophos)

Troj/PcGhost-A – This password-stealing Trojan also logs keystrokes and sends the collected information to a pre-configured e-mail address. (Sophos)

WM97/Relax-C – This virus displays a message on certain days of April, August and December. The virus claims to be erasing the C-drive, but this action is not confirmed. (Sophos)

JS/Fortnight-E – A virus that combines Java applets and JavaScript to infect malicious HTML pages. The virus can subvert the viewing of certain Web sites. (Sophos)

WM97/Simuleek-B – A Word macro virus that creates the file “WordSeek.vbs” in the Windows folder. No word on any permanent damage caused by the virus. (Sophos)

W32/Sage-A – This Word macro virus spreads via an e-mail message entitled “UPDATE” with an attachment called “ICQ2003a.exe”. The virus opens a number of ports on the infected machine that could be exploited by a malicious user. (Sophos)

W32/Sobig-E – An e-mail worm that comes as an attachment called “”. No word on any damage caused by the virus. (Sophos)

W32/Yaha-T – Another worm that spreads via e-mail, network shares and other drives attached to the infected machine. Yaha-T terminates certain applications, removes their registry entries and can be used in a denial-of-service attack against a Paksitani Web site. The virus may also drop a keystroke logger. (Sophos)


From the interesting reading department:

Symantec under fire for bugs, flaws

It’s shaping up to be a bad week for antivirus software company Symantec after researchers raised alarms about security holes and buggy code in two of the company’s products. IDG News Service, 06/25/03.

CA, SteelCloud partner on security appliance

A partnership between Computer Associates International and SteelCloud will deliver CA’s eTrust family of security technology in the form of rack-mounted appliances that are ‘hardened’ to reduce their vulnerability to attack. IDG News Service, 06/24/03.

Symantec updates focus on intrusion protection

Security company Symantec Monday issued updated versions of a number of software products under the guise of a new security framework it calls Symantec Intrusion Protection. IDG News Service, 06/23/03.

Vendors promise to improve on security appliances

Four leading security vendors acknowledged that their products lack a unified management approach, but promised to improve the situation in the coming months. Network World, 06/23/03.

Security appliance adds P-to-P controls

TippingPoint Technologies has announced an intrusion-prevention appliance that the company says can block a half-dozen peer-to-peer applications, including BearShare, Gnutella, iMesh, Kazaa, Limewire and WinMX. Network World, 06/23/03.