• United States

Microsoft patches DirectX flaw

Jul 24, 20034 mins

* Patches from Microsoft, Novell, Red Hat, others * Beware Windows virus spreading via e-mail pretending to be an e-card or tech support update * Meetinghouse updates WLAN security for Windows, and other interesting reading

Today’s bug patches and security alerts:

DirectX flaws put Windows systems at risk, Microsoft warns

Two security bugs in DirectX, a part of the Windows operating system that provides multimedia support, could allow an attacker to gain control over computers running it, Microsoft warned Wednesday. IDG News Service, 07/24/03.

Microsoft advisory:

Microsoft patches NT 4.0 flaw

A memory leak in the Windows NT 4.0 file management system could be exploited in a denial-of-service attack against the server. This vulnerability only affected Windows NT 4.0. For more, go to:

Related @Stake advisory:

Cumulative SQL patch from Microsoft

A new cumulative patch for Microsoft SQL Server 7.0, SQL Server 2000, MSDE 1.0, and MSDE 2000 is now available. This patch includes all previous patches for SQL as well as fixes for a couple of newly found security vulnerabilities. For more, go to:

Related @Stake advisory:


Novell patches Perl handler

A buffer overflow in Netware’s Perl handler may cause an ABEND. This could result in degraded server performance or a complete crash. For more, go to:


New Mac security update from Apple

Apple has released a new security update to fix a couple flaws in Workgroup Manager that ships with Mac OS X Server 10.2. More information on the update can be found here:


Red Hat, Conectiva patch kernel

A number of vulnerabilities have been fixed in the Red Hat Linux kernel 2.4. The flaws could be exploited to steal passwords, cause a system crash or potentially read files on the affected machine. The same issues have been found and patched in the Conectiva kernel as well. For more, go to:

Red Hat:



Conectiva patches nfs-utils

A buffer overflow vulnerability has been found in the nfs-utils package, which provides a daemon for the kernel NFS server. An attacker could exploit the flaw in a denial-of-service attack, though it does not appear as if code could be executed. For more, go to:

Conectiva releases Apache update

A number of vulnerabilities in the Apache Webserver code have been fixed in this latest release. Most of the flaws could be exploited in a denial-of-service attack against the affected server. For more, go to:

Conectiva releases cups fix

Numerous overflows have been patched in the Conectiva version of cups (Common UNIX Printing System). Some of the overflows could be exploited to execute arbitrary commands on the affected machine. For more, go to:


Today’s roundup of virus alerts:

Troj/DownLdr-DI – A Trojan horse that downloads malicious codes from a remote Web site. No word on what damage can be caused to an infected machine. (Sophos)

W32/Mofei-C – A virus that can slow the infected machine down and spreads via network shares with weak or no password protection. It also opens a backdoor to listen for remote instructions. (Sophos)

W32/Jantic-B – This Windows virus spreads via e-mail pretending to be an e-card or tech support update. The virus e-mails itself to everyone in the infected machine’s address book. (Sophos)


From the interesting reading department:

Cracking Windows passwords in seconds

If your passwords consist of letters and numbers, beware. Swiss researchers Tuesday released a paper outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds from 1 minute 41 seconds., 07/22/03.

Meetinghouse updates WLAN security for Windows

A new release of client software for Windows computers adds tougher 802.11 wireless LAN security and some features designed for easier deployment in large-scale nets. Network World Fusion, 07/22/03.

Sophos boosts reporting capabilities

Sophos has released an antivirus tool that the company claims will boost the reporting capabilities of its management software suite. IDG News Service, 07/21/03.

Guilty Plea in Kinko’s Keystroke Caper

If you used a computer at a Kinko’s in New York last year, or the year before, there’s a good chance that JuJu Jiang was watching. SecurityFocus, 07/18/03.

Hacker cleans out bank accounts

A hacker is targeting clients of South Africa’s largest bank and has managed to steal hundreds of thousands of rands by breaching their accounts over the Internet. Sunday Times, 07/20/03.