Microsoft patches DirectX flaw

Today’s bug patches and security alerts:

DirectX flaws put Windows systems at risk, Microsoft warns

Two security bugs in DirectX, a part of the Windows operating system that provides multimedia support, could allow an attacker to gain control over computers running it, Microsoft warned Wednesday. IDG News Service, 07/24/03.

https://www.nwfusion.com/news/2003/0724direcflaws.html

Microsoft advisory:

https://www.microsoft.com/technet/security/bulletin/MS03-030.asp

Microsoft patches NT 4.0 flaw

A memory leak in the Windows NT 4.0 file management system could be exploited in a denial-of-service attack against the server. This vulnerability only affected Windows NT 4.0. For more, go to:

https://www.microsoft.com/technet/security/bulletin/MS03-029.asp

Related @Stake advisory:

https://www.atstake.com/research/advisories/2003/a072303-1.txt

Cumulative SQL patch from Microsoft

A new cumulative patch for Microsoft SQL Server 7.0, SQL Server 2000, MSDE 1.0, and MSDE 2000 is now available. This patch includes all previous patches for SQL as well as fixes for a couple of newly found security vulnerabilities. For more, go to:

https://www.microsoft.com/technet/security/bulletin/MS03-031.asp

Related @Stake advisory:

https://www.atstake.com/research/advisories/2003/a072303-2.txt

**********

Novell patches Perl handler

A buffer overflow in Netware’s Perl handler may cause an ABEND. This could result in degraded server performance or a complete crash. For more, go to:

https://support.novell.com/servlet/tidfinder/2966549

**********

New Mac security update from Apple

Apple has released a new security update to fix a couple flaws in Workgroup Manager that ships with Mac OS X Server 10.2. More information on the update can be found here:

https://docs.info.apple.com/article.html?artnum=61798

**********

Red Hat, Conectiva patch kernel

A number of vulnerabilities have been fixed in the Red Hat Linux kernel 2.4. The flaws could be exploited to steal passwords, cause a system crash or potentially read files on the affected machine. The same issues have been found and patched in the Conectiva kernel as well. For more, go to:

Red Hat:

https://rhn.redhat.com/errata/RHSA-2003-238.html

Conectiva:

https://www.nwfusion.com/go2/0721bug2a.html

**********

Conectiva patches nfs-utils

A buffer overflow vulnerability has been found in the nfs-utils package, which provides a daemon for the kernel NFS server. An attacker could exploit the flaw in a denial-of-service attack, though it does not appear as if code could be executed. For more, go to:

https://www.nwfusion.com/go2/0721bug2b.html

Conectiva releases Apache update

A number of vulnerabilities in the Apache Webserver code have been fixed in this latest release. Most of the flaws could be exploited in a denial-of-service attack against the affected server. For more, go to:

https://www.nwfusion.com/go2/0721bug2c.html

Conectiva releases cups fix

Numerous overflows have been patched in the Conectiva version of cups (Common UNIX Printing System). Some of the overflows could be exploited to execute arbitrary commands on the affected machine. For more, go to:

https://www.nwfusion.com/go2/0721bug2d.html

**********

Today’s roundup of virus alerts:

Troj/DownLdr-DI – A Trojan horse that downloads malicious codes from a remote Web site. No word on what damage can be caused to an infected machine. (Sophos)

W32/Mofei-C – A virus that can slow the infected machine down and spreads via network shares with weak or no password protection. It also opens a backdoor to listen for remote instructions. (Sophos)

W32/Jantic-B – This Windows virus spreads via e-mail pretending to be an e-card or tech support update. The virus e-mails itself to everyone in the infected machine’s address book. (Sophos)

**********

From the interesting reading department:

Cracking Windows passwords in seconds

If your passwords consist of letters and numbers, beware. Swiss researchers Tuesday released a paper outlining a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds from 1 minute 41 seconds. Boston.com, 07/22/03.

https://www.nwfusion.com/go2/0721bug2e.html

Meetinghouse updates WLAN security for Windows

A new release of client software for Windows computers adds tougher 802.11 wireless LAN security and some features designed for easier deployment in large-scale nets. Network World Fusion, 07/22/03.

https://www.nwfusion.com/news/2003/0722meetinghouse.html

Sophos boosts reporting capabilities

Sophos has released an antivirus tool that the company claims will boost the reporting capabilities of its management software suite. IDG News Service, 07/21/03.

https://www.nwfusion.com/news/2003/0721sophounvei.html

Guilty Plea in Kinko’s Keystroke Caper

If you used a computer at a Kinko’s in New York last year, or the year before, there’s a good chance that JuJu Jiang was watching. SecurityFocus, 07/18/03.

https://www.securityfocus.com/news/6447

Hacker cleans out bank accounts

A hacker is targeting clients of South Africa’s largest bank and has managed to steal hundreds of thousands of rands by breaching their accounts over the Internet. Sunday Times, 07/20/03.

https://www.sundaytimes.co.za/2003/07/20/news/news01.asp