Security Alerts

 For All Users    For Advanced Users

+ = Windows: Critical Outlook Security Flaw

There is a flaw in Microsoft's Outlook e-mail, calendar and contacts program which would allow an attacker to run malicious software on a vulnerable computer. Microsoft has upgraded this security risk from "important" to "critical", meaning that users should download and install a patch to correct the problem as quickly as possible. "This change is based on information concerning a new attack scenario discovered after the bulletin's original release on March 9th," Microsoft said in a statement. Click here for the latest Microsoft security update.

+ = Witty Worm Attacks Black Ice and Real Secure Internet Firewalls

W32.Witty.Worm is a new virus which attacks computers equipped with Black Ice or Real Secure Internet firewall products, causing the drives to fail and making it impossible to restart the PCs. Unlike recent worms that arrive as e-mail attachments, it spreads automatically to vulnerable computers without any action on the part of the user.

At least 50,000 computers have been infected so far, according to Reston, Va.-based computer security firm iDefense and the Bethesda, Md.-based SANS Institute.

The firewalls were developed by Atlanta-based Internet Security Systems. Chris Rouland, vice president of the company's X-Force research and development division, said that as many as 32,000 corporate computers could be infected. The company does not know how many home computers are infected. Click here for the ISS patch.

+ = Mac OS X: Macromedia Security Flaw

Macromedia Studio MX 2004 and Contribute 2 are prone to a local privilege escalation vulnerability. This issue has been reported to affect only the version of the software designed for Apple Macintosh OS X. The vendor has released an advisory dealing with this issue and may be referenced for more information. Click here for Macromedia's patch.

++ = Protecting Domain Names from Spoofing

Microsoft’s technical proposal to help deter spoofing is a suggested next step on the road to addressing the escalating problem of unwanted, unsolicited e-mail. Microsoft’s approach entails publishing outbound IP addresses to create a mechanism analogous to “caller ID” for e-mail messages. Click here to download Microsoft's documentation.

++ = Apache Vulnerability

A vulnerability has been reported in Apache that may allow a local attacker to execute arbitrary code on vulnerable host. The issue is reported to exist due to a lack of bounds checking by the software, leading to a buffer overflow condition. The problem is reported to exist in the mod_alias and mod_rewrite modules when a regular expression is configured with more the 9 captures using parenthesis.

This issue may allow an attacker to gain unauthorized access to a vulnerable host. Successful exploitation of this issue may allow an attacker to execute arbitrary code in the context of the web server in order to gain unauthorized access to a vulnerable system.

Users are advised to download the fixed version of the software, which is 1.3.29

+ = Microsoft Warns of Major Security Flaws in Windows Explorer

Microsoft has released a crucial update in order to patch three security holes:

Phishing Bug: A flaw in the way that Internet Explorer displays URLs in the address bar. By opening a specially crafted URL an attacker can open a page that appears to be from a different domain from the current location.

Download Extension Spoofing Flaw: Allows malicious Web sites to spoof the file extension of downloadable files. Typically, an attacker could embed a CLS (define) ID in a file name to fool users into opening malicious files as "trusted" file types.

Cross Site Scripting Vulnerability: Allows a malicious web site operator to misuse another web site as a means of attacking users.

Click here to download the update.

+ = RealOne Player Critical Security Flaw

Due to three security vulnerabilities in RealOne Player, hackers could seize control of users' computers under certain conditions. The specific exploits are:

1) To operate remote Javascript from the domain of the URL opened by a SMIL file or other file.
2) To fashion RMP files which allow an attacker to download and execute arbitrary code on a user's machine.
3) To fashion media files to create “Buffer Overrun” errors.

Real Networks strongly urges users to apply the new security patch. Click here for security patch.

++ = Linux kernel patch 2.6.

New Linux kernel patch 2.6.2rc2 is now available, and is recommended to patch two memory-handling security holes.

++ = Mydoom Clears Path for Doomjuice

A new worm known as "Doomjuice" is expected to attack computers infected by "Mydoom." To date the new virus has infected at least 30,000 computers worldwide. Like Mydoom.A and Mydoom.B, the new worm is designed to strike Microsoft Corp.'s Windows operating systems and is programmed to launch a worldwide attack on the web site of SCO, one of the largest UNIX vendors in the world. Doomjuice does not spread via e-mail, but enters via backdoor left open by Mydoom.

Microsoft MSN Messenger - Sensitive Information Leak

When using MSN Instant Messenger recipients are able to view your IP address. Disclosure of such sensitive information should be avoided by upgrading to the new MSN Messenger 6.1. Click here to preview and download the upgraded software from Microsoft.

Microsoft Windows Tip - Viruses Posing as Updates

Some viruses will pose as Microsoft software updates. Microsoft does not distribute updates of any kind via mass e-mail, and recipients should delete such e-mails without opening or previewing. Microsoft Windows users should utilize Windows Update. Note Windows XP operating systems will offer secure Microsoft-authorized updates via the following notification:

Click here for manual Windows XP auto-update setup instructions

IIS Lockdown and Urlscan

Microsoft's IIS is a common target for attackers due to information exposure and exploited buffer overflow vulnerabilities. Internet-borne worms such as NIMDA and Code Red thrive in such environments. Such attacks can be prevented with the use of Urlscan in conjunction with IIS Lockdown, which provides templates for the major IIS-dependant Microsoft products. IIS Lockdown Wizard works by turning off unnecessary features thereby reducing attack surface available to attackers. To provide defense in depth, or multiple layers of protection against attackers, URLscan, with customized templates for each supported server role, has been integrated into the IIS Lockdown Wizard.

Microsoft Windows - DNS Server Vulnerability

DNS cache pollution can occur if Domain Name System spoofing has been encountered. This data can be redirected to an unauthorized DNS server which is likely malicious in nature. This will only affect customers running their own DNS server. Currently no patch from Microsoft is available, however possible solutions include making hard registry changes. Click here for detailed instructions to make these changes.

Microsoft Internet Explorer - ExecCommand Access Violation

The ExecCommand method could be used to allow script code to execute on a vulnerable system in the security domain of a website in another browser window. This occurs due to a violation of the browser security zone policy. A patch has been released and can be found by going to Windows Update.