Security UPDATE: Exchange Server SMTP AUTH Attacks

New exploits target the recently discovered PCT and TCP-reset vulnerabilities, and a new version of the Network Security Toolkit is available. Plus, links to security news and features.

ITPro Today

April 27, 2004

10 Min Read
ITPro Today logo in a gray background | ITPro Today

===============

==========

==========

==========

==== 1. In Focus: New Exploits and a New Security Toolkit ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net One of the security patches that Microsoft released in the Microsoft Security Bulletin MS04-011 on April 13 fixes a serious problem in the Private Communications Technology (PCT) protocol, which is part of Microsoft's Secure Sockets Layer (SSL) implementation. If you haven't patched your production systems yet, consider doing so immediately because exploits have already been released that can provide remote access to an intruder. So your unpatched systems are sitting ducks. http://www.winnetmag.com/article/articleid/42438/42438.html If you can't load the patch for some reason, consider disabling PCT, which you can do by adjusting a particular registry key. For more information about disabling PCT, see "Information about code that attempts to exploit PCT in SSL" at http://www.microsoft.com/security/incident/pctdisable.asp You also need to be aware of the recently reported TCP-reset vulnerability, which affects many devices, including routers. As you'll learn in the related news story below, exploiting the vulnerability causes routers to drop connections, including important border gateway protocol (BGP) sessions. A new Windows-based exploit tool was recently released, so be sure to check with your router vendors to determine whether their particular products are affected. If they are, install the latest updates. http://www.winnetmag.com/article/articleid/42437/42437.html You should ensure your Intrusion Detection System (IDS) has the most recent rules and signatures available. For example, new Snort rules became available on April 25 as I was writing this editorial. So if you use Snort, be sure to obtain the last rules files. http://www.snort.org/dl/rules A New Security Toolkit I don't think a person can ever have enough security tools. If you share that opinion, you might want to download a copy of the recently released version 1.0.4 of Network Security Toolkit (NST), which is the creation of Paul Blankenbaker and Ron Henderson. NST is available on a bootable CD-ROM or is downloadable as an International Organization for Standardization (ISO) image and is based on Red Hat Linux 9.0. The CD-ROM contains dozens upon dozens of tools and, according to the NST Web site, can "transform most x86 systems into a system designed for network traffic analysis, intrusion detection, network packet generation, a virtual system service server, or a sophisticated network/host scanner. This can all be done without disturbing or modifying any underlying sub-system disk. NST can be up and running on a typical x86 notebook in less than a minute by just rebooting with the NST ISO CD. The notebook's hard disk will not be altered in any way." Head over to the NST Web site and have a look at NST's contents and capabilities. At the site, you'll also find the link to download the 194MB package. http://www.networksecuritytoolkit.org/nst/index.html

==========

==== Sponsor: Windows Scripting Solutions ==== Try a Sample Issue of Windows Scripting Solutions Windows Scripting Solutions is the monthly newsletter from Windows & .NET Magazine that shows you how to automate time-consuming, administrative tasks by using our simple downloadable code and scripting techniques. Sign up for a sample issue right now, and find out how you can save both time and money. Click here! http://www.winscriptingsolutions.com/rd.cfm?code=fsep264xup

==========

==== 2. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.winnetmag.com/departments/departmentid/752/752.html News: Remote Root Exploit Against IIS Servers On April 21, a member of the Full Disclosure mailing list posted a message that revealed the existence of a new tool that can be used to exploit Microsoft IIS servers. By using Secure Sockets Layer (SSL) to target unpatched IIS servers, an attacker can cause the server to open a port that allows remote access to the system. http://www.winnetmag.com/article/articleid/42438/42438.html News: TCP Vulnerabilities US-CERT and the UK National Infrastructure Security Co-ordination Centre (NISCC) published information about vulnerabilities in the TCP protocol. The problems can affect a wide array of platforms, including many types of routers, such as those used to operate the Internet at top-tier ISPs. http://www.winnetmag.com/article/articleid/42437/42437.html Feature: Exchange Server SMTP AUTH Attacks If you run Microsoft Exchange Server to process incoming Internet email, spammers might be using your mail server as a relay, even though your server isn't an open relay. How is this possible? Spammers authenticate to your email server, then use your server to send mail. Alan Sugano outlines how you can determine whether someone is using your system as a mail relay, how to close the hole, and how to test the measures you've taken to prevent such attacks in an article at the first URL below. Paul Robichaux wrote about the attack last fall in the article at the second URL below. http://www.winnetmag.com/article/articleid/42406/42406.html http://www.winnetmag.com/article/articleid/40507/40507.html

==========

==== Announcements ==== (from Windows & .NET Magazine and its partners) Try a Sample Issue of Exchange & Outlook Administrator! If you haven't seen Exchange & Outlook Administrator, you're missing out on key information that will go a long way towards preventing serious messaging problems and downtime. Request a sample issue today, and discover tools you won't find anywhere else to help you migrate, optimize, administer, and secure Exchange and Outlook. Order now! http://www.exchangeadmin.com/rd.cfm?code=fsep234xup Discover the Basics of Active Directory Fundamentals In this free Web seminar, we'll look at the logical concepts as they relate to domain, trees, and forests and the physical concepts of domain controllers and sites. We'll also explain the relationship between Active Directory and the Domain Naming Service, as well as cover some operation functions. Register now! http://msevents.microsoft.com/cui/eventdetail.aspx?eventid=1032246759&culture=en-us SQL Web Seminar--Tactics for Protecting Microsoft SQL Server It is crucial to protect Microsoft SQL Server from outside forces, including weather, user error, or system outage, that can jeopardize application and associated data. Register now for a free, 1-hour Web seminar on May 4 and learn about the solutions associated with protecting SQL Server. Register now and receive a free evaluation version of Double-Take and a free white paper titled, "Protecting Your Microsoft SQL Server DataSign." http://www.winnetmag.com/seminars/sqlprotectingms-sql/index.cfm?code=supdate

==========

==== Hot Release ==== Symantec Free White Paper: "Enterprise Systems and Storage Management Convergence using File Systems Virtualization" Download this free technical white paper now, courtesy of Symantec and Windows & .NET Magazine's White Paper Central: http://ad.doubleclick.net/clk;7556668;8469764;m?http://www.winnetmag.com/whitepapers/symantec/PowerQuest.pdf

==========

==========

==== Events Central ==== (A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events ) Sign Up for 2 Great Roadshows About Security and Exchange Don't miss 2 free roadshow tours covering hot security and Exchange topics. Learn how to simplify your life with Windows Server 2003 and Exchange Server 2003 and protect your infrastructure and applications against security threats. Coming to your city soon. Register now! http://www.winnetmag.com/roadshows

==========

==== 4. New and Improved ==== by Jason Bovberg, [email protected] Secure Your Passwords TK8 Productions released TK8 Safe, Windows password-management software that simplifies the safe storage and retrieval of user IDs, passwords, serial numbers, and other confidential information that Web sites and software applications require. TK8 Safe stores all of a user's private information in an encrypted database that's accessible only by its owner, and the software supports multiple users on the same computer. TK8 Safe costs $19.95 for a single-user license, and multiuser discounts are available. For more information, contact TK8 Productions on the Web. http://www.tk8.com Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

==========

==========

==== Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.winnetmag.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]

==========

==== Contact Our Sponsors ==== Primary Sponsor: Postini -- http://www.postini.com Hot Release Sponsor: Symantec -- http://www.symantec.com

===============

This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

http://www.winnetmag.com/sub.cfm?code=wswi201x1z

View the Windows & .NET Magazine privacy policy at

http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy

Windows & .NET Magazine, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like