Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Security UPDATE, May 1, 2002
Mark Joseph Edwards suggests that Microsoft could usefully establish a second security-related mailing list to notify users about non-bulletin security matters.
ITPro Today
April 30, 2002
12 Min Read
Windows & .NET Magazine Security UPDATE—brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems.
http://www.secadministrator.com
THIS ISSUE SPONSORED BY
Computer Associates International, Inc. (CA)
http://ca.com/ads/hotdeals
VeriSign—The Value of Trust
http://www.verisign.com/cgi-bin/go.cgi?a=n203987360057000
(below IN FOCUS)
SPONSOR: COMPUTER ASSOCIATES INTERNATIONAL, INC. (CA)
Prevent viruses from halting your business. Keeping out costly viruses is a full-time job. Let CA's eTrust(TM) Virus Defense Solution stop viruses in their tracks, from the gateway to the desktop, while you stay focused on your business. eTrust Virus Defense from Computer Associates is a flexible, nodal-based solution that is also easy on your bottom line. Call 1-800-875-9659 or visit
http://ca.com/ads/hotdeals
May 1, 2002—In this issue:
1. IN FOCUS
Should Microsoft Add Another Security-Related Mailing List?
2. SECURITY RISK
Automatic Script Execution Vulnerability in Outlook 2002 and Outlook 2000
3. ANNOUNCEMENTS
Need 24 x 7 Availability?
Win a Personal Cinema Card at the Connected Home Virtual Tour
4. SECURITY ROUNDUP
News: Intruders in Europe Might Face Jail Time
Feature: SQL Server: Effective Installation
Feature: Windows XP Warning Overblown
Feature: Wireless Security
5. Instant Poll
Results of Previous Poll: Antivirus Defense Location
New Instant Poll: Security Information Notification
6. SECURITY TOOLKIT
Virus Center
FAQ: What Is MBSA?
7. NEW AND IMPROVED
Virus Engines Bundled in Email Security Package
Enhanced Security for Remote Control with AES
8. HOT THREADS
Windows & .NET Magazine Online Forums
Featured Thread: How Can I Remove a COM1 Folder?
HowTo Mailing List
Featured Thread: Email Attachment as an Executable
9. CONTACT US
See this section for a list of ways to contact us.
1. IN FOCUS
(contributed by Mark Joseph Edwards, News Editor, [email protected])
SHOULD MICROSOFT ADD ANOTHER SECURITY-RELATED MAILING LIST?
Did you read the NTBugtraq mailing list last week? If not, you missed some good points that list moderator Russ Cooper made. Cooper points out that Microsoft sometimes falls short in the area of security notifications, as I'm sure many of you will agree (see the URL below). Cooper said, for example, that Microsoft doesn't adequately notify its customers about the release of new service packs, security rollup packages, and security updates for specific products, such as the Outlook Email Security Update. In addition, the company doesn't directly notify customers when it releases new security tools, such as Microsoft Baseline Security Analyzer (MBSA), HFNetChk, and URLScan for Microsoft IIS.
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0204&L=ntbugtraq&F=P&S=&P=9960
Without such notification, customers remain unaware of new security-related tools and patch packages—at least until word gets out through security-related mailing lists or until members of the press learn about the tools and packages and publish articles that notify readers. The lack of notification also makes Microsoft customers do extra work. Cooper notes, for example, that installing Microsoft's security rollup packages often eliminates the need to install numerous individual patches because the rollup packages contain all the patches released to date. In addition, security rollup packages might contain additional patches not related to a specific Microsoft security bulletin.
Cooper didn't but could have included security-related TechNet articles among the examples that support his point. Sometimes, Microsoft releases security information exclusively in TechNet articles but doesn't notify customers about the articles. The recent Microsoft article "Denial of Service Attack on Port 445 May Cause Excessive CPU Use," which outlines registry tweaks that help prevent Denial of Service (DoS) attacks, is a case in point. Microsoft released the article in mid-April to help administrators, but didn't notify customers about it. Instead, customers found out through mailing lists and news reports. We published a related news story ("Microsoft Article Q320751: Denial of Service Workarounds") in last week's Security UPDATE (see the URL below).
http://www.secadministrator.com/articles/index.cfm?articleid=24930
If you read that news story and clicked the embedded link to the Microsoft article, you know that the article was on the TechNet Web site at the time of publication. However, when I looked for the article Monday, someone had removed it from the TechNet Web site. What's going on? I don't know because Microsoft doesn't publish any information in such instances—so it's a case of now you see it, now you don't!
Microsoft apparently has at least two approaches to security-related notifications: one approach for issued security bulletins and another for other security-related matters. Cooper believes that in addition to security-related hotfixes, Microsoft should issue a security bulletin every time the company releases a security-related patch or tool. That's a good idea, but perhaps publishing all security-related information in security bulletins might not be the best way to handle such user notification.
Alternatively, Microsoft could establish a second security-related mailing list to notify users about non-bulletin security matters, such as the release of new service packs, the publication or withdrawal of pertinent TechNet articles, and the release or update of new security-related tools such as MBSA and URLScan. Developing an additional user-notification method—whether that involves new bulletins or a second mailing list—would certainly benefit Microsoft's "Get Secure and Stay Secure" initiative. As matters stand now, users must rely on third parties for important security information.
What do you think? Would you benefit from Microsoft notifying you about additional security-related information and resources? If you believe you would benefit, would you prefer to be notified through a security bulletin or through a new Microsoft security mailing list? Please stop by the Security Administrator home page (see the URL below) and respond to our new Instant Poll. I also welcome email messages with your further thoughts about security-related notification ([email protected]). I look forward to your responses.
http://www.secadministrator.com
SPONSOR: VERISIGN—THE VALUE OF TRUST
FREE E-COMMERCE SECURITY GUIDE
Is your e-business built on a strong, secure foundation? Find out with VeriSign's FREE White Paper, "Building an E-Commerce Trust Infrastructure." Learn how to authenticate your site to customers, secure your web servers with 128-Bit SSL encryption, and accept secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n203987360057000
2. SECURITY RISK
(contributed by Ken Pfeil, [email protected])
AUTOMATIC SCRIPT EXECUTION VULNERABILITY IN OUTLOOK 2002 AND OUTLOOK 2000
Microsoft Outlook 2002 and Outlook 2000 contain a vulnerability that can let an attacker execute arbitrary scripts under the user's security context on the vulnerable computer. This vulnerability stems from a difference in the security settings that the system applies when it displays rather than edits an email message. Microsoft has released Security Bulletin MS02-021 (E-mail Editor Flaw Could Lead to Script Execution on Reply or Forward) to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.http://www.secadministrator.com/articles/index.cfm?articleid=25002
3. ANNOUNCEMENTS
NEED 24 X 7 AVAILABILITY?
High-availability networks, systems, and applications are crucial to every business. Sign up for our free Webinar taking place on May 24 (sponsored by MKS), and find out how to achieve 24 x 7 availability on Windows 2000. Windows & .NET Magazine author Tim Huckaby shares his expertise on load balancing, monitoring, and more. Register today!
http://www.winnetmag.com/webinar/availability.cfm
WIN A PERSONAL CINEMA CARD AT THE CONNECTED HOME VIRTUAL TOUR
If you think you've already seen the Connected Home Virtual Tour, think again. Browse through the latest home entertainment, home networking, and home automation options and check out our special feature on wiring your home. Sign up for prize drawings, too, and you might win a free personal cinema card, courtesy of VisionTek and nVIDIA. Take the tour today!
http://www.connectedhomemag.com/virtualtour
4. SECURITY ROUNDUP
NEWS: Intruders in Europe MIGHT Face Jail Time
The European Union (EU) has proposed a "Council Framework Decision" that would help standardize criminal law across all member nations as they prosecute computer-related crimes. The framework defines punishment for offenses that include unauthorized access to computers, Denial of Service (DoS) attacks, intentional propagation of destructive code such as worms and viruses, malicious interception of communications, and identity theft.
http://www.secadministrator.com/articles/index.cfm?articleid=24982
FEATURE: SQL SERVER: Effective Installation
Microsoft tries to make installing its software as smooth and easy as possible, and Microsoft SQL Server 2000's installation is no exception. From the installation CD-ROM, you load setupsql.exe from the x86setup folder, fill in a few details on the setup screens, and within a few minutes, the installation proceeds without further user intervention. You can even successfully install SQL Server 2000 without understanding what the choices mean, just by clicking Next in most of the setup dialog boxes. However, I strongly advise you not to treat the installation lightly. Pay attention to each option, and make sure you thoroughly understand the implications of each choice you make. Some bad decisions, such as wrong collation settings, might be hard to fix; others, such as accepting the default authentication, might create security holes.
http://www.secadministrator.com/articles/index.cfm?articleid=24317
FEATURE: Windows XP Warning Overblown
When it comes to Windows XP, no report is too innocuous to be dragged out, dissected, and—apparently—blown out of proportion by the mainstream media. Consider, for example, the XP Universal Plug and Play (UPnP) vulnerability. By far, the most interesting aspect about the UPnP vulnerability is the irresponsible way in which various media entities reported it.
http://www.secadministrator.com/articles/index.cfm?articleid=24487
FEATURE: Wireless Security
The weak security of 802.11's built-in Wired Equivalent Privacy (WEP) algorithm is enough to give managers nightmares. Indeed, many IT managers have delayed 802.11 implementations until standards committees finish work on a more robust means of securing wireless networks. Others have decided to use WEP and hope for the best. However, secure solutions are available.
http://www.secadministrator.com/articles/index.cfm?articleid=24549
5. INSTANT POLL
RESULTS OF PREVIOUS POLL: ANTIVIRUS DEFENSE LOCATION
The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "Where have you placed your organization's antivirus defenses?" Here are the results (+/X percent) from the 365 votes:
5% On desktops
3% On email servers
2% On file servers
1% At the Internet border
89% At two or more of the above locations
NEW INSTANT POLL: SECURITY INFORMATION NOTIFICATION
The next Instant Poll question is, "How should Microsoft notify its customers about new service packs and new or updated security-related rollup packages, tools, and TechNet articles?" Go to the Security Administrator Channel home page and submit your vote for a) Microsoft should issue security bulletins for all security-related matters, b) Microsoft should add a mailing list for non-bulletin security matters, or c) Microsoft needn't notify customers in any additional ways.
http://www.secadministrator.com
6. SECURITY TOOLKIT
VIRUS CENTER
Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
http://www.secadministrator.com/panda
FAQ: What is MBSA?
( contributed by John Savill, http://www.windows2000faq.com )
A. Microsoft has released Microsoft Baseline Security Analyzer (MBSA), a tool that analyzes a system for security information related to its Windows OS version, Microsoft IIS version, Microsoft SQL Server version, hotfixes, and passwords.
You can use MBSA to run checks against local or remote machines. The tool runs only on Windows .NET Server (Win.NET Server), Windows XP, and Windows 2000-based systems. However, you can use the tool to scan remote computers that run Windows NT 4.0 Service Pack 4 (SP4) or later.
For more information about MBSA, visit Microsoft's Web site at the first URL below. To download MBSA, visit Microsoft's download Web site at the second URL below.
http://support.microsoft.com/default.aspx?scid=kb;en-us;q320454
http://download.microsoft.com/download/win2000platform/install/1.0/nt5xp/en-us/mbsasetup.msi
After you download the tool, run the mbsasetup.msi file to install MBSA. You can execute the MBSA shortcut from the Start menu to run the tool in graphical mode, or you can type mbsacli.exe at the command prompt. Windows doesn't add the MBSA program to the PATH variable by default, so you must either navigate to the %programfiles%microsoft baseline security analyzer folder or add this folder to your PATH statement.
7. NEW AND IMPROVED
(contributed by Judy Drennen, [email protected])
VIRUS ENGINES BUNDLED IN EMAIL SECURITY PACKAGE
SOFTWIN announced that its ICSA-certified BitDefender virus engine and Norman Virus Control will ship with GFI's MailSecurity, a new email security package. GFI MailSecurity runs multiple best-of-breed virus engines simultaneously to ensure maximum protection against virus assaults. GFI MailSecurity is available for the Virus Scanning (VS) API or as an SMTP gateway version. The VS API version integrates seamlessly with Microsoft Exchange Server 2000 and scans the Exchange 2000 Information Stores (ISs). Price includes virus updates for 1 year and free support for 3 months after purchase. Prices start at $295 for 10 mailboxes. Contact GFI at 888-243-4329 or[email protected].
http://www.gfi.com/mailsecurity
ENHANCED SECURITY FOR REMOTE CONTROL WITH AES
Vector Networks released PC-Duo 7.0, a remote control PC-management product that includes encryption options ranging from 56-bit Data Encryption Standard (DES) through new Pentagon-driven 256-bit Advanced Encryption Standard (AES). PC-Duo supports Windows XP Server and XP Professional and costs $817.50 per 10-user license. Contact Vector Networks at 800-330-5035 or [email protected].
http://www.vector-networks.com
8. HOT THREADS
WINDOWS & .NET MAGAZINE ONLINE FORUMS
http://www.winnetmag.net/forums
Featured Thread: How Can I Remove a COM1 Folder?
(21 messages in this thread)
Christer writes that he runs an FTP server, and he noticed a COM1 directory within his PUB directory. The COM1 folder contains 600GB of data, but he can't open or delete the folder. When he tries, Windows reports that the directory can't be found. Do you know how he can remove the folder? Read the responses or lend a hand at the following URL:
http://www.secadministrator.com/forums/thread.cfm?thread_id=99095
HOWTO MAILING LIST
http://www.secadministrator.com/listserv/page_listserv.asp?s=howto
Featured Thread: Email Attachment as an Executable
(One message in this thread)
Dante received a sample of a file as an email attachment, and the file might contain a virus. The file was saved as hammerhart.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}.
When he right-clicks the file, it shows as an HTML application, and the file wants to execute. He wants to know whether anyone knows why a file extension of .{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B} is considered an application? Can you help? Read the responses or lend a hand at the following URL:
http://63.88.172.96/listserv/page_listserv.asp?a2=ind0204d&l=howto&p=438
9. CONTACT US
Here's how to reach us with your comments and questions:
ABOUT IN FOCUS — [email protected]
ABOUT THE NEWSLETTER IN GENERAL — [email protected]
(please mention the newsletter name in the subject line)
TECHNICAL QUESTIONS — http://www.winnetmag.net/forums
PRODUCT NEWS — [email protected]
QUESTIONS ABOUT YOUR Security UPDATE SUBSCRIPTION?
Customer Support — [email protected]
WANT TO SPONSOR Security UPDATE?
[email protected]
This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today!
http://www.secadministrator.com/sub.cfm?code=saei25xxup
Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.net/email
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
