Security UPDATE, September 10, 2003

Mark Joseph Edwards discusses OpenOffice.org, an open-source suite of tools similar to Microsoft Office. He considers significant differences between the two, describes his experience with OpenOffice.org, and notes an upcoming presentation.

ITPro Today

September 9, 2003

31 Min Read
ITPro Today logo in a gray background | ITPro Today

Security UPDATE, September 10, 2003

Windows & .NET Magazine Security UPDATE--September 10, 2003

===============

==========

==========

==== Sponsor: TNT Software ==== FREE Download: Automate Event Log Monitoring Automate event log monitoring, provide real-time intrusion detection, and satisfy mandated auditing requirements all with TNT Software's ELM Log Manager. Preferred by small businesses because of its ease of use and Fortune 500 companies because of its reliability, ELM 3.1 is the affordable solution with the scalability to consolidate MILLIONs of events and Syslog messages a day, display them in custom views, launch critical alerts, and schedule reports. Download your FREE 30 day fully functional evaluation software NOW and start experiencing the benefits of automated log monitoring. http://www.tntsoftware.com/winsec091003

==========

==========

==== Sponsor: Ecora Software ==== Perform patch audits in minutes with Ecora Patch Manager How confident are you that all critical security patches are deployed and up-to-date on every single system in your infrastructure? Need some help figuring it all out before the next big worm attack? Try a free copy of Ecora Patch Manager. Designed for IT professionals short on time, Patch Manager completely automates and simplifies the entire patch management cycle in just minutes. See for yourself how automation can save time, reduce costs, and keep your IT infrastructure stable and secure. Download a free, fully-functional trial of Ecora Patch Manager now! https://www.ecora.com/ecora/jump/se1.asp

==========

==== 2. Security Risks ==== contributed by Ken Pfeil, [email protected] Information-Disclosure Vulnerability in Microsoft NetBIOS Mike Price of Foundstone Labs discovered a vulnerability in Microsoft NetBIOS that can result in information disclosure. This vulnerability stems from a flaw in the NetBIOS Name Service (NBNS). An attacker can exploit this vulnerability by sending a NetBIOS over TCP/IP (NetBT) Name Service query to the target system, then examining the response to see whether it includes random data from that system's memory. Microsoft has released Security Bulletin MS03-034 (Flaw in NetBIOS Could Lead to Information Disclosure) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/articles/index.cfm?articleid=40089 Automatic Macro Execution Vulnerability in Microsoft Word Jim Bassett of Practitioners Publishing discovered that a vulnerability in Microsoft Word can result in the automatic execution of a macro. As a result of this vulnerability, an attacker can craft a malicious document that bypasses the macro security model. When a user opens the document, a malicious embedded macro will execute automatically, regardless of the level at which you've set macro security. The malicious macro can take actions that the user has permissions to carry out, such as adding, changing, or deleting data or files; communicating with a Web site; and formatting the hard disk. Microsoft has released Security Bulletin MS03-035 (Flaw in Microsoft Word Could Enable Macros to Run Automatically) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/articles/index.cfm?articleid=40090 Arbitrary Code Execution Vulnerability in Microsoft WordPerfect Converter eEye Digital Security discovered a vulnerability in Microsoft WordPerfect Converter that can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the way Microsoft's WordPerfect converter handles Corel WordPerfect documents. Because the converter doesn't correctly validate certain parameters when it opens a WordPerfect document, an unchecked buffer occurs. An attacker can therefore craft a malicious WordPerfect document to allow code of his or her choice to execute if an application that used the WordPerfect converter opened the document. Microsoft has released Security Bulletin MS03-036 (Buffer Overrun in WordPerfect Converter Could Allow Code Execution) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/articles/index.cfm?articleid=40091 Arbitrary Code Execution Vulnerability in Microsoft VBA eEye Digital Security discovered that a vulnerability in Visual Basic for Applications (VBA) can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the way Microsoft checks document properties passed to it when the host application opens a document. The resulting buffer overrun can let an attacker execute code of his or her choice under the logged-on user's security context. Microsoft has released Security Bulletin MS03-037 (Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/articles/index.cfm?articleid=40092 Arbitrary Code Execution Vulnerability in Microsoft Access Snapshot Viewer Oliver Lavery discovered that a Microsoft Access vulnerability can result in the execution of arbitrary code on the vulnerable system. Because the Snapshot Viewer doesn't correctly validate parameters, a buffer overrun can let an attacker execute code of his or her choice under the logged-on user's security context. Microsoft has released Security Bulletin MS03-038 (Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/articles/index.cfm?articleid=40093 ==== Sponsor: Virus Update from Panda Software ==== Check for the latest anti-virus information and tools, including weekly virus reports, virus forecasts, and virus prevention tips, at Panda Software's Center for Virus Control. http://www.secadministrator.com/Panda/Index.cfm Viruses routinely infect "fully protected" networks. Is total protection possible? Find answers in the free guide HOW TO KEEP YOUR COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter networks, what they do, and the most effective weapons to combat them. Protect your network effectively and permanently - download today! http://www.pandasecurity.com/virusfree2

==========

=========

==== 9. Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.winnetmag.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]

==========

==========

==========

==========

==== Sponsor: TNT Software ==== FREE Download: Automate Event Log Monitoring Automate event log monitoring, provide real-time intrusion detection, and satisfy mandated auditing requirements all with TNT Software's ELM Log Manager. Preferred by small businesses because of its ease of use and Fortune 500 companies because of its reliability, ELM 3.1 is the affordable solution with the scalability to consolidate MILLIONs of events and Syslog messages a day, display them in custom views, launch critical alerts, and schedule reports. Download your FREE 30 day fully functional evaluation software NOW and start experiencing the benefits of automated log monitoring. http://www.tntsoftware.com/winsec091003

==========

==========

==== Sponsor: Ecora Software ==== Perform patch audits in minutes with Ecora Patch Manager How confident are you that all critical security patches are deployed and up-to-date on every single system in your infrastructure? Need some help figuring it all out before the next big worm attack? Try a free copy of Ecora Patch Manager. Designed for IT professionals short on time, Patch Manager completely automates and simplifies the entire patch management cycle in just minutes. See for yourself how automation can save time, reduce costs, and keep your IT infrastructure stable and secure. Download a free, fully-functional trial of Ecora Patch Manager now! https://www.ecora.com/ecora/jump/se1.asp

==========

==== 2. Security Risks ==== contributed by Ken Pfeil, [email protected] Information-Disclosure Vulnerability in Microsoft NetBIOS Mike Price of Foundstone Labs discovered a vulnerability in Microsoft NetBIOS that can result in information disclosure. This vulnerability stems from a flaw in the NetBIOS Name Service (NBNS). An attacker can exploit this vulnerability by sending a NetBIOS over TCP/IP (NetBT) Name Service query to the target system, then examining the response to see whether it includes random data from that system's memory. Microsoft has released Security Bulletin MS03-034 (Flaw in NetBIOS Could Lead to Information Disclosure) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/articles/index.cfm?articleid=40089 Automatic Macro Execution Vulnerability in Microsoft Word Jim Bassett of Practitioners Publishing discovered that a vulnerability in Microsoft Word can result in the automatic execution of a macro. As a result of this vulnerability, an attacker can craft a malicious document that bypasses the macro security model. When a user opens the document, a malicious embedded macro will execute automatically, regardless of the level at which you've set macro security. The malicious macro can take actions that the user has permissions to carry out, such as adding, changing, or deleting data or files; communicating with a Web site; and formatting the hard disk. Microsoft has released Security Bulletin MS03-035 (Flaw in Microsoft Word Could Enable Macros to Run Automatically) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/articles/index.cfm?articleid=40090 Arbitrary Code Execution Vulnerability in Microsoft WordPerfect Converter eEye Digital Security discovered a vulnerability in Microsoft WordPerfect Converter that can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the way Microsoft's WordPerfect converter handles Corel WordPerfect documents. Because the converter doesn't correctly validate certain parameters when it opens a WordPerfect document, an unchecked buffer occurs. An attacker can therefore craft a malicious WordPerfect document to allow code of his or her choice to execute if an application that used the WordPerfect converter opened the document. Microsoft has released Security Bulletin MS03-036 (Buffer Overrun in WordPerfect Converter Could Allow Code Execution) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/articles/index.cfm?articleid=40091 Arbitrary Code Execution Vulnerability in Microsoft VBA eEye Digital Security discovered that a vulnerability in Visual Basic for Applications (VBA) can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the way Microsoft checks document properties passed to it when the host application opens a document. The resulting buffer overrun can let an attacker execute code of his or her choice under the logged-on user's security context. Microsoft has released Security Bulletin MS03-037 (Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/articles/index.cfm?articleid=40092 Arbitrary Code Execution Vulnerability in Microsoft Access Snapshot Viewer Oliver Lavery discovered that a Microsoft Access vulnerability can result in the execution of arbitrary code on the vulnerable system. Because the Snapshot Viewer doesn't correctly validate parameters, a buffer overrun can let an attacker execute code of his or her choice under the logged-on user's security context. Microsoft has released Security Bulletin MS03-038 (Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/articles/index.cfm?articleid=40093 ==== Sponsor: Virus Update from Panda Software ==== Check for the latest anti-virus information and tools, including weekly virus reports, virus forecasts, and virus prevention tips, at Panda Software's Center for Virus Control. http://www.secadministrator.com/Panda/Index.cfm Viruses routinely infect "fully protected" networks. Is total protection possible? Find answers in the free guide HOW TO KEEP YOUR COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter networks, what they do, and the most effective weapons to combat them. Protect your network effectively and permanently - download today! http://www.pandasecurity.com/virusfree2

==========

=========

==== 9. Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.winnetmag.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]

=============== This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing Windows and related technologies. Subscribe today. http://www.secadministrator.com/sub.cfm?code=saei25xxup

Thank you! __________________________________________________________ Copyright 2003, Penton Media, Inc.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like