[ISN] Security UPDATE -- Recipe for Disaster -- December 21, 2005
InfoSec News
isn at c4i.org
Thu Dec 22 02:05:17 EST 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
Panda
http://list.windowsitpro.com/t?ctl=1C829:4FB69
Shavlik
http://list.windowsitpro.com/t?ctl=1C82E:4FB69
====================
1. In Focus: Recipe for Disaster
2. Security News and Features
- Recent Security Vulnerabilities
- Minor Problem with Software Update Services 1.0
- Microsoft Earns New Common Criteria Certifications for Windows
- Use Guest Accounts to Fight Malware
3. Instant Poll
4. Security Toolkit
- Security Matters Blog
- FAQ
5. New and Improved
- Securely Back Up to a Remote Location
====================
==== Sponsor: Panda ====
Provide Secure Remote Access
It may be tempting to deploy a WiFi wireless access point or offer
PDAs or laptops to your roaming employees so they can work from
virtually anywhere. In this free white paper you'll get the important
security implications you should consider before you do so.
http://list.windowsitpro.com/t?ctl=1C829:4FB69
====================
==== 1. In Focus: Recipe for Disaster ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
What do you get when you mix malicious code developers, a newly
reported vulnerability in the Windows 2000 and Windows NT kernel, and a
dash of social engineering? A recipe for disaster.
Microsoft released Security Bulletin MS05-055 "Vulnerability in Windows
Kernel Could Allow Elevation of Privilege (908523)" (URL below) and an
associated patch for Windows 2000 on December 13. Due to the nature of
the problem, any program could gain complete system level access to an
affected system. No matter how you lock down the system or how many
restrictions you place on user accounts, an exploit is possible,
provided an intruder can cause code to run on the system.
http://list.windowsitpro.com/t?ctl=1C831:4FB69
eEye Digital Security discovered the problem in May. In a press release
issued the same day as Microsoft's security bulletin, eEye explained
the problem in some amount of detail: "The vulnerability exists in the
thread termination routine contained within NTOSKRNL.EXE. Through a
specific series of steps, a local attacker can cause the code
responsible for discarding queued Asynchronous Procedure Call (APC)
entries to erroneously attempt to free a region of kernel data,
producing a 'data free' vulnerability that may be exploited in order to
alter arbitrary kernel memory, or even divert the flow of execution
directly."
This sounds like a rootkit writer's dream come true except that the
hacker must somehow cause a malicious program to run on the computer.
That's where social engineering comes into play.
Because there's no direct point of attack, exploiting this
vulnerability might require a blend of tactics. Blended attacks rely
on the domino effect to work--an attack targets one vulnerability,
which provides access to another vulnerability, in the hopes that the
attacks will eventually compromise a system.
The initial exploit might rely on a weakness in a Web browser, email
client, media player, or other piece of software. Or the hacker might
take a more direct approach--such as packaging an exploit in a virus or
worm--or a sneakier tactic, for example, putting an exploit in a
software package that's hard to resist, such as in a new tool that
claims to be the best thing since sliced bread.
Now that word is out about this vulnerability, undoubtedly people are
already developing code to exploit it. In my opinion, there's only one
adequate defense against a vulnerability such as this particular kernel
problem. That defense is to install the patch on Windows 2000 machines.
If you use Windows NT, there's no patch. In that case, your best
defense is layered security that includes antivirus and antispyware
tools and host-based Intrusion Prevention Systems (IPSs) along with
reminders to yourself and your users to use extreme caution when
deciding whether to install any third-party software elements.
====================
==== Sponsor: Shavlik ====
Maximizing Network Security Against Spyware and Other Threats
Spyware installation usually exploits an underlying security
vulnerability in the OS. You can remove spyware, but if you don't also
patch the underlying vulnerability, you don't solve the real problem.
By leaving your systems open to reinfestation, you risk surging
bandwidth consumption, system instability, overwhelmed Help desks, lost
user productivity, and other consequences. Unauthorized applications
can even result in noncompliance with regulatory requirements. This
free white paper addresses the need to manage both the threats and
vulnerabilities from one console as a comprehensive security solution.
http://list.windowsitpro.com/t?ctl=1C82E:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=1C830:4FB69
Minor Problem with Software Update Services 1.0
Microsoft made known a minor problem with Software Update Services
(SUS) 1.0 that might lead to confusion among administrators. When SUS
is synchronized with systems running Windows Server 2003 Service Pack 1
(SP1) after December 12, previously approved updates might all become
listed as unapproved. The problem doesn't affect SUS servers built or
deployed after December 13.
http://list.windowsitpro.com/t?ctl=1C83A:4FB69
Microsoft Earns New Common Criteria Certifications for Windows
At Microsoft's Security Summit East, held December 14-15 in
Washington D.C., the company announced that several of its products
received Common Criteria (CC) Evaluation Assurance Level (EAL) 4
certification augmented by ALC_FLR.3. The certifications were awarded
to Windows Server 2003 Standard, Enterprise, and Datacenter editions as
well as Windows Server 2003 Certificate Server and Windows XP Service
Pack 2 (SP2).
http://list.windowsitpro.com/t?ctl=1C837:4FB69
Use Guest Accounts to Fight Malware
Configure applications that are most vulnerable to a malware attack
to run under low-privilege Guest accounts. Mark Burnett explains in
this article on our Web site.
http://list.windowsitpro.com/t?ctl=1C838:4FB69
====================
==== Resources and Events ====
WEB SEMINAR: Manage and reduce planned downtime to prevent unexpected
outages. View this seminar today:
http://list.windowsitpro.com/t?ctl=1C82D:4FB69
SQL Server 2005 Up & Running Roadshows Coming to Europe!
SQL Server experts will present real-world information about
administration, development, and business intelligence to help you put
SQL Server 2005 into practice and learn to use its new capabilities.
Registration includes one-year PASS membership and subscription to SQL
Server Magazine. Register now for London, UK and Stockholm, Sweden at
http://list.windowsitpro.com/t?ctl=1C82B:4FB69
WEB SEMINAR: Free tools to help you analyze threats and create
Acceptable-Use Policies (AUPs) for your network. View this seminar
today:
http://list.windowsitpro.com/t?ctl=1C82A:4FB69
New SQL Server 2005 Express Email Newsletter!
Get up to speed fast with useful database projects and tips that
illustrate the fundamentals of Microsoft's new free database offering.
Download sample applications and code, get quick tips to help you work
with SQL Server 2005, learn about the latest patches, service codes and
updates for SQL Server 2005 Express, and more!
http://list.windowsitpro.com/t?ctl=1C83D:4FB69
WEB SEMINAR: Identify and troubleshoot common SMTP problems and learn
about each component of Exchange that touches inbound and outbound
messages. Live seminar: February 14, 2006.
http://list.windowsitpro.com/t?ctl=1C82F:4FB69
====================
==== Featured White Paper ====
Learn about the most common complications that arise during litigation-
related email discovery and get tips on how to avoid them.
http://list.windowsitpro.com/t?ctl=1C82C:4FB69
====================
==== Hot Spot ====
Managing Mobility in the Enterprise
Is your mobile workforce set up for success? Mobile
management is a key component for your mobile strategy, but
inadequate levels can have severe consequences. This free
white paper will help you identify the appropriate tools to
manage it effectively, and avoid increases in TCO and more.
Download it today and ensure your organization's mobility
success!
http://list.windowsitpro.com/t?ctl=1C828:4FB69
====================
==== 3. Instant Poll ====
Which of the following methods to do you use to secure your company's
PDAs?
- Run antivirus software on PDAs
- Password-protect PDA functions
- Encrypt important files on PDAs
- Disable unnecessary short-range wireless features on PDAs
- Two or more of the above
- None of the above
Go to the Security Hot Topic on our Web site and submit your vote
http://list.windowsitpro.com/t?ctl=1C83B:4FB69
==== 4. Security Toolkit ====
Security Matters Blog: Absolute Secure Communications?
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=1C83E:4FB69
Huge sums of money are being spent on the development of quantum
cryptography. But is there a cheaper, simpler way? At least one person
thinks there is, and he's written a paper to help prove it. Find out
more in this blog article.
http://list.windowsitpro.com/t?ctl=1C836:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=1C83C:4FB69
Q: How can I monitor registry activity during logon and logoff?
Find the answer at http://list.windowsitpro.com/t?ctl=1C839:4FB69
====================
==== Announcements ====
(from Windows IT Pro and its partners)
Want to Become a VIP Subscriber?
Become a VIP subscriber and get continuous, inside access to ALL the
online resources published in Windows IT Pro, SQL Server Magazine, and
the Exchange and Outlook Administrator, Windows Scripting Solutions,
and Windows IT Security newsletters. That's more than 26,000 articles
at your fingertips. You'll also get a valuable one-year print
subscription to Windows IT Pro and two VIP CDs. (CDs include the entire
article database on CD, delivered twice per year.) Don't miss out ...
sign up now:
http://list.windowsitpro.com/t?ctl=1C834:4FB69
Windows IT Security Newsletter
The Windows IT Security Newsletter is a "must-have." Subscribe now
and SAVE up to $30 off the regular price. You'll discover endless
fundamentals on building and maintaining a secure enterprise, in-depth
product coverage of the best security tools available, and expert
advice on the best way to implement various security components. Paid
subscribers also get searchable access to the full online security
article database (over 1900 articles). Subscribe today:
http://list.windowsitpro.com/t?ctl=1C833:4FB69
====================
==== 5. New and Improved ===
by Renee Munshi, products at windowsitpro.com
Securely Back Up to a Remote Location
Asigra Televaulting is an agentless enterprise-class backup and
recovery solution that features data protection by means of 256-bit
encryption and authentication. With Televaulting, business-critical
corporate data is processed for backup, compressed, and encrypted, then
is sent to a secure offsite data vault where it's available for
restoration 24 x 7. Data is protected both while being transferred and
while in storage. Asigra's software requires unique identifiers for
login to the account, use of the proper encryption keys with one-way
hashes used for verification, and login requests that originate from
valid hardware that uses a specific IP address. For more information,
go to http://list.windowsitpro.com/t?ctl=1C840:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=1C83F:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- salesopps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=1C835:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list