Tech Alert Briefing for 2/22/2002
Microsoft Releases SNMP Patches
Microsoft recently released patches (last updated Feb. 15, 2002)for its Windows 2000 and Windows XP operating systems in response to the latest round of vulnerabilities discovered surrounding SNMP. The Windows implementation of SNMP contained an unchecked buffer, which could enable an attacker to execute arbitrary code or cause a denial of service.All Windows platforms are affected except for Windows ME, which does not include SNMP as part of the default operating system installation.Patches for Windows 95/98/NT are still in the works.
Microsoft Security Bulletin and Patches
Free SNMP Vulnerability Detection Tools Released
The SANS Institute and the Center for Internet Security joined the National Security Agency (NSA) in releasing free software tools and benchmark guidelines that can be used to detect SNMP vulnerabilitities.These tools aid in detecting a wide range of SNMP vulnerabilities and can be used to beef up the security of Cisco routers. You may obtain the SNMP vulnerability testing tool and the CISCO benchmark data tools from the Center For Internet Security website.
- Additional Resources on SNMP:
- CERT (SNMP) VulnerabilitiesFrequently Asked Questions (FAQ)
- CERT? Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)(released 2/12/02 - last updated 2/21/02)
National Cyber Security Alliance Unveils STAY SAFE Online Website
The National Cyber Security Alliance, a unique partnership between the federal government and leading private sector companies, has developed a new web site, http://www.staysafeonline.info, to help educate citizens on cyber security.The site contains tips on how to safeguard home or small business computers, as well as a number of additional security resources.
Previous Tech Alerts:
02/20/02 Email Address Belonging to Legitimate Security Site Hijacked to Deliver Dangerous Yarner Worm
02/15/02 Mass Mailing Email Worm Compromises Word 2000 Security Settings
02/13/02 SNMP VULNERABILITY
02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks
02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000
01/31/02 Copycat Virus Unleashed
01/30/02 Netscape Browser Vulnerable to Cookie Theft
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed