Tech Alert Briefing for 8/21/2002

Microsoft Releases Patches for Windows 2000, SQL Server 7.0
Microsoft released a patch for a critical flaw discovered in the Network Connection Manager (NCM) component of Windows 2000 that could allow an attacker to gain control of a vulnerable system.The flaw could allow attackers who don't have proper access privileges to create their own handler routine and cause the NCM to run it by creating a network connection.Microsoft recommends that the patch be applied immediately to all Windows 2000 systems that allow unprivileged users to log onto them interactively such as workstations and Terminal Servers.

Microsoft also released a cumulative patch for SQL Server 7.0 and 2000 that includes a fix for a flaw that could allow users without the proper access rights to execute the procedures with administrator privileges. Microsoft rated the severity of the flaw as moderate.

Patches may be downloaded at:
Patch for Windows 2000
Cumulative Patch SQL Server 7.0 and 2000

Apache Upgrades Web Server to fix Vulnerability
A security hole in Apache Web server version 2.0 could allow attackers to gain control of vulnerable systems. According to Apache, the vulnerability has the potential to allow an attacker to inflictserious damage to a server, and reveal sensitive data.This vulnerabilityaffects default installations of the Apache web server.Apache released an upgraded version of the software to correct the vulnerability.

Download Patch from Apache



Previous Tech Alerts:
08/09/02 Is Confidential Bank Information Walking Out Your Door?
07/30/02 Microsoft Continues to Patch Flawed Software
07/23/02 CERT advisory on PHP
07/15/02 Outlook Users Employing PGP Encryption Program Vulnerable to Hacking
07/11/02 Researchers Report Serious Flaw in IE
06/27/02 Microsoft Releases Critical Patch for Windows Media Player
06/18/02 CERT Warns of Critical Vulnerabilty in Apache Web Server
06/12/02 Sports Fans Beware: World Cup Virus Bounces Around the Net
06/07/02 Dead Man Tell No Passwords
05/31/02 Microsoft Issues Critical Warning Regarding Exchange Server
05/22/02 Microsoft SQL Spida Worm Slows Network Traffic
05/15/02 Virus Hoax 'JDBGMGR.EXE' Spreading Rapidly Thoughout Net
04/25/02 Klez Worm Reels in Banks with its Bait
04/11/02 Ten New Vulnerabilities Discovered in Microsoft IIS Server
04/09/02 New Virus Hoax Circulating Around Net
03/22/02 MyLife.B Virus Makes Its Way Around the Net
03/21/02 Microsoft Updates Its Warning on Critical Windows Vulnerability
03/14/02 New Virus (W32/Fbound-C) Spreading Rapidly in the Wild
03/08/02 Unauthorized E-Mail Scam Attempts to Steer Unwitting Customers to Fraudulent Bank Web Site
03/06/02 Klez-E Worm and W32.Gibe Virus Warnings
03/01/02 CERT Issues Warning on PHP Scripting Language Flaw
02/27/02 CERT Issues Warning on Internet Explorer and Outlook Flaw
02/22/02 SNMP Patches and Detection Tools Available
02/20/02 Email Address Belonging to Legitimate Security Site Hijacked to Deliver Dangerous Yarner Worm
02/15/02 Mass Mailing Email Worm Compromises Word 2000 Security Settings
02/13/02 SNMP VULNERABILITY
02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks
02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000
01/31/02 Copycat Virus Unleashed
01/30/02 Netscape Browser Vulnerable to Cookie Theft
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed