Tech Alert Briefing for 10/21/2002
Critical patch released for Windows 2000, Windows XP
Microsoft released a bulletin alerting users of Windows 2000 and Windows XP systems of a critical security vulnerability that could result in Denial of Service attacks being perpetrated by a hacker exploiting the flaw in systems running the Point-to-Point Tunneling Protocol (PPTP), a Virtual Private Networking technology that is implemented as part of Remote Access Services (RAS).
Servers would only be at risk from the vulnerability if they had been specifically configured to offer PPTP services. PPTP does not run by default on any Windows system. However, Microsoft urges system administrators to install the updated patch on any Windows 2000 and XP systems running the PPTP protocal.
The patch may be downloaded at:
- Microsoft Windows 2000:
http://www.microsoft.com/downloads/Release.asp?ReleaseID=43606- Microsoft Windows XP:
32-bit: http://www.microsoft.com/downloads/Release.asp?ReleaseID=43635
64-bit: http://www.microsoft.com/downloads/Release.asp?ReleaseID=43631
Some E-cards contain unfriendly greeting
Ecards sent from friendsgreetings.com and egreetings@yahoo.com have recently buried a few corporate servers with a flood of unfriendly greetings.
The problem with the malicious e-cards result from an exploitation of two well known vulnerabilities stemming from, in one case, an Active X control exploit that enables code to be run on a user's system that can automatically send out replicas of the greeting to everyone on their Outlook contact list.
The second e-card exploitation uses a Trojan Horse contained in software that users are required to download in order to view the greeting card.
Employing safe-computing practices, which include not downloading any software from an untrusted source and not allowing Active X controls to be launched from emails originating outside of the internal network can greatly eliminate these types of abuses.
Editors Note: BankersOnline e-card Exchange does NOT use Active X controls or require software downloads to view our e-greeting cards.
Previous Tech Alerts:
11/01/02Critical patch released for Windows 2000, Windows XP
10/21/02Microsoft Fixes Vulnerabilities: Releases Patches for SQL, Word and Excel
10/03/02Bugbear Worm Gains Strength
10/02/02Top 20 List of Internet Security Vulnerabilities Released
09/02/02Microsoft Warns SysAdmins To Immediately Patch Identity Spoofing Flaw
08/21/02Microsoft releases patch to fix "critical" vulnerability inWindows 2000 systems that allow unprivileged users to logonto them interactively
08/09/02 Is Confidential Bank Information Walking Out Your Door?
07/30/02 Microsoft Continues to Patch Flawed Software
07/23/02 CERT advisory on PHP
07/15/02 Outlook Users Employing PGP Encryption Program Vulnerable to Hacking
07/11/02 Researchers Report Serious Flaw in IE
06/27/02 Microsoft Releases Critical Patch for Windows Media Player
06/18/02 CERT Warns of Critical Vulnerabilty in Apache Web Server
06/12/02 Sports Fans Beware: World Cup Virus Bounces Around the Net
06/07/02 Dead Man Tell No Passwords
05/31/02 Microsoft Issues Critical Warning Regarding Exchange Server
05/22/02 Microsoft SQL Spida Worm Slows Network Traffic
05/15/02 Virus Hoax 'JDBGMGR.EXE' Spreading Rapidly Thoughout Net
04/25/02 Klez Worm Reels in Banks with its Bait
04/11/02 Ten New Vulnerabilities Discovered in Microsoft IIS Server
04/09/02 New Virus Hoax Circulating Around Net
03/22/02 MyLife.B Virus Makes Its Way Around the Net
03/21/02 Microsoft Updates Its Warning on Critical Windows Vulnerability
03/14/02 New Virus (W32/Fbound-C) Spreading Rapidly in the Wild
03/08/02 Unauthorized E-Mail Scam Attempts to Steer Unwitting Customers to Fraudulent Bank Web Site
03/06/02 Klez-E Worm and W32.Gibe Virus Warnings
03/01/02 CERT Issues Warning on PHP Scripting Language Flaw
02/27/02 CERT Issues Warning on Internet Explorer and Outlook Flaw
02/22/02 SNMP Patches and Detection Tools Available
02/20/02 Email Address Belonging to Legitimate Security Site Hijacked to Deliver Dangerous Yarner Worm
02/15/02 Mass Mailing Email Worm Compromises Word 2000 Security Settings
02/13/02 SNMP VULNERABILITY
02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks
02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000
01/31/02 Copycat Virus Unleashed
01/30/02 Netscape Browser Vulnerable to Cookie Theft
01/28/02 "My Party" Mass Mailing Worm
01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability
01/15/02 Trojan.StartPage Alters Web Browsers
01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability
12/20/01 Holiday Themed Computer Virus Unleashed