[ISN] Security UPDATE--New Patches, Old Patches, and Loading Patches--October 20, 2004

InfoSec News isn at c4i.org
Thu Oct 21 04:11:13 EDT 2004


This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which you
might be interested. Please take a moment to visit these advertisers'
Web sites and show your support for Security UPDATE.

BindView Corporation

IT Security Solutions Roadshow - Coming to your city soon!


1. In Focus: New Patches, Old Patches, and Loading Patches

2. Security News and Features
   - Recent Security Vulnerabilities
   - Bleeding Edge of Snort
   - The Blended Threat
   - A Forgotten Caveat of Patches

3. Security Matters Blog
   - New JPEG GDI+ Scanning Tool
   - SANS Top 20 Vulnerabilities

4. Instant Poll

5. Security Toolkit
   - FAQ
   - Security Forum Featured Thread

6. New and Improved
   - Encrypt Sensitive Files


==== Sponsor: BindView Corporation ====
   Hear Simple Nomad speak on assessing and overcoming internal IT
threats at a free BindView Corporation web seminar on November 11.
He'll cover the things you need to evaluate and do to protect your
company's data. He'll cover asset assessment and attack vectors such
as direct network assaults, common services attacks and attacks
against non-controlled assets. But he won't leave you in the dark.
Once he explains the threats, he'll also cover effective ways to
mitigate against them. Known throughout the security community, Simple
Nomad always provides candid insight into the threats that matter


==== 1. In Focus: New Patches, Old Patches, and Loading Patches ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You probably know that last week, Microsoft released 10 security
bulletins that include a barrage of new security patches, many of
which the company considers to be of a critical nature. The patches
pertain to a wide variety of system components including RPC, Network
Dynamic Data Exchange (NetDDE), Web Distributed Authoring and
Versioning (WebDAV), the Windows shell, Excel, and much more.

When new security vulnerabilities are brought to light, somebody soon
releases an exploit to take advantage of unprotected systems. So if
you haven't checked into the new bulletins, consider doing so soon if
you expect to keep your systems protected.

Some of you might still be working to determine which of your systems
are affected by the JPEG GDI+ vulnerability that was announced in last
month's security bulletins from Microsoft. The company recently
released new articles and a new scanning tool to help you identify and
replace vulnerable DLLs.

If you use the original JPEG GDI+ scanning tool from Microsoft, you've
probably figured out that the tool has some significant shortcomings.
It might have left you wondering whether you'd really replaced all the
vulnerable DLLs on your system. The new tool is an improvement over
the original tool, and it can work in conjunction with Microsoft
Systems Management Server (SMS). You can link to more information
about the new tool in the "New JPEG GDI+ Scanning Tool" blog entry

If you're still working to install Windows XP Service Pack 2 (SP2),
you might come across instances in which certain applications cease to
function the way they did before you installed the new service pack.
Some applications stop working correctly because of the new Windows
Firewall. The Microsoft article "Some programs seem to stop working
after you install Windows XP Service Pack 2" 
( http://support.microsoft.com/?kbid=842242 ) offers a list of some of
the more popular applications that might be affected. The article
describes which ports need to be open for a listed application and why
they need to be open. The article also provides advice about how to
determine which ports need to be open for applications that aren't

And since I mentioned XP SP2, did you know that the service pack adds
a new option to the system shutdown dialog box? The new option lets
any newly downloaded updates be installed before the system is shut
down and the computer is powered off. This way, the updates can be
installed when you're finished using the system instead of when you're
trying to get some work done in the middle of the day. You can adjust
registry settings to control whether the new option is displayed to
users and whether the option is the default setting. You can read
about this feature and other changes introduced by XP SP2 in "Changes
to Functionality in Microsoft Windows XP Service Pack 2" 
( http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2chngs.mspx ).


==== Sponsor: IT Security Solutions Roadshow - Coming to your city
soon! ====
   Viruses and security intrusions are always a threat. Take action
before they reach your network. Join McAfee and Microsoft for a free
half-day event that will give you the practical hands-on experience
you need to help secure your organization. If you've joined us for our
past security events, you won't want to miss this Roadshow. Take your
security to the next level. We'll help you implement a step-by-step
action plan to secure your network with antivirus and intrusion
prevention strategies. Register today!


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries

News: Bleeding Edge of Snort
   A new Web site, The Bleeding Edge of Snort, is available for those
who use the Snort open source Intrusion Detection System (IDS). Among
other things, the site offers new Snort rules that aren't necessarily
part of the regular Snort rules distribution.

Feature: The Blended Threat
   One of Alan Sugano's clients recently had a laptop that was
infected with a virus and lots of spyware. The company cleaned the
laptop and gave it back to the user. A few days later, the client
called to tell Sugano that Internet access was down at one of its
remote locations. He went to the remote site to troubleshoot the
Internet connection. The firewall was getting bombarded with so many
packets that it was crashing. Read this article to learn what Sugano
discovered and how he remedied the situation.

Feature: A Forgotten Caveat of Patches
   David Chernicoff tends to be somewhat obsessive about keeping all
the computers he's directly responsible for updated with patches and
hotfixes. This attention to detail has paid off: he has yet to have a
virus or security exploit on one of his personal computers, nor has he
had to deal with malware outbreaks or anything of that nature.
Unfortunately, he's not always able to convey his sense of urgency to
his friends and clients. Read what Chernicoff discovered about one of
his clients' mission-critical computer systems.


==== Announcements ====
   (from Windows IT Pro and its partners)

Free Exchange Server 2003 eBook--Chapter 7 Now Available
   Download the latest chapter, "Administration Best Practices." Learn
easy steps to prevent disasters and maintain a healthy system. You'll
learn how to understand message stores, backup and restore procedures,
performance, and the recovery process. Get the latest chapter now!

Do You Have What It Takes to Compete in the IT Prolympics?
   Compete in the first-ever IT Prolympics to test your Active
Directory knowledge against your peers. You could win recognition and
great prizes. The IT Prolympian grand prize is an expense-paid trip to
TechEd 2005. Enter the competition at

New half-day seminar! The Enterprise Alliance Roadshow
   Come and join us for this free event and find out how a more
strategic and holistic approach to IT planning helps organizations
increase operational efficiency and facilitate the implementation of
new technology. Sign up today. Space is limited.


==== 3. Security Matters Blog ====
   by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Check out these recent entries in the Security Matters blog:

New JPEG GDI+ Scanning Tool
   Microsoft released a new tool, the MS024-028 Enterprise Update
Scanning Tool, that can help you scan your systems for DLLs that are
vulnerable to JPEG GDI+ exploits. The tool also updates the outdated
DLLs discovered in the scanning process. Microsoft also released a new
article, "GDI+ 1.0 Security Update Overview," that offers an overview
of the recent GDI+ fixes and other relevant information.

SANS Top 20 Vulnerabilities
   SANS released its annual Top 20 list of Internet security
vulnerabilities. According to SANS, the list is compiled by consensus
of contributors from "government agencies in the UK, US, and
Singapore; the leading security software vendors and consulting firms;
the top university-based security programs; many other user
organizations; and the SANS Institute."

==== 4. Instant Poll ====

Results of Previous Poll:
Have you been affected by a recent JPEG GDI+ exploit?
   The voting has closed in this Windows IT Pro Security Hot Topic
nonscientific Instant Poll. Here are the results from the 72 votes.
   - 1% Yes
   - 50% No, we've patched our systems
   - 3% No, we've patched our systems and removed vulnerable JPEG
   - 29% No
   - 17% I'm not certain

New Instant Poll:
Do you use Mac OS X on your network?
   Go to the Security Hot Topic and submit your vote for
   - Yes
   - No, but we intend to
   - No
   - I'm not sure

==== 5. Security Toolkit ====

   by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: When I run Norton AntiVirus 2005, why do I receive an error stating
that the program can't be repaired and must be reinstalled?

Find the answer at

Security Forum Featured Thread
   A reader needs to create 84 new folders and assign certain NTFS
permissions to each of those folders. He's written a simple batch
script that creates all the folders, but he doesn't know how to make
the script assign appropriate permissions. Join the discussion at


==== Events Central ====
   (A complete Web and live events directory brought to you by Windows
IT Pro at http://www.windowsitpro.com/events )

Get the Inside Secrets to Assuring Policy Compliance
   In this free Web Seminar, you'll learn the secrets to keeping up
with the latest knowledge on security regulations, vulnerabilities,
exploits, and best practices to create an effective policy management
lifecycle in your organization. Discover how to reduce risks and
secure assets in your IT environment to improve policy compliance.
Register now!


==== 6. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

Encrypt Sensitive Files
   CadabraSoftware offers P-Encryption Suite 2.2.4, a Windows
encryption program that stores all private and sensitive documents in
one encrypted file. Emphasizing usability, P-Encryption Suite lets you
view or edit a file that's been encrypted by using a plug-in from the
program's library or by using the file's default application. You can
choose from four encryption algorithms, including 256-bit Advanced
Encryption Standard (AES--Rijndael) and 448-bit BlowFish encryption.
P-Encryption Suite provides additional privacy solutions, including
encrypted email, an encrypted address book, and anti-keystroke-logging
protection. P-Encryption Suite runs under Windows 2003/XP/2000/NT
4.0/Me/98 and costs $34.95 for a single-user license (multi-user
discounts are available). You can download a free, fully-functional
30-day trial version. For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and
solutions in the Security Administrator print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rsecadmin at windowsitpro.com. If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.


==== Contact Us ====

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://www.windowsitpro.com/forums
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com


This email newsletter is brought to you by Security Administrator, the
leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for internal
users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

More information about the ISN mailing list