Windows Security
Access Your PC from Anywhere Free Trial 2x faster!
Home
Bookmark us now
Windows XP Stuff
Windows XP Tips, Page 2, Page 3, Page 4
Windows 7 Tweaks
Windows Vista
Windows XP Tweaks
FAQ, Networking, SP1, XP SP2, Starter Edition, Firewalls, Themes, Wallpapers, Screensavers, Skins, Visual Tools, Drivers, Software, Media Center Edition, Start Buttons, Start Menu, Explorer, Password Recovery, Web Buttons, Tablet Edition, Professional, Home, Plus, Downloads, Activation, Update, Icons, Training
Windows XP for Newbies
Keylogger
HP Coupons
Sony Coupons
Dell Coupons
Tigerdirect Coupons
Winbackup 2.0 Standard Review
Learn Windows XP
Computer Hardware
Discount Computers
Refurbished Notebook Computers
Computer Parts
Sony Vaio Laptop
Online Accredited Degrees
Masters Degree Online
Online College Degrees
Windows Desktop Themes
Taskbar Repair Tool
Email Saver XE
Auto Pilot for Windows XP
VPN Solutions
Dell Computers
Overstock Computers
Overstock Coupons
Computer Software
Computer Monitors
Laptop Batteries
Laptop Computers
Computer Sales
Video Tutorials
Protect your iPhone 3G from Scratches
Computer Memory
Spyware Remover
Jump Drives
Pen Drive Camera
Mini Digital Cameras
Apple Computers
Apple iPod
PC Remote Control
Memory Upgrades
Computer Case Mods
ATX Cases
Barebone Systems
Computer Desks
Sony Vaio Computers
Stop Spam
Screensavers
Hard Drive Tools
Windows Resource Management
Windows Reinstall
Customize Windows XP
DVD X Copy
Data Recovery
Office File Fix
Excel File Recovery
Windows Backup Software
PC Diagnostic Tools
Monitor Instant Messaging Software
Talisman Desktop 2.5
A+ Training
MCSE Training
SQL Server Training
Increase Internet Speed
Refurbished HP Computers
Computer Bargains
Computer Armoire
XP Tweaking Toolbox
Web Address Registration
Spyware Removal
Registry Mechanic
Data Recovery Tool
Case Mods
Windows XP Speed Up
Tweakmaster Internet Optimizer
Wireless Internet

Windows Security

Welcome to the security section of the Windows Tips website, we will be providing you will some of the latest news and information, as well as patches, hacks and tweaks, oh my. We will be concentrating on Microsoft windows products, Windows XP, NT, Windows 2000 and more, but we will be including other relevant news and articles.
We will be listing many, many knowledge base articles from Microsoft, if you visit the link at the end of the article, you will find an explanation, and the resolution for the problems listed, each page will have the solution or link to the solution on that page. Check out the MSDOS Commands they have at windowsreinstall.com.
Access Your PC from Anywhere - Free Download
You’re invited to try a new remote-access telework solution that CNET says could “change your life.” Gain the freedom to work from anywhere using GoToMyPC. It’s the fast, easy and secure way to access and control your PC via any Web browser — anytime, anywhere. GoToMyPC is perfect for teleworkers, travelers and after-hours access. Installs in 2 minutes – Get Your Free Download Now!

Microsoft Security Bulletin Advance Notification

June 9 2005-On June 14, 2005, the Microsoft Security Response Center is planning to release:
Security Updates
  • 7 Microsoft Security Bulletins affecting Microsoft Windows. The greatest aggregate, maximum severity rating for these security updates is Critical. Some of these updates will require a restart. 5 of these updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA), 2 of these updates will be detectable using the Enterprise Scanning Tool (EST).
  • 1 Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Services for UNIX. The greatest aggregate, maximum severity rating for these security updates is Moderate. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA) and using the Enterprise Scanning Tool (EST).
  • 1 Microsoft Security Bulletin affecting Microsoft Exchange. The greatest aggregate, maximum severity rating for this security update is Important. This update will not require a restart. This update will be detectable using the Microsoft Baseline Security Analyzer (MBSA) and using the Enterprise Scanning Tool (EST).
  • 1 Microsoft Security Bulletin affecting Microsoft Internet Security and Acceleration (ISA) Server and Small Business Server. The greatest aggregate, maximum severity rating for these security updates is Moderate. These updates may require a restart. This update will be detectable using the Enterprise Scanning Tool (EST).

Go here for more.

Online extortionists encrypt files, hold them for ransom

May 24 2005-In a new type of online attack, extortionists remotely encrypt user files and then demand money for the key to decode the information.
In a case documented by San Diego-based Web security company Websense, the attack occurs after a user visits a Web site containing code that exploits a known flaw in Microsoft's Internet Explorer Web browser. The flaw is used to download and run a malicious program that in turn downloads an application that encrypts files on the victim's PC and mapped network drives, according to Websense. The program then drops a ransom note.
"I would see this as the equivalent of somebody coming into your house, putting your valuables in a safe and not telling you the combination," Friedrichs said.
Go here for more.

Windows XP Security Assessment Tool

Nov 12 2004-Download this free Gap Analysis Tool to help you plug the gaps in your Windows XP security. Not only will the tool help you identify problems, but it will also point you to the most helpful resources among eight Windows XP Security TechProGuides, each designed to address a specific security challenge.
Go here for more.

IE patch fixes two leaves one flaw open

Microsoft released a patch late Thursday for a pair of "critical" security holes in its Internet Explorer Web browser but was still investigating a widely publicized vulnerability in its Windows NT and Windows 2000 operating systems.
The browser patch corrects two flaws. The first makes it possible for a malicious hacker to place code on a Web surfer's PC by way of a cookie. Cookies are small files that Web sites place in a secure area on surfers' PCs to track return visits. The flaw allows a script embedded in a cookie to be saved outside the secure area, on the PC's hard disk. The code can then be triggered the next time the surfer visits the site.
Microsoft does not have a patch yet, however, for a recently publicized hole in the software-debugging component of Windows NT and Windows 2000. Malicious users could take advantage of the flaw in the debug tool to gain elevated privileges on a server running either of the operating systems. They could then access, modify and delete otherwise protected files.
Click here for more.

Microsoft Security Bulletin MS02-015: Cumulative Patch for Internet Explorer

This is a cumulative patch that includes the functionality of all previously released patches for IE 5.01, 5.5 and IE 6. In addition, it eliminates the following two newly discovered vulnerabilities.
A vulnerability in the zone determination function that could allow a script embedded in a cookie to be run in the Local Computer zone. While HTML scripts can be stored in cookies, they should be handled in the same zone as the hosting site associated with them, in most cases the Internet zone. An attacker could place script in a cookie that would be saved to the user’s hard disk. When the cookie was opened by the site the script would then run in the Local Computer zone, allowing it to run with fewer restrictions than it would otherwise have.
A vulnerability in the handling of object tags that could allow an attacker to invoke an executable already present on the user’s machine. A malicious user could create HTML web page that includes this object tag and cause a local program to run on the victim’s machine.
Click here for the security bulletin.

1024-bit encryption is 'compromised'

Upgrade to 2048-bit, says crypto expert. According to a security debate sparked off by cryptography expert Lucky Green on Bugtraq yesterday, 1,024-bit RSA encryption should be "considered compromised".
The Financial Cryptography conference earlier this month, which largely focused on a paper published by cryptographer Dan Bernstein last October detailing integer factoring methodologies, revealed "significant practical security implications impacting the overwhelming majority of deployed systems utilising RSA as the public key algorithm".
Based on Bernstein's proposed architecture, a panel of experts estimated that a 1,024-bit RSA factoring device can be built using only commercially available technology for a price range of several hundred million to $1bn. Start saving now.
Click here for the article.

FrontPage Bug Opens Microsoft Sites To Attackers

Exploiting a widely known flaw in Microsoft's Web server software, attackers have defaced three Microsoft [NASDAQ:SFT] Web sites this month.
On Sunday, a Brazilian defacement group known as Silver Lords replaced the home page of a Microsoft customer support site located at http://cust-supp-chat.one.microsoft.com with one of their own.
The defaced page, which was still viewable today, included a message in Portuguese that begins "Bill Gates, my beloved and millionaire friend," and ridicules Microsoft for failing to follow the advice in its security bulletins.
Click here for the article.

Security Review Delays Crucial .NET Passport Update

Microsoft has delayed until early 2003 an updated Microsoft .NET Passport version that the company originally envisioned as the first public step toward its .NET vision. Originally expected in late 2001 but delayed several times since then, .NET Passport 3.0 will include the industry-standard Kerberos security standard, possibly paving the way for competing products to integrate with Microsoft's online authentication system.
Two factors caused the recent delays. The first was Microsoft's security code review during February and part of March, when Microsoft ceased new coding and instead inspected the company's current products for security risks. The second factor was a recent decision to open up changes Microsoft made to Kerberos when the company implemented the technology in Windows 2000 Active Directory (AD). Open-source pundits had charged Microsoft with "embracing and extending" the Kerberos standard by adding proprietary extensions that third-party vendors couldn't access. By releasing the details of those extensions sometime in mid-2002, the company will ease the way for developers who want to integrate their products and services with AD and other Microsoft products that use Kerberos, such as .NET Passport 3.0.
Click here for the article.

Securing your Operating System

Since the release of Windows NT version 3.51 in 1995, Microsoft has become increasingly popular in the enterprise server operating system (OS) space. A trend that has become apparent only since the release of NT4 (1996) and Windows 2000 (2000) is the use of the OS to host mission-critical applications such as corporate intranet and Internet servers, and messaging and database servers. “Mission- critical” implies high availability, reliability, and advanced security. You probably would agree that the transformation of an OS into a secure platform is not a straightforward task. And this task certainly has not been easy for Microsoft, because of its “ease of use” end-user oriented OS background. For a while Microsoft seemed to be searching for the secure OS Holy Grail. With the release of Win2K, it became clear that Microsoft had made significant progress in its security journey. In this article, I explore how you can make Win2K even more secure by using Win2K’s built-in hardening features. I also look at Microsoft and third-party security tools. You can apply most of the tips and tools mentioned in this article to both Win2K servers and workstations.
Click here for the pdf file, lots of useful information on the Win2k hardening features.

Microsoft Outlook's so-so security

March 22 2002-Internet privacy researcher Richard Smith released on Thursday a list of four issues that continue to undermine the security of Microsoft's Outlook 2002 and could leave the major mail program open to attack by virus writers. Although Smith called only one of the issues "critical," he said he released the list to bring the potential security hazards out into the open.
"I just wanted to get it off my table," he said. "I would like to see these issues addressed."
The critique comes two months after Microsoft called for a "Trustworthy Computing" initiative. Kicked off by a memo from Chairman Bill Gates to every employee, the strategy aims to further secure the company's Windows operating system and other products.
For the most part, Microsoft has done a decent job securing its mail program, Smith said, pointing to the latest security patch for Outlook 2002 that eliminates most of the popular vectors for computer viruses. Microsoft representatives were not immediately available for comment.
Click here for the article.

Securing Your Wireless Networks

During the Windows XP beta phase, Microsoft Senior Vice President Brian Valentine told a humorous story about visiting various high-tech companies worldwide and hacking into their wireless networks by using XP-enabled laptops from his rental cars in the companies' parking lots. In one humorous instance, something in this technology actually set off a car alarm in the Oracle parking lot, which Valentine found somewhat appropriate given the competition between the two companies. "I guess it was incompatible with XP," Valentine joked.
Although Valentine warned those companies that had left their wireless networks open to attack, since that time, many more companies have implemented wireless networks and haven't taken the time to properly protect their assets from wireless-based attacks.
The problems are twofold. First, protecting a wireless network requires a different set of configurations than does security for standard wired networks. Second, despite the fact that most IT departments are up-to-date on security concerns and can properly configure Windows-based networks, an alarming number of these companies are simply plugging in wireless Access Points (APs) and setting a few security options.
Click here for the incident notes.

DoS in BitVise WinSSH for Windows 2000

When a user logs on to his or her account through the IMail Server Web interface, the application uses a unique URL to maintain the session authentication. A vulnerability exists in BitVise’s WinSSH that can result in a Denial of Service (DoS) condition. Because of differences in the Secure Shell (SSH) daemon and the underlying socket layer, an attacker can abruptly end sessions without SSH properly freeing those sessions. Each incomplete connection would use a few memory handles and allocate nonpaged kernel memory.
Click here for the incident notes.

Social Engineering Attacks via IRC and Instant Messaging

The CERT/CC has received reports of social engineering attacks on users of Internet Relay Chat (IRC) and Instant Messaging (IM) services. Intruders trick unsuspecting users into downloading and executing malicious software, which allows the intruders to use the systems as attack platforms for launching distributed denial-of-service (DDoS) attacks. The reports to the CERT/CC indicate that tens of thousands of systems have recently been compromised in this manner.
Reports received by the CERT/CC indicate that intruders are using automated tools to post messages to unsuspecting users of IRC or IM services. These messages typically offer the opportunity to download software of some value to the user, including improved music downloads, anti-virus protection, or pornography. Once the user downloads and executes the software, though, their system is co-opted by the attacker for use as an agent in a distributed denial-of-service (DDoS) network. Other reports indicate that Trojan horse and backdoor programs are being propagated via similar techniques.
Here is an example of one such message:
You are infected with a virus that lets hackers get into your machine and read ur files, etc. I suggest you to download [malicious url] and clean ur infected machine. Otherwise you will be banned from [IRC network].
This is purely a social engineering attack since the user's decision to download and run the software is the deciding factor in whether or not the attack is successful. Although this activity is not novel, the technique is still effective, as evidenced by reports of tens of thousands of systems being compromised in this manner. See IN-2000-08: Chat Clients and Network Security for additional information.
Click here for the incident notes.

W32/Gibe Malicious Code

The CERT/CC has received numerous reports of a piece of malicious code, written for the Windows platform, commonly known as W32/Gibe. W32/Gibe spreads via email disguised as a Microsoft security bulletin and patch. A user must execute the attached file in order to be infected. The payload is non-destructive, but a backdoor is installed that may allow an intruder access to the system.
W32/Gibe is a Windows binary executable written in Visual Basic that is spreading via email. The email appears to be from Microsoft; however, Microsoft does not distribute patches via email. The Microsoft software distribution policy can be viewed here.
Click here for the incident notes.

Scans and Probes

Cert.org has a very informative website with the most up to date security and vulnerability information availible. This page contains daily reports of scanning and probing activity. The most frequent reports tend to involve services that have well-known vulnerabilities. Internet hosts continue to be affected by exploitation of well-known vulnerabilities in many of these services. I myself have book marked this page, the vulnerabilities, incidents and fixes page, they try to help make users aware of potential threats and provide information about how to avoid, minimize, or recover from the damage.

Setback for security through obscurity scheme

A proposal on the "responsible disclosure of security vulnerabilities" has been withdrawn from consideration by the Internet Engineering Task Force (IETF), after criticism that the issue was too political to be decided by the Net's prime technical standards body.
Discussions on the IETF's Security Area Advisory Group mailing list reflected the belief that the document is "out of scope" as it does not deal with technical protocols.
Because of this, Steve Christey, lead information security engineer for government engineering firm Mitre, and Chris Wysopal, director of research at security consultants @stake, have decided to take their ideas elsewhere.
"There does not appear to be any way to achieve consensus on this issue, regardless of the merits of the current draft or any future document that may attempt to describe disclosure recommendations," Christey said in a message to the SAAG list yesterday.
Click here for more, or here for the internet-draft.

Unchecked Buffer in Windows Shell Could Lead to Code Execution

The Windows Shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications.
An unchecked buffer exists in one of the functions that helps to locate incompletely removed applications on the system. A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw. A successful attack would have the effect of either causing the Windows Shell to crash, or causing code to run in the user's context.
By default, this is not remotely exploitable. However, under very unusual conditions, it could be exploited via a web page. Specifically, if the user has installed, then uninstalled an application with custom URL handlers, and the application's uninstall routine failed to correctly remove the application completely, an attacker could attempt to mount an attack by constructing an HTML web page that seeks to overrun the buffer. Such a web page could be delivered either by posting it on a web site or sending it by email.
Click here for the security bulletin.

Best Practices for Enterprise Security

Data and transaction security is of paramount importance in this age of rapidly expanding commercial and government computer networks and the emerging Internet economy. The inherent challenges of the security issue have become a top priority in every company that makes use of information technology.
The term computer security is a generalization for a collection of technologies that perform specific tasks related to data security. Using these technologies effectively to secure a corporate network requires that they be integrated into an overall security plan. The planning process for their proper implementation involves:
  1. Gaining a detailed understanding of the potential environmental risks (for example, viruses, hackers, and natural disasters).
  2. Making a proactive analysis of the consequences of and countermeasures to security breaches in relation to risks.
  3. Creating a carefully planned implementation strategy for integrating security measures into all aspects of an enterprise network, based on this understanding and analysis.

Click here for the series of white papers.

Java Applet Can Redirect Browser Traffic

The Microsoft VM is a virtual machine for the Win32 operating environment. It runs atop Microsoft Windows 95, Microsoft Windows 98, ME, Windows NT 4.0 , Windows 2000 and Windows XP. It ships as part of Windows 98, ME, and Windows 2000 and also as part of Internet Explorer 5.5 and earlier.
The version of the Microsoft VM that ships with Internet Explorer version 4.x and 5.x contains a flaw affecting how Java requests for proxy resources are handled. A malicious Java applet could exploit this flaw to re-direct web traffic once it has left the proxy server to a destination of the attacker’s choice.
An attacker could use this flaw to send a user’s Internet session to a system of his own control, without the user being aware of this. The attacker could then forward the information on to the intended destination, giving the appearance that the session was behaving normally. The attacker could then send his own malicious response, making it seem to come from the intended destination, or could discard the session information, creating the impression of a denial of service. Additionally, the attacker could capture and save the user’s session information. This could enable him to execute a replay attack or to search for sensitive information such as user names or passwords.
Click here for the security bulletin.

Malformed Data Transfer Request can Cause Windows SMTP Service to Fail

An SMTP service installs by default as part of Windows 2000 server products. Exchange 2000, which can only be installed on Windows 2000, uses the native Windows 2000 SMTP service rather than providing its own. In addition, Windows 2000 and Windows XP workstation products provide an SMTP service that is not installed by default. All of these implementations contain a flaw that could enable denial of service attacks to be mounted against the service.
The flaw involves how the service handles a particular type of SMTP command used to transfer the data that constitutes an incoming mail. By sending a malformed version of this command, an attacker could cause the SMTP service to fail. This would have the effect of disrupting mail services on the affected system, but would not cause the operating system itself to fail.
Click here for the security bulletin.

Authentication Flaw Could Allow Unauthorized Users To Authenticate To SMTP Service

An SMTP service installs by default as part of Windows 2000 server products and as part of the Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5. (The IMC, also known as the Microsoft Exchange Internet Mail Service, provides access and message exchange to and from any system that uses SMTP). A vulnerability results in both services because of a flaw in the way they handle a valid response from the NTLM authentication layer of the underlying operating system.
By design, the Windows 2000 SMTP service and the Exchange Server 5.5 IMC, upon receiving notification from the NTLM authentication layer that a user has been authenticated, should perform additional checks before granting the user access to the service. The vulnerability results because the affected services don't perform this additional checking correctly. In some cases, this could result in the SMTP service granting access to a user solely on the basis of their ability to successfully authenticate to the server.
An attacker who exploited the vulnerability could gain only user-level privileges on the SMTP service, thereby enabling the attacker to use the service but not to administer it. The most likely purpose in exploiting the vulnerability would be to perform mail relaying via the server.
Click here for the security bulletin.

Cisco router audit tool

The center for Internet Security has realesed version 1.0 of the CIS Level-1 / Level-2 Benchmark and Audit Tool for Cisco IOS Routers, a tool that essentially scans your router config files and checks them for benchmarks, which are designed to enhance the security of the device itself, and is based on the NSA Router Security Configuration Guide, all IOS devices should implement these settings.
The Router Security Configuration Guide provides technical guidance intended to help network administrators and security officers improve the security of their networks. It contains principles and guidance for secure configuration of IP routers, with detailed instructions for Cisco Systems routers. The information presented can be used to control access, resist attacks, shield other network components, and protect the integrity and confidentiality of network traffic.
Click here to download the guide and the tool.

New Microsoft Security Freeware Scans For Windows Holes

Shavlik AdminSuite Version: 3.6
The Shavlik AdminSuite combines best-of-breed security audit tools into a convenient, easy-to-use suite that will help you to ensure enterprise security of your workstations, servers and BackOffice applications such as SQL and IIS. A great new utility for your Security ToolKit.
You are all aware that Microsoft recently released two free security tools, both in a bare-bones format. These tools were co-developed by Microsoft and MS Gold Partner Shavlik. The actual commercial versions (with many more features, extras and a GUI) are now available in a "suite" via Sunbelt Software. The Shavlik AdminSuite combines three powerful security maintenance applications into one easy-to-use bundle. They are used worldwide by Microsoft internally. The Hotfix Checker utilizes an XML config file that is kept up-to-date by Microsoft staff practically in real-time. This will ensure that when you use the Shavlik Hotfix checker, you have a very high degree of certainty your network actually has all the most recent patches, and applied in the right sequence.
Click here for more.

The Twenty Most Critical Internet Security Vulnerabilities

A little over a year ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list to prioritize their efforts so they could close the most dangerous holes first. This new list, released on October 1, 2001, updates and expands the Top Ten list. With this new release, we have increased the list to the Top Twenty vulnerabilities, and we have segmented it into three categories: General Vulnerabilities, Windows Vulnerabilities, and Unix Vulnerabilities.
The SANS/FBI Top Twenty list is valuable because the majority of successful attacks on computer systems via the Internet can be traced to exploitation of security flaws on this list. For instance, system compromises in the Solar Sunrise Pentagon hacking incident and the easy and rapid spread of the Code Red and NIMDA worms can be traced to exploitation of unpatched vulnerabilities on this list.
Click here for the top 20 list.

Scanning for SNMP vulnerabilities

February 16 2002-SANS has released a scanning tool called SNMPing which will find SNMP daemons running on a TCP/IP network. It defaults to port 161, but you can enter the port of your choice.
The good news is that it's small and effective. The bad news is that it only runs on WinNT/2K.
Click here for more.

Protecting Yourself Online

I can't believe I'm just now finding this article on Microsoft, just goes to show that no matter how much searching you do on a subject, you can't find everything.
Got a cable modem or DSL or satellite connection? Are you using a personal firewall? If not, then stop what you're doing and read this article right now. That high speed connection of yours is great—no more waiting for modems to connect or enduring the pain of large downloads—always-on connections will change the way you use the Internet at home. But did you realize that always-on Internet connections are juicy targets for bad guys looking to take over your machine? If you don't take a moment to secure your computer, it most likely will become the target of attack.
An always-on Internet connection is a tempting target for an attacker. Dial-up connections are hard for attackers to use effectively: they're slow and usually brief, and the connection's IP address is different each time you call. Cable, DSL, and satellite connections don't have these same limitations. Because your IP address doesn't change (or changes only rarely), your fast permanent connection to the Internet is quite attractive: the attacker can return to your computer again and again. Some attackers just want to make life hard for you and crash your computer or look through your files for personal information. Others might be looking for computers connected (perhaps over a virtual private network) to corporate networks; a compromised home computer becomes an advertised yet unwitting gateway between the attacker and his/her target. Still others might be amassing hundreds or thousands of home computers from which to launch a distributed attack against a single computer somewhere else on the Internet. Permanent high-speed connections make all of these possible for malicious attackers.
Historically, protecting a computer from attack meant investing lots of time and money in additional hardware and software. While this makes sense for business networks, small home networks and individual users don't need this kind of protection and probably don't really care to spend all their copious free time maintaining it. Over the past couple years a new form of software-based protection has emerged: the personal firewall. These low-cost (sometimes free) programs create a barrier around your personal computer that makes it quite difficult for someone to penetrate. In this article you'll read about the Internet Connection Firewall included in Windows XP and third-party personal firewalls that run on Windows 2000, Windows Millennium Edition, Windows 98, and Windows 95.
It's important to understand one thing, however. No firewall—whether a small free personal firewall or a multiple-thousand dollar enterprise firewall array—will make your computers impervious to attack. Firewalls, like locks and walls and moats and dragons, create barriers to attack—they get in the way of someone trying to take control. By making it difficult for an attacker to get into your computer, by making him/her invest lots of time, you become uninteresting. Personal firewalls very effectively block most bad guys from getting anywhere. But it is impossible to fully prevent all intrusion: all software has bugs, and someone might find an obscure bug in your firewall that allows them to pass through. Don't let this discourage you from installing a firewall, though! Besides using an up-to-date virus scanner, a personal firewall on your always-on home computer is one of the most effective ways to keep yourself—and your Internet neighbors—protected.
Click here for the whole article, interesting reading.

Trustworthy IIS

In Windows .NET Server, you enable only the IIS 6.0 services you want, one of the key hindrances to the acceptance of Microsoft products as enterprise-level tools is security vulnerabilities. Rival companies such as Sun Microsystems and Oracle have a heyday with the security breaches in Microsoft products that hackers and viruses regularly expose.
Microsoft IIS has rightly been a popular target of criticism. IIS has gotten so much flack for its security shortcomings that Gartner, a leading market analysis firm, recommended last year that businesses discontinue using it. This dramatic pronouncement was aimed more at attracting attention than at seriously addressing the problem. Companies' investment in IIS-oriented applications and technology makes chucking IIS an unrealistic option—especially since Microsoft has addressed the known security concerns associated with the CodeRed virus that triggered the Gartner recommendation.
Click here for the whole article.

Virus Alert: W32/Yarner

W32/Yarner is a mass-mailing worm that, unlike similar worms, uses its own code to propagate instead of using Outlook functionality. The worm deletes every file in the C drive that's not currently in use. The worm arrives with a message subject of "Trojaner-Info Newsletter [current date]" where "[current date]" is the current calendar date. The message includes an extensive message body that appears to be a popular newsletter, but in reality the message is spoofed and isn't a genuine newsletter. The worm message carries a file attachment called yawsetup.exe that, when a user executes the file, installs itself to appear as the built-in Notepad application. The worm renames notepad.exe to notedpad.exe and, in the process, copies itself into the system directory under the filename of notepad.exe.
Click here for more.

Microsoft stops new work to fix bugs

Microsoft Corp. today announced a month-long moratorium on new coding as part of its Trustworthy Computing Initiative, said Richard Purcell, head of the company’s corporate privacy office. “We are not coding new code as of today for the next month,” Purcell said at a privacy and data security summit in Washington that was sponsored by the Privacy Officers Association.
Instead, the company is going to go over its old code as a first step in cleaning out bugs. Purcell likened it to a 20-year spring cleaning. “It’s time to get the garage cleaned out,” he said.
Describing the state of computing today as unstable and unreliable, he said Microsoft chairman Bill Gates “is really annoyed by the incredible pain we put everyone through in computing.”
Sounds like a good idea, but seriously, a month? They might be able to get all the bugs out of Windows 3.1 in a month.

Windows 2000 Service Pack 2

Windows 2000 Service Pack 2 (SP2) provides the latest updates to the Windows 2000 family of operating systems. These updates are a collection of fixes in the following areas: application compatibility, operating system reliability, security, and setup. Windows 2000 SP2 includes the updates contained in Windows 2000 Service Pack 1 (SP1). Windows 2000 SP2 is not considered a required upgrade. To determine whether to install Windows 2000 SP2, Microsoft recommends that customers review the Windows 2000 SP2 documentation.
Windows 2000 SP2 automatically upgrades your system to 128-bit encryption. It is not possible to disable or uninstall this feature. If you remove Windows 2000 SP2 after installation, your system will continue to use 128-bit encryption; it will not revert to back to 56-bit encryption.
Windows 2000 SP2 adds high encryption support for all Windows 2000 encryption-based services, including Kerberos, Encrypting File System, RAS, RPC, SSL/TLS, CryptoAPI, Terminal Services RDP, and IPSec. High encryption support improves the security of local data and online transactions, as well as any other content you share over networks or the Internet.
Click here to visit the web page describing service pack 2 and to download the file.

Windows 2000 SP2 Support Tools

These updated Windows 2000 Support Tools (support.cab) will help support personnel and network administrators better manage their networks and troubleshoot problems.
For descriptions of the tools and examples of how they are used, read "Windows 2000 Support Tools" (W2rksupp.chm). This help file is included in the support cab.
For detailed information about the specific tools being updated, read Microsoft Knowledge Base Article Q292003.
Click here for more information and to download the tools.

What’s New in Security for Windows XP Professional and Windows XP Home Edition

Windows XP provides the most dependable version of Windows ever—with the best security and privacy features Windows has ever provided. Overall, security has been improved in Windows XP to help you have a safe, secure, and private computing experience. Windows XP is available in two editions—Windows XP Home Edition for home use, and Windows XP Professional for businesses of all sizes.
Security features in Windows XP Home Edition make it even safer for you to shop and browse on the Internet. Windows XP Home Edition comes with built-in Internet Connection Firewall software that provides you with a resilient defense to security threats when you’re connected to the Internet—particularly if you use always-on connections such as cable modems and DSL.
Windows XP Professional includes all of the security capabilities of Windows XP Home Edition, plus other security management features. These important new security features will reduce your IT costs and enhance the security of your business systems.
Click here for a great article on Windows XP security, or download the Word document here.

MS02-010: Unchecked Buffer in ISAPI Filter May Allow Commerce Server Compromise (Q317615)

February 22nd 2002-A Commerce Server Web site may fail with an access violation. Drwtsn32 reports and logs the process failure.
By default, Commerce Server 2000 installs a dynamic-link library (DLL) with an ISAPI filter that allows the server to provide extended functionality in response to events on the server. This filter, called AuthFilter, provides support for a variety of authentication methods. Commerce Server 2000 can also be configured to use other authentication methods.
A security vulnerability results because AuthFilter contains an unchecked buffer in a section of code that handles certain types of authentication requests. An attacker who provides authentication data that overruns the buffer may cause the Commerce Server process to fail, or may run code in the security context of the Commerce Server process. The process runs with LocalSystem privileges, so exploiting the vulnerability may give the attacker complete control of the server.
Click here for the knowledge base article.

MS02-009: Incorrect VBScript Handling in Internet Explorer Can Allow Web Pages to Read Local Files (Q318089)

February 21st 2002-A vulnerability exists that could allow a malicious Web site operator to view files on the local computer of a visiting user. In addition, the vulnerability could allow a malicious Web site operator to collect information from a user's browsing session after the user had left the Web site. This information could then be passed back to the Web site, and could include personal information such as user names, passwords, or credit card information.
In both cases, the malicious user would have to entice the victim to visit a Web site that is under the malicious user's control. To read information from the user's local computer, the malicious Web site operator would have to know the exact name and location of the files on the user's computer. This vulnerability does not allow an attacker to add, change, or delete files on the user's computer.
This vulnerability occurs because of a flaw in the handling of scripts across domains within frames. The flaw allows scripts to violate Internet Explorer's cross-domain security model in a way that enables a Web site to read data in a frame that belongs to another domain.
Click here for the knowledge base article.

FIX: Unchecked Buffer May Occur When You Connect to Remote Data Source (Q317979)

February 20th 2002-This article discusses a security or privacy issue that may affect the operation of your computer. The information in this article is provided "as-is" without warranty of any kind. The workaround or hotfix that is described in this article addresses the issue as it is currently understood, but may not protect against any undiscovered variants of this issue. Microsoft recommends that you apply this cumulative patch or implement the workarounds if one is provided.
When you submit a query to a remote data source and the query contains a string longer than what is expected, the buffer could be overwritten. If you submit a query that has a string longer than expected, the query may cause a handled exception of this SQL Server thread, or may allow an attacker to run arbitrary code under the security context in which the SQL Server service is running.
Click here for the knowledge base article.

An Unchecked Buffer in the SNMP Service May Allow Code to Run (Q314147)

If you install the Simple Network Management Protocol (SNMP) service and the service is running on your computer, a malicious user may be able to cause a denial-of-service attack on your computer and the malicious user may be able to run code on your computer. The SNMP service is neither installed nor running by default in any version of Windows. Standard firewall hardware and software products and practices recommend that you block the port over which SNMP runs (User Datagram Protocol [UDP] ports 161 and 162). If you use these practices or recommendations, this vulnerability may only occur if the malicious user and computer are on an intranet. Standard security practices recommend that you do not use SNMP except on trusted networks because the SNMP protocol, by design, provides minimal security.
This vulnerability occurs because the component of the SNMP agent service that parses incoming commands contains an unchecked buffer. If a malicious user sends a specific request, the malicious user could cause a buffer overrun attack on the type of computer that is described in the "Symptoms" section in this article.
Click here for the knowledge base article.

Security Update, February 11, 2002

The "11 February 2002 Cumulative Patch for Internet Explorer" update eliminates all known security vulnerabilities affecting Internet Explorer, as well as six new vulnerabilities, and is discussed in Microsoft Security Bulletin MS02-005. Download now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer.
Click here to download the file and here to read Microsoft Security Bulletin MS02-005.

MS02-004: Telnet Server Is Vulnerable to a Denial-of-Service Attack (Q307298)

There is a buffer-overflow vulnerability that affects two Microsoft products: the Telnet service in Windows 2000 and the Telnet daemon (telnetd) in Microsoft Interix 2.2. By sending a specially malformed request to the Telnet server, an attacker could cause either of two results. In the simpler case, this could cause the Telnet server to stop working. In the more complex case, this could allow an attacker to run code of his or her choice on the server.
Microsoft strongly recommends that you use Telnet on only fully trusted networks. You should not use Telnet across the Internet; you should block Telnet connections at your corporate firewall. Neither Windows 2000 nor Interix is affected by by this vulnerability under default conditions.
Click here for the knowledge base article.

XGEN: Exchange 2000 Server Post-Service Pack 2 Admin Fixes Available (Q316056)

This article lists the article numbers for Microsoft Exchange 2000 Server admin bugs that have been fixed since the release of Exchange 2000 Service Pack 2.
For more information about the available admin bug fixes for Exchange 2000, please see the "More Information" section for a list of links to relevant articles in the Microsoft Knowledge Base.
NOTE : Exchange 2000 fixes for a particular component are cumulative and contain all of the previous fixes for that component. Fixes with a particular version number contain all of the fixes that have an earlier version number.
Click here for the knowledge base article.

Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data

Trust relationships are created between Windows NT or Windows 2000 domains to allow users in one domain to access resources in other domains without requiring them to authenticate separately to each domain. When a user in a trusted domain requests access to a resource in a trusting domain, the trusted domain supplies authorization data in the form of a list of Security Identifiers (SIDs) that indicate the user's identity and group memberships. The trusting domain uses this data to determine whether to grant the user's request.
A vulnerability exists because the trusting domain does not verify that the trusted domain is actually authoritative for all the SIDs in the authorization data. If one of the SIDs in the list identified a user or security group that is not in the trusted domain, the trusting domain would accept the information and use it for subsequent access control decisions. If an attacker inserted SIDs of his choice into the authorization data at the trusted domain, he could elevate his privileges to those associated with any desired user or group, including the Domain Administrators group for the trusting domain. This would enable the attacker to gain full Domain Administrator access on computers in the trusting domain.
Click here for the knowledge base article.

SQL Server Text Formatting Functions Contain Unchecked Buffers

SQL Server 7.0 and 2000 provide a number of functions that enable database queries to generate text messages. In some cases, the functions create a text message and store it in a variable; in others, the functions directly display the message. Two vulnerabilities associated with these functions have been discovered.
The first vulnerability results because of a flaw in the functions themselves. Several of the functions don’t adequately verify that the requested text will fit into the buffer that’s supplied to hold it. A buffer overrun could occur as a result, and could be used either to run code in the security context of the SQL Server service or to cause the SQL Server service to fail. SQL Server can be configured to run in various security contexts, and by default runs as a domain user. The precise privileges the attacker could gain would depend on the specific security context that the service runs in.
The second vulnerability results because of a format string vulnerability in the C runtime functions that the SQL Server functions call when installed on Windows NT® 4.0, Windows® 2000 or Windows XP. Although format string vulnerabilities often can be exploited to run code of the attacker's choice, that is not true in this case. Because of the specific way this vulnerability occurs, the C Runtime code would always be overrun with the same values regardless of the attacker’s inputs. As a result, this vulnerability could only be used as a denial of service.
An attacker could exploit the vulnerabilities in either of two ways. The most direct way would be for the attacker to simply load and execute a database query that calls one of the affected functions. Alternatively, if a web site or other database front-end would accept and process arbitrary queries, it could be possible for the attacker to provide inputs that would cause the query to call an affected function with the appropriate parameters.
Click here for the knowledge base article.

Specially Formed Script in HTML Mail can Execute in Exchange 5.5 OWA

On December 6, 2001 Microsoft released the original version of this bulletin. On December 7, 2001 an issue relating to file dependencies for the patch was identfied and the bulletin was updated and re-released to include this information. Specifically, for this patch to function properly, the Outlook Web Access (OWA) server on which the patch is installed must have Internet Explorer (IE) 5.0 or greater installed. If the patch is installed on a system with a version of IE less than 5.0, unexpected consequences may result. The "Caveats" section has been updated to include version requirements for this patch. In addition, it contains version recommendations for dependent components that are applicable at the time of this writing. In addition, the FAQ contains remediation information for customers who have applied this patch on systems with versions of IE older than 5.0.
OWA is a service of Exchange 5.5 Server that allows users to access and manipulate messages in their Exchange mailbox by using a web browser.
A flaw exists in the way OWA handles inline script in messages in conjunction with Internet Explorer. If an HTML message that contains specially formatted script is opened in OWA, the script executes when the message is opened. Because OWA requires that scripting be enabled in the zone where the OWA server is located, a vulnerability results because this script could take any action against the user's Exchange mailbox that the user himself was capable of, including sending, moving, or deleting messages. An attacker could maliciously exploit this flaw by sending a specially crafted message to the user. If the user opened the message in OWA, the script would then execute.
Click here for the knowledge base article.

Windows Media Player .ASF Processor Contains Unchecked Buffer

One of the streaming media formats supported by Windows Media Player is Advanced Streaming Format (ASF). A security vulnerability occurs in Windows Media Player 6.4 because the code that processes ASF files contains an unchecked buffer.
By creating a specially malformed ASF file and inducing a user to play it, an attacker could overrun the buffer, with either of two results: in the simplest case, Windows Media Player 6.4 would fail; in the more complex case, code chosen by the attacker could be made to run on the user’s computer, with the privileges of the user. The scope of this vulnerability is rather limited. It affects only Windows Media Player 6.4, and can only be exploited by the user opening and deliberately playing an ASF file. There is no capability to exploit this vulnerability via email or a web page.
However, the patch eliminates additional vulnerabilities. Specifically, it eliminates all known vulnerabilities affecting Windows Media Player 6.4 – discussed in Microsoft Security Bulletins MS00-090, MS01-029, and MS01-042 – as well as some additional variants of these vulnerabilities that were discovered internally by Microsoft. Some of these vulnerabilities could be exploited via email or a web page. In addition, some affect components of Windows Media Player 6.4 that, for purposes of backward compatibility, ship with Windows Media Player 7, and 7.1. We therefore recommend that customers running any of these versions of Windows Media Player apply the patch to ensure that they are fully protected against all known vulnerabilities.
Click here for the knowledge base article.

Invalid Universal Plug and Play Request can Disrupt System Operation

On November 08, 2001 Microsoft discovered that the Windows ME patch failed to properly register the upnp.dll. On November 13, 2001, Microsoft released a corrected version of the Windows ME patch. Microsoft recommends that customers who installed the original Windows ME patch download and install the new one. Customers using other systems do not need to take any additional action, as only the Windows ME patch contained the error.
The Universal Plug and Play (UPnP) service allows computers to discover and use network-based devices. Windows ME and XP include native UPnP services; Windows 98 and 98SE do not include a native UPnP service, but one can be installed via the Internet Connection Sharing client that ships with Windows XP.
A vulnerability results because the UPnP service does not correctly handle certain types of invalid UPnP requests. On Windows 98, 98SE, and ME systems, receiving such a request could cause a variety of effects ranging from slow performance to system failure. On Windows XP, the effect is less serious as the flaw consists of a memory leak. Each time a Windows XP system received such a request, a small amount of system memory would become unavailable; if repeated many times, it could deplete system resources to the point where performance slowed or stopped altogether.
Click here for the knowledge base article.

Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone

This patch eliminates three vulnerabilities affecting Internet Explorer. The first involves how IE handles URLs that include dotless IP addresses. If a web site were specified using a dotless IP format (e.g., http://031713501415 rather than http://207.46.131.13), and the request were malformed in a particular way, IE would not recognize that the site was an Internet site. Instead, it would treat the site as an intranet site, and open pages on the site in the Intranet Zone rather than the correct zone. This would allow the site to run with fewer security restrictions than appropriate. This vulnerability does not affect IE 6.
The second involves how IE handles URLs that specify third-party sites. By encoding an URL in a particular way, it would be possible for an attacker to include HTTP requests that would be sent to the site as soon as a connection had been established. These requests would appear to have originated from the user. In most cases, this would only allow the attacker to send the user to a site and request a page on it. However, if exploited against a web-based service (e.g., a web-based mail service), it could be possible for the attacker to take action on the user’s behalf, including sending a request to delete data.
The third is a new variant of a vulnerability discussed in Microsoft Security Bulletin MS01-015, affecting how Telnet sessions are invoked via IE. By design, telnet sessions can be launched via IE. However, a vulnerability exists because when doing so, IE will start Telnet using any command-line options the web site specifies. This only becomes a concern when using the version of the Telnet client that installs as part of Services for Unix (SFU) 2.0 on Windows NT 4.0 or Windows 2000 machines. The version of the Telnet client in SFU 2.0 provides an option for creating a verbatim transcript of a Telnet session. An attacker could start a session using the logging option, then stream an executable file onto the user’s system in a location that would cause it to be executed automatically the next time the user booted the machine. The flaw does not lie in the Telnet client, but in IE, which should not allow Telnet to be started remotely with command-line arguments.
Click here for the knowledge base article.

Windows XP Security Updates

Here are a few handy links for you, Windows XP home edition security updates are here, and Windows XP professional edition is here, although they probably will be the same updates most of the time. Windows 2000 Advanced server security updates are here, Windows 2000 Datacenter server security updates are here, Windows 2000 Professional security updates are here, and Windows 2000 Advanced server security updates are here. Windows NT Server 4.0 security updates are here, Windows NT server 4.0, Enterprise Edition security updates are here, Windows NT server 4.0, Terminal Server Edition security updates are here, and Windows NT Workstation 4.0 security updates are here. If you have other Microsoft software you would like to check you can find it by visiting one of these links and selecting it from the drop down box.





Optimize your pcs performance
Free Optimize scan