Symantec Security Alert and Patch

VERITAS NetBackup Vulnerable to Multiple Buffer Overflows

Symantec's VERITAS NetBackup contains critical buffer overflow vulnerabilities that could result in elevated privilege access to an affected system. Affected product components include NetBackup Master, Media Servers, and clients. Symantec posted an advisory along with patches to correct the problems.

Made in Express

Bill Gates Webcasts

All the latest speech's and keynote webcasts including the latest on convergence can be found Here

Information Worker Videos For Download

PTS-TV and what it is

http://blogs.technet.com/john_westworth/archive/2006/03/16/422233.aspx from john Westworth

Blogcast: Outlook 2007 (14mins)

A superb Blogcast about Office 2007 from the Office Rocker he also looks at how Outlook configures to OneNote 2007

Security Alert 22-03-06

Security Alert, March 22, 2006

Vulnerability in IE Could Allow Remote Intruders to Execute Code

An unpatched vulnerability in Microsoft Internet Explorer (IE) might allow a remote intruder to execute code on a user's system without the user's knowledge. Complete details of the exploit are not yet available, however the problem relates to HTML Application (HTA) files.

Microsoft is aware of the problem, is investigating, and will release a patch for the problem, possibly in April.

I would suggest that as an extra precaution that emails be opened in text format only first, rather than HTML or Rich Text format when using OE or Office Outlook.

Security Alert March 16th 2006

Security Alert, March 16, 2006
Adobe Flash, Shockwave, and Breeze Might Allow System Compromise
Critical vulnerabilities were discovered in Adobe Flash Player, Shockwave Player, and Breeze that could allow a remote intruder to take complete control of an affected system. The exact cause of the vulnerability hasn't been disclosed at this time, but an intruder could exploit the weakness by causing the user's browser to load a malicious Flash file (.swf). Adobe recommends that users upgrade to the latest version of the products (see the first URL below). Information on workarounds, including one to prevent Flash files from loading into the browser, is available from Microsoft (second URL below).
http://list.windowsitpro.com/t?ctl=24238:3943B9
http://list.windowsitpro.com/t?ctl=24239:3943B9

evidence of a website that appears to be hosting a malicious keylogger trojan horse

Trojan horses (software that includes “features” that may work against the user’s intentions) are hardly new, nor are keyloggers. I find it interesting that the “My Anti Spyware” blog includes a post detailing reports of an apparently malicious website that’s hosting a trojan keylogger. Click here to read the details for yourself.

Recommendation: keep patched and use least privilege wherever possible.

My Thanks to Steve Lambs Blog for the initial link and bringing it to our attention.

2 Security Bulletins for March

Microsoft released two security bulletins for March, one related to Microsoft Office and another about certain Windows versions that have weak permissions defined for certain services.

The security update for MS06-012--Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) involves specially formed Office documents and is a bigger risk because it allows remote code execution and targets the more difficult- to-control workstation environment.

This security update patches a number of vulnerabilities associated with various Office and Microsoft Works Suite programs, and you should be concerned if you have systems with Office 2003/XP/2000 or Microsoft Works Suite 2006/2005/2004/2003/2002/2001/2000 or even Microsoft Excel for Mac.

With regard to the other bulletin, users of Windows Server
2003 Service Pack 1 (SP1), Windows XP SP2, and Windows 2000 SP4 can relax.

Only individuals or organizations that have systems with XP SP1 and Windows 2003 without SP1 are vulnerable to the exposure described in MS06-011--Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798).

Peewitsol I.T. Pro Services recommend applying this security update only repeat only to highly sensitive servers on which you've already made a commitment to full overall hardening.

Still getting Pop-up's with the Blocker enabled

Today I held a security seminar for young executives, regarding surfing the net safely and different types of browsers and the best security settings for them. Some Internet Explorer users amongst them were asking why they still get pop-ups even though they have turned on the Pop-up Blocker.

Barring user error, there are three possible reasons that we discussed below.

Note:
These settings can be accessed from Tools->Pop-up Blocker->Pop-up Blocker Settings.


Reason: They clicked (or otherwise initiated a user action) on the page and your Pop-up Blocker Filter Level is set to Medium.

Solution: To set the Filter Level to High; make use of the Allow List and the override key (CTRL) to allow desired pop-ups.



Reason: You have spyware or other malware installed, either with or without your knowledge.

Solution: Acquire and use reputable anti-spyware software. Microsoft has a Beta version of Windows Defender available for download. A few minutes spent researching on the web should lead you to several other popular packages as well. Keep the computer up-to-date with regard to the latest security patches by visiting Microsoft Update on a regular basis and enabling automatic downloads of security patches.


Reason: The web site is making use of a Pop-up Blocker unaware Active X control that provides a mechanism for opening a new Internet Explorer window.

Solution: Use Tools->Manage Add-ons to disable suspect controls. When you visit a web site and get unwanted pop-ups, open Manage Add-ons and see what controls are currently loaded by Internet Explorer. Through a process of elimination, you should be able to disable controls that are being used to open Pop-ups. This may cause legitimate sites to stop working correctly and you will need to re-enable the control when you want to use it. (A balloon tip and blocked-control icon will appear on the status bar in Internet Explorer when a control is blocked. You can click the icon to quickly access Manage Add-ons and re-enable the control.)

Furthermore, do not install Active X controls from sites you do not trust 100%.

Free New Microsoft Windows Defender (Beta 2)

I have been asked by colleagues & clients to put this here

Microsoft’s premier AntiSpyware software Windows Defender has a free new major upgrade! Together with Microsoft’s Windows OneCare you can maintain your computer’s health.

Download Here ==> Windows Defender (Beta 2) is a free program that helps you stay productive by protecting your computer against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted software.
NEW! ==> Now available for Windows 64 Bit Version!
Support Resources
AntiMalware Blog
FAQ
Newsgroups

MARA & the Crossover Trojan Virus

http://www.mobileav.org/

MARA have issued a statement that they have found the first virus that can cross from a PC to a mobile device.

Hmmmmmm

Microsoft Security Advisory (912945) Today

http://www.microsoft.com/technet/security/advisory/912945.mspx

Microsoft has releasing a non-security update for Internet Explorer on February 28, 2006.
For more information about this update, see Microsoft Knowledge Base Article 912945. This update is separate from the security update released on February 14, 2006 as part of Microsoft Security Bulletin MS06-004.
Microsoft Knowledge Base Article 912945 and the accompanying non-security update targets the following software:
•
Internet Explorer for Microsoft Windows XP Service Pack 2
•
Internet Explorer for Microsoft Windows Server 2003 Service Pack 1

My thanks to Stepto http://blogs.technet.com/msrc/default.aspx at the Microsoft Security Response Center