Security UPDATE--New Patches, Old Patches, and Loading Patches--October 20, 2004

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

BindView Corporation

http://www.bindview.com/Events/GetEvents.cfm?NUM=1250&AD=NS-1020ITPro1111WBNR-Q404

IT Security Solutions Roadshow - Coming to your city soon!

http://www.windowsitpro.com/roadshows/security/index.cfm?code=1020Sec_S

1. In Focus: New Patches, Old Patches, and Loading Patches

2. Security News and Features

- Recent Security Vulnerabilities

- Bleeding Edge of Snort

- The Blended Threat

- A Forgotten Caveat of Patches

3. Security Matters Blog

- New JPEG GDI+ Scanning Tool

- SANS Top 20 Vulnerabilities

4. Instant Poll

5. Security Toolkit

- FAQ

- Security Forum Featured Thread

6. New and Improved

- Encrypt Sensitive Files

==== Sponsor: BindView Corporation ====

Hear Simple Nomad speak on assessing and overcoming internal IT threats at a free BindView Corporation web seminar on November 11. He'll cover the things you need to evaluate and do to protect your company's data. He'll cover asset assessment and attack vectors such as direct network assaults, common services attacks and attacks against non-controlled assets. But he won't leave you in the dark. Once he explains the threats, he'll also cover effective ways to mitigate against them. Known throughout the security community, Simple Nomad always provides candid insight into the threats that matter most. http://www.bindview.com/Events/GetEvents.cfm?NUM=1250&AD=NS-1020ITPro1111WBNR-Q404

==== 1. In Focus: New Patches, Old Patches, and Loading Patches ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You probably know that last week, Microsoft released 10 security bulletins that include a barrage of new security patches, many of which the company considers to be of a critical nature. The patches pertain to a wide variety of system components including RPC, Network Dynamic Data Exchange (NetDDE), Web Distributed Authoring and Versioning (WebDAV), the Windows shell, Excel, and much more.

When new security vulnerabilities are brought to light, somebody soon releases an exploit to take advantage of unprotected systems. So if you haven't checked into the new bulletins, consider doing so soon if you expect to keep your systems protected.

http://www.microsoft.com/technet/security/default.mspx

Some of you might still be working to determine which of your systems are affected by the JPEG GDI+ vulnerability that was announced in last month's security bulletins from Microsoft. The company recently released new articles and a new scanning tool to help you identify and replace vulnerable DLLs.

If you use the original JPEG GDI+ scanning tool from Microsoft, you've probably figured out that the tool has some significant shortcomings. It might have left you wondering whether you'd really replaced all the vulnerable DLLs on your system. The new tool is an improvement over the original tool, and it can work in conjunction with Microsoft Systems Management Server (SMS). You can link to more information about the new tool in the "New JPEG GDI+ Scanning Tool" blog entry below.

If you're still working to install Windows XP Service Pack 2 (SP2), you might come across instances in which certain applications cease to function the way they did before you installed the new service pack. Some applications stop working correctly because of the new Windows Firewall. The Microsoft article "Some programs seem to stop working after you install Windows XP Service Pack 2" ( http://support.microsoft.com/?kbid=842242 ) offers a list of some of the more popular applications that might be affected. The article describes which ports need to be open for a listed application and why they need to be open. The article also provides advice about how to determine which ports need to be open for applications that aren't listed.

And since I mentioned XP SP2, did you know that the service pack adds a new option to the system shutdown dialog box? The new option lets any newly downloaded updates be installed before the system is shut down and the computer is powered off. This way, the updates can be installed when you're finished using the system instead of when you're trying to get some work done in the middle of the day. You can adjust registry settings to control whether the new option is displayed to users and whether the option is the default setting. You can read about this feature and other changes introduced by XP SP2 in "Changes to Functionality in Microsoft Windows XP Service Pack 2" ( http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2chngs.mspx ).

==== Sponsor: IT Security Solutions Roadshow - Coming to your city soon! ====

Viruses and security intrusions are always a threat. Take action before they reach your network. Join McAfee and Microsoft for a free half-day event that will give you the practical hands-on experience you need to help secure your organization. If you've joined us for our past security events, you won't want to miss this Roadshow. Take your security to the next level. We'll help you implement a step-by-step action plan to secure your network with antivirus and intrusion prevention strategies. Register today!

http://www.windowsitpro.com/roadshows/security/index.cfm?code=1020Sec_S

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

News: Bleeding Edge of Snort

A new Web site, The Bleeding Edge of Snort, is available for those who use the Snort open source Intrusion Detection System (IDS). Among other things, the site offers new Snort rules that aren't necessarily part of the regular Snort rules distribution.

http://www.winnetmag.com/Article/ArticleID/44208/44208.html

Feature: The Blended Threat

One of Alan Sugano's clients recently had a laptop that was infected with a virus and lots of spyware. The company cleaned the laptop and gave it back to the user. A few days later, the client called to tell Sugano that Internet access was down at one of its remote locations. He went to the remote site to troubleshoot the Internet connection. The firewall was getting bombarded with so many packets that it was crashing. Read this article to learn what Sugano discovered and how he remedied the situation.

http://www.winnetmag.com/Article/ArticleID/44206/44206.html

Feature: A Forgotten Caveat of Patches

David Chernicoff tends to be somewhat obsessive about keeping all the computers he's directly responsible for updated with patches and hotfixes. This attention to detail has paid off: he has yet to have a virus or security exploit on one of his personal computers, nor has he had to deal with malware outbreaks or anything of that nature. Unfortunately, he's not always able to convey his sense of urgency to his friends and clients. Read what Chernicoff discovered about one of his clients' mission-critical computer systems.

http://www.winnetmag.com/Article/ArticleID/44211/44211.html

==== Announcements ====

(from Windows IT Pro and its partners)

Free Exchange Server 2003 eBook--Chapter 7 Now Available

Download the latest chapter, "Administration Best Practices." Learn easy steps to prevent disasters and maintain a healthy system. You'll learn how to understand message stores, backup and restore procedures, performance, and the recovery process. Get the latest chapter now!

http://www.windowsitlibrary.com/ebooks/exchangeserver2003/index.cfm?code=1018annc

Do You Have What It Takes to Compete in the IT Prolympics?

Compete in the first-ever IT Prolympics to test your Active Directory knowledge against your peers. You could win recognition and great prizes. The IT Prolympian grand prize is an expense-paid trip to TechEd 2005. Enter the competition at

http://www.windowsitpro.com/itprolympics/index.cfm?code=10018annc

New half-day seminar! The Enterprise Alliance Roadshow

Come and join us for this free event and find out how a more strategic and holistic approach to IT planning helps organizations increase operational efficiency and facilitate the implementation of new technology. Sign up today. Space is limited.

http://www.windowsitpro.com/roadshows/serverconsolidation/index.cfm?code=1018annc

==== 3. Security Matters Blog ====

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Check out these recent entries in the Security Matters blog:

New JPEG GDI+ Scanning Tool

Microsoft released a new tool, the MS024-028 Enterprise Update Scanning Tool, that can help you scan your systems for DLLs that are vulnerable to JPEG GDI+ exploits. The tool also updates the outdated DLLs discovered in the scanning process. Microsoft also released a new article, "GDI+ 1.0 Security Update Overview," that offers an overview of the recent GDI+ fixes and other relevant information.

http://www.winnetmag.com/Article/ArticleID/44253/4425.html

SANS Top 20 Vulnerabilities

SANS released its annual Top 20 list of Internet security vulnerabilities. According to SANS, the list is compiled by consensus of contributors from "government agencies in the UK, US, and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute."

http://www.winnetmag.com/Article/ArticleID/44214/44214.html

==== 4. Instant Poll ====

Results of Previous Poll:

Have you been affected by a recent JPEG GDI+ exploit?

The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 72 votes.

- 1% Yes

- 50% No, we've patched our systems

- 3% No, we've patched our systems and removed vulnerable JPEG images

- 29% No

- 17% I'm not certain

New Instant Poll:

Do you use Mac OS X on your network?

Go to the Security Hot Topic and submit your vote for

- Yes

- No, but we intend to

- No

- I'm not sure

http://www.windowsitpro.com/windowssecurity#poll

==== 5. Security Toolkit ====

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: When I run Norton AntiVirus 2005, why do I receive an error stating that the program can't be repaired and must be reinstalled?

Find the answer at

http://www.winnetmag.com/Article/ArticleID/44191/44191.html

Security Forum Featured Thread

A reader needs to create 84 new folders and assign certain NTFS permissions to each of those folders. He's written a simple batch script that creates all the folders, but he doesn't know how to make the script assign appropriate permissions. Join the discussion at http://www.winnetmag.com/Forums/messageview.cfm?catid=42&threadid=126434

==== Events Central ====

(A complete Web and live events directory brought to you by Windows IT Pro at http://www.windowsitpro.com/events )

Get the Inside Secrets to Assuring Policy Compliance

In this free Web Seminar, you'll learn the secrets to keeping up with the latest knowledge on security regulations, vulnerabilities, exploits, and best practices to create an effective policy management lifecycle in your organization. Discover how to reduce risks and secure assets in your IT environment to improve policy compliance. Register now!

http://www.windowsitpro.com/seminars/policycompliance/index.cfm?code=1018annc

==== 6. New and Improved ====

by Renee Munshi, [email protected]

Encrypt Sensitive Files

CadabraSoftware offers P-Encryption Suite 2.2.4, a Windows encryption program that stores all private and sensitive documents in one encrypted file. Emphasizing usability, P-Encryption Suite lets you view or edit a file that's been encrypted by using a plug-in from the program's library or by using the file's default application. You can choose from four encryption algorithms, including 256-bit Advanced Encryption Standard (AES--Rijndael) and 448-bit BlowFish encryption. P-Encryption Suite provides additional privacy solutions, including encrypted email, an encrypted address book, and anti-keystroke-logging protection. P-Encryption Suite runs under Windows 2003/XP/2000/NT 4.0/Me/98 and costs $34.95 for a single-user license (multi-user discounts are available). You can download a free, fully-functional 30-day trial version. For more information, go to

http://www.cadabrasoftware.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]