Skip navigation
Menu
Security

WinInfo Daily UPDATE, March 27, 2003

********************

WinInfo Daily UPDATE--brought to you by the Windows & .NET Magazine Network
http://www.winnetmag.net

********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Windows & .NET Magazine Network Web Seminars
http://www.winnetmag.com/seminars

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: WINDOWS & .NET MAGAZINE NETWORK WEB SEMINARS ~~~~
IT'S SPRING TRAINING AT WINDOWS & .NET MAGAZINE!
Windows & .NET Magazine has new Web seminars to help you address your Active Directory and security issues. There is no fee to attend, but space is limited so register today!
http://www.winnetmag.com/seminars

********************

March 27, 2003--In this issue:

1. NEWS AND VIEWS
- RPC Vulnerability Threatens Windows with DoS Attacks
- OpenOffice.org, StarOffice Betas Hit the Ground Running

2. ANNOUNCEMENTS
- Join The HP & Microsoft Network Storage Solutions Road Show!
- Windows & .NET Magazine Connections: Win A Florida Vacation

3. CONTACT US
See this section for a list of ways to contact us.

********************

1.

NEWS AND VIEWS


(contributed by Paul Thurrott, [email protected])

* RPC VULNERABILITY THREATENS WINDOWS WITH DoS ATTACKS
A recently discovered vulnerability in the remote procedure call (RPC) subsystem in Windows XP, Windows 2000, and Windows NT 4.0 could make the OSs susceptible to Denial of Service (DoS) attacks, Microsoft said yesterday. And although the company has already created a patch for XP and Win2K users, Microsoft says that major changes in RPC since the release of NT 4.0 prevent the company from creating a patch for that OS. Instead, NT 4.0 users can use the workaround described on the Microsoft Web site (see the first URL below).

The RPC service lets applications on a local computer call functions in applications residing on a remote computer in the same network. Microsoft notes in its advisory that taking advantage of a vulnerability in this service, attackers can create an application that can send malformed requests to RPC, causing the RPC service to fail.

This week's RPC vulnerability follows a serious Win2K flaw that Microsoft announced a week ago and that involves ntdll.dll, one of the core Win2K system library files. According to the CERT Coordination Center (CERT/CC), this library file has a buffer-overflow vulnerability that is actively exploited on WWW Distributed Authoring and Versioning (WebDAV)-enabled Microsoft Internet Information Services (IIS) 5.0 servers, which could let remote attackers execute arbitrary code on unpatched systems. The organization recommends that sites running Win2K apply a patch or disable the WebDAV service as soon as possible. You can download the patch from Microsoft's Web site (see the second URL below).

Microsoft Security Bulletin MS03-010: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks
http://www.microsoft.com/technet/security/bulletin/ms03-010.asp

Windows 2000 Security Patch: IIS Remote Exploit from ntdll.dll Vulnerability
http://microsoft.com/downloads/details.aspx?familyid=c9a38d45-5145-4844-b62e-c69d32ac929b&displaylang=en

* OPENOFFICE.ORG, STAROFFICE BETAS HIT THE GROUND RUNNING
OpenOffice.org and Sun Microsystems announced beta releases of upcoming versions of the OpenOffice.org 1.1 and StarOffice 6.1 office productivity suites, respectively, which the organizations hope will provide enterprises with the features they need to drop Microsoft Office. OpenOffice.org is the open-source--and free--version of the suite and the version on which the commercial StarOffice is built. Both suites include Microsoft Office-compatible word processing, spreadsheet, presentation, and drawing applications; StarOffice adds a database application and other unique features.

Both products include support for a variety of new data formats, including the increasingly ubiquitous Adobe Acrobat PDF, Macromedia Flash, DocBook, several PDA Office file formats, flat XML and XHTML, and support for more than 10 new languages. Other features, including a new macro recorder, seem to be lifted straight from the Microsoft Office playbook. And both suites will offer full compatibility with all the native data formats that Microsoft Office 2003 supports, Sun says, although those features aren't complete in the current beta releases.

The StarOffice beta also includes a new software development kit (SDK) to help businesses create custom solutions. Sun says that the SDK will help position StarOffice as a better alternative to Microsoft Office and the recently reenergized Corel WordPerfect Office. Until now, Sun and OpenOffice.org have seen little uptake with PC makers, who are the leading delivery vehicles for office productivity suites. However, both suites have proven popular with governments and educational institutions, especially in markets such as Europe and developing nations such as China.

Both beta releases are available for free at the URLs below. The OpenOffice.org 1.1 beta release is a 59MB download; the StarOffice beta includes a core download (106MB), an optional Adabas database download (21MB), and PDF-based installation instructions. Note that the StarOffice 6.1 beta expires in September.

OpenOffice.org 1.1 beta
http://www.openoffice.org

Sun StarOffice 6.1 beta
http://wwws.sun.com/software/star/staroffice/beta

2.

ANNOUNCEMENTS


(brought to you by Windows & .NET Magazine and its partners)

* JOIN THE HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW!
Now is the time to start thinking of storage as a strategic weapon in your IT arsenal. Come to our 10-city Network Storage Solutions Road Show, and learn how existing and future storage solutions can save your company money--and make your job easier! There is no fee for this event, but space is limited. Register today!
http://www.winnetmag.com/roadshows/nas

* WINDOWS & .NET MAGAZINE CONNECTIONS: WIN A FLORIDA VACATION
Simply the best lineup of technical training for today's Windows IT professional. Register now for this exclusive opportunity to learn in-person from the Windows & .NET Magazine writers you trust. Attendees will have a chance to win a free Florida vacation for two. Register today and you'll also save $300.
http://www.winconnections.com

3.

CONTACT US


Here's how to reach us with your comments and questions:

* ABOUT NEWS AND VIEWS -- [email protected]
* ABOUT THE NEWSLETTER IN GENERAL -- [email protected] (please mention the newsletter name in the subject line)
* TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums
* PRODUCT NEWS -- [email protected]
* QUESTIONS ABOUT YOUR WININFO DAILY UPDATE SUBSCRIPTION? Email Customer Support -- [email protected]
* WANT TO SPONSOR WININFO DAILY UPDATE? [email protected]

********************

This daily email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
http://www.winnetmag.com/sub.cfm?code=wswi201x1z

Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
http://www.winnetmag.com/email

|-+-+-+-+-+-+-+-+-+-|

Thank you for reading WinInfo Daily UPDATE.
Copyright 2003, Penton Media, Inc.

TAGS: Security
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024