Security UPDATE, September 17, 2003


==== This Issue Sponsored By ====

Shavlik HFNetChkPro Patch Management

TNT Software


1. In Focus: Digital Rights Management

2. Security Risks - Arbitrary Code Execution and Denial of Service in Microsoft RPCSS - Weak Authentication in SNMPc

3. Announcements - Active Directory eBook Chapter 4 Published! - New Web Seminars on Exchange, Active Directory, and More!

4. Security Roundup - News: Here We Go Again: Microsoft Issues New Security Fix - Feature: IIS Application Authentication Security - Feature: Readers' Choice Awards

5. Instant Poll - Results of Previous Poll: Rolling Out Service Packs - New Instant Poll: DRM Use

6. Security Toolkit - Virus Center - FAQ: How Do I Detect and Remove Remote Access Trojans?

7. Event - New--Mobile & Wireless Road Show!

8. New and Improved - Protect Small Offices from Online Risks - Secure Confidential Data - Tell Us About a Hot Product and Get a T-Shirt

9. Hot Threads - Windows & .NET Magazine Online Forums - Featured Thread: DoS Attack Defense - HowTo Mailing List: - Featured Thread: Is It Possible to Restrict Logon Times?

10. Contact Us See this section for a list of ways to contact us.


==== Sponsor: Shavlik HFNetChkPro Patch Management ==== Get Patched Now with Shavlik HFNetChkPro Immediately deploy critical patches, including MS03-039, with Shavlik HFNetChkPro patch management software and make a powerful impact on your enterprise security. HFNetChkPro is a must-have for any busy network administrator in charge of security updates. Its easy-to-use interface makes patch management a breeze. Create machine groups or patch groups for quick scanning and deployment and produce management reports in minutes. Download the free version of HFNetChkPro with no time-outs at


==== 1. In Focus: Digital Rights Management ==== by Mark Joseph Edwards, News Editor, [email protected]

Last week, I mentioned the suite of productivity tools. A reader raised the question of whether any Digital Rights Management (DRM) features are in progress for that platform. It's a good question. I don't know of any current DRM projects directly related to, but that doesn't mean they don't exist or won't exist in the future.

Several DRM efforts not directly related to are underway. As you probably know, Microsoft is developing its own implementations of DRM technology, and they promise to be a powerful way of placing restrictions on many kinds of content. The new Microsoft Office 2003 suite ( ) contains DRM features.

For example, Office Word 2003 contains information rights management functionality that lets a document owner define how recipients can handle documents in terms of forwarding, copying, and printing them and determine expiration dates for those permissions. A document owner can also designate sections of a document that only certain people can change, force the use of revision marks for changes, and force the use of certain formatting and styles. Microsoft has integrated the same type of functionality into Office Excel 2003 and Office Outlook 2003.

If you want to use Office 2003's rights management features, your network must implement Windows Rights Management Services (RMS) for Windows Server 2003. RMS is based on the Extensible Rights Markup Language (XrML), which is a method for defining rights and policies. You can learn more about RMS at the first URL below. You'll find RMS add-ons for Windows clients and Microsoft Internet Explorer (IE) at the second URL below, along with links to other Microsoft Web pages related to RMS technologies. Keep in mind that RMS currently is available only in limited beta; however, Microsoft says that it expects to release the technology sometime this year. I suppose that unless the company pushes the date back, that means within the next 3 months.

While I was looking for projects supporting DRM, I came across an interesting Web site, Cover Pages, that has a section dedicated to DRM technology and associated topics. The Organization for the Advancement of Structured Information Standards (OASIS) hosts the site.

At the site, you'll find links to two dozen DRM-related projects, including OASIS Rights Language, Open Digital Rights Language (ODRL), Extensible Rights Markup Language (XrML), Digital Property Rights Language (DPRL), MPEG Rights Expression Language and Data Dictionary, Open Ebook Initiative Rights and Rules Working Group, Electronic Book Exchange (EBX) Working Group, and many others.

Also at the site, you'll find links to DRM-related events and a list of news stories, papers, and other articles. The site is kept current with timely and relevant information, so consider bookmarking it, or use Cover Pages' Remote Storage Service (RSS) feed, which is available in XML format and uses the RSS 0.91 format. The feed is available at the first URL below. Alternatively, if you use RSS feed reading software that has Web page scraping functionality (such as Syndirella), you might want to scrape the news headlines page at the second URL below.

For loads of information regarding DRM in general, check a major search engine, such as, where you'll find plenty of links to facts, opinions, news stories, resource sites, editorials, and more. I think DRM can be useful at times, but keep in mind that although many major vendors support the DRM concept, DRM also provokes a lot of industry criticism. To obtain a more balanced viewpoint, be sure to read some critical opinions too. In addition to using the basic search URL below, also use the search engines at some of the major computing news outlets that focus on cross-platform coverage of the computing industry.


==== Sponsor: TNT Software ==== FREE Download: Automate Event Log Monitoring Automate event log monitoring, provide real-time intrusion detection, and satisfy mandated auditing requirements all with TNT Software's ELM Log Manager. Preferred by small businesses because of its ease of use and Fortune 500 companies because of its reliability, ELM 3.1 is the affordable solution with the scalability to consolidate MILLIONs of events and Syslog messages a day, display them in custom views, launch critical alerts, and schedule reports. Download your FREE 30 day fully functional evaluation software NOW and start experiencing the benefits of automated log monitoring.


==== 2. Security Risks ==== contributed by Ken Pfeil, [email protected]

Arbitrary Code Execution and Denial of Service in Microsoft RPCSS eEye Digital Security, the NSFOCUS Security Team, and Xue Yong Zhi and Renaud Deraison from Tenable Network Security have discovered that three new vulnerabilities exist in the part of Remote Procedure Call Subsystem (RPCSS) Service that deals with RPC messages for Distributed COM (DCOM) activation. Two of these vulnerabilities could allow arbitrary code execution on the vulnerable system. The third vulnerability could result in a Denial of Service (DoS) condition. Microsoft has released Security Bulletin MS03-039 (Buffer Overrun In RPCSS Service Could Allow Code Execution), which addresses these vulnerabilities and recommends that affected users immediately apply the appropriate patch listed in the bulletin. This patch supersedes the patch listed in Microsoft Security Bulletin MS03-026 (Buffer Overrun In RPC Interface Could Allow Code Execution).

Weak Authentication in SNMPc Alexander V. Nickolenko discovered that a vulnerability in Castle Rock Computing's SNMPc 6.0.8 and earlier can let any remote user gain Supervisor access to the vulnerable system. This vulnerability is a result of a weak authentication protocol. Castle Rock has released fixes for versions 6.0.8 and 6.0.5 and a full version fix for release 5.1.


==== Sponsor: Virus Update from Panda Software ==== Check for the latest anti-virus information and tools, including weekly virus reports, virus forecasts, and virus prevention tips, at Panda Software's Center for Virus Control.

Viruses routinely infect "fully protected" networks. Is total protection possible? Find answers in the free guide HOW TO KEEP YOUR COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter networks, what they do, and the most effective weapons to combat them. Protect your network effectively and permanently - download today!


==== 3. Announcements ==== (from Windows & .NET Magazine and its partners)

Active Directory eBook Chapter 4 Published! The fourth chapter of Windows & .NET Magazine's popular eBook "Windows 2003: Active Directory Administration Essentials" is now available at no charge! Chapter 4 looks at what's inside Windows Server 2003 forests and DNS. Download it now!

New Web Seminars on Exchange, Active Directory, and More! Check out the latest lineup of Web seminars from Windows & .NET Magazine. Prepare your enterprise for Exchange Server 2003, discover the legal ramifications of deterring email abuse, and find out how Active Directory can help you create and maintain a rock-solid infrastructure. There is no charge for these events, but space is limited, so register today!

==== 4. Security Roundup ====

News: Here We Go Again: Microsoft Issues New Security Fix In July, Microsoft released a critical security fix, warning users that attackers could use the specified vulnerability to take over users' systems and wreak havoc on the Internet. A month later, the infamous MSBlaster worm exploited that vulnerability. Yesterday, Microsoft released another critical security patch that fixes a vulnerability that's painfully similar to the one that led to MSBlaster. If you didn't feel sufficiently warned the first time around, says Paul Thurrott, you should feel that way now and install this fix immediately.

Feature: IIS Application Authentication Security In today's atmosphere of security hysteria, security is such a broad topic that we can't hope to find a one-stop shopping center for learning how to protect our systems. Even the security experts concentrate on only one or two major security areas or levels because they can't possibly be experts on every security-related thing. In this article, Tim Huckaby discusses the narrow topic of the various levels of Microsoft IIS application authentication security.

Feature: Readers' Choice Awards Reader response to our second annual Readers' Choice Awards was gratifying. We asked you to let us know which products and services merit your confidence and support. In response, nearly 7800 of you--almost quadruple the number who responded to last year's Readers' Choice Awards survey--voted on products in 16 general categories: storage, training and certification, utilities, Web-based services, security, systems management, messaging, network infrastructure, network management, remote computing, telephony, business applications, client hardware, development tools, disaster-recovery tools, and Internet and intranet solutions. Within these 16 categories, you chose 84 of the best products among hundreds of products and services. In addition, you voted for five special awards: Best Hardware, Best Software, Most Innovative Product, Best Service/Support, and Rookie of the Year. To view the winners of the security category, visit the first URL below. To view winners in other categories, visit the second URL below, where you'll find individual articles for each category covered.

==== 5. Instant Poll ====

Results of Previous Poll: Rolling Out Service Packs The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "What is your primary method of rolling out service packs?" Here are the results from the 175 votes. - 21% Software Update Services (SUS) by itself - 11% Systems Management Server (SMS), or SMS with SUS - 15% Scripts and/or Group Policy - 38% Windows automatic updates - 14% Third-party tools (Deviations from 100 percent are due to rounding.)

New Instant Poll: DRM Use The next Instant Poll question is, "Is your company using or planning to use Digital Rights Management (DRM)?" Go to the Security Administrator Channel home page and submit your vote for a) We have a DRM application in production, b) We're experimenting with DRM, c) We see some possible applications for DRM but aren't working with it yet, or d) We aren't interested in DRM.

==== 6. Security Toolkit ====

Virus Center Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.

FAQ: How Do I Detect and Remove Remote Access Trojans? Remote access Trojans are dangerous because they can gather confidential financial information from computers and a network. To learn about some of the more common Trojans, how to detect them, and how to clean up after them, read Roger Grimes's article, "Danger: Remote Access Trojans."

==== 7. Event ====

New--Mobile & Wireless Road Show! Learn more about the wireless and mobility solutions that are available today! Register now for this free event!

==== 8. New and Improved ==== by Sue Cooper, [email protected]

Protect Small Offices from Online Risks Symantec announced Norton Internet Security 2004 Professional, an online security and privacy suite for your small office/home office (SOHO). This tightly integrated suite includes Symantec's antivirus, firewall, intrusion detection, privacy protection, spam filtering, and content filtering solutions. Data recovery capability protects and restores your applications and files from accidental deletion and virus damage. Data cleaning features remove traces of deleted confidential files. One license of Norton Internet Security 2004 Professional costs $99.95, and 5- and 10-user packs have estimated prices of $449.95 and $799.95, respectively. The software is expected to be available in mid-September at and from other retailers.

Secure Confidential Data NEC Solutions released the NEC MobilePro Tricryption System, a three-layered data security solution for health care or enterprise applications. You can add it on top of a preexisting database to encrypt database entries so that they're protected if a network security system or firewall is breached. You can encrypt individual fields within a record separately, so a search application need not unencrypt an entire record or database to locate a field. Features include dynamic data security, secure content delivery, a unique key per transaction, complete access control with real-time audit trails, and rights ownership that's enforced onto the key itself. For more information, go to or call 888-632-8701.

Tell Us About a Hot Product and Get a T-Shirt Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

==== 9. Hot Threads ====

Windows & .NET Magazine Online Forums

Featured Thread: DoS Attack Defense (Four messages in this thread) Mikes wants to know how to mount a defense against a Denial of Service (DoS) attack on his server and network. Lend a hand or read the responses:

HowTo Mailing List

Featured Thread: Is It Possible to Restrict Logon Times? (Five messages in this thread) Chris wants to know whether you can limit an account on a Windows 2000 Professional system so that a user can log on locally only at certain times of the day. He doesn't want to set a BIOS password but is looking for a Windows-based solution, perhaps some type of script, configuration, or freeware or shareware program. Lend a hand or read the responses:


==== Sponsored Links ====

Aelita Software Free message-level Exchange recovery web seminar October 9th;6098474;8214395;v?

CrossTec Free Download - NEW NetOp 7.6 - faster, more secure, remote support;5930423;8214395;j?

MailFrontier Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.;6080289;8214395;q?


==== 10. Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]

=============== This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing Windows and related technologies. Subscribe today.

__________________________________________________________ Copyright 2003, Penton Media, Inc.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.