To make sure that your copy of Security UPDATE isn't mistakenly blocked by antispam software, add [email protected] to your list of allowed senders and contacts.
This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.
Hardware is the Safest Way to Filter
Protecting Your Company by Managing Your Users' Internet Access
1. In Focus: Will Microsoft Update Its Update Release Process?
2. Security News and Features
- Recent Security Vulnerabilities
- The Auditor Security Collection
- Hotmail Drops McAfee for Trend Micro
3. Security Matters Blog
- Santy Claws at Vulnerable Web Sites
- Discovering 44 Security Holes Doesn't Make the Grade
4. Instant Poll
5. Security Toolkit - FAQ
- Security Forum Featured Thread
6. New and Improved
- Protect Private Data
==== Sponsor: Hardware is the Safest Way to Filter ====
If you're using a software product to filter Internet access for your organization, there is a better way. With iPrism from St. Bernard, you get a true appliance solution requiring no extra hardware or software. Security is assured with automatic updates sent daily. The superior interoperability of iPrism means a seamless interface on any network. Download five free Web tools and find out how you can add a free year to your subscription. Act now to qualify for this limited time offer!
==== 1. In Focus: Will Microsoft Update Its Update Release Process? ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
In last week's edition of the newsletter we included a news story, "Critical Update for Windows Firewall Flies Under the Radar," that discusses a critical update for Microsoft's Windows Firewall. The critical update was released to the company's Automatic Update, Windows Update, and Download Center 1 day prior to the company's regular monthly release of security bulletins.
Soon after the publication of the news story, a Microsoft spokesperson contacted Windows IT Pro Magazine to clarify why the critical Windows Firewall update wasn't included in the monthly bulletin release. Apparently, the update fell through some cracks in the company's policies and procedures.
Microsoft said that the update was developed and released by the Windows team and not the security team and the Windows team didn't communicate with the security team as well as it could have. Microsoft said that because it wasn't as transparent about the update as it could have been, "we gave the impression that we were trying to slip something in, which was not our intent."
Whether this incident leads to a change in the type of content that will be included in the company's monthly security bulletins, I don't know. In any event, Microsoft is working to update its update release procedures and communication among its teams.
A few expressed their concern that such a critical update wasn't included as a security bulletin. You might think that security bulletins would include all security issues regardless of why such an issue exists. Microsoft said that the update didn't meet the bar for monthly bulletin releases because it doesn't address a "code vulnerability"--rather, it represents a change to the underlying behavior of the firewall. Apparently "code vulnerability" means a coding error or bug rather than bad behavior.
I think most of you will agree that the company could improve its security issue notification process by somehow using it to inform people of all security-related issues regardless of why the issues exist. Microsoft has done a great job so far in improving the security of its software and in communicating with the public about security matters. Even so, there's still room for more improvement--as we've seen with this matter of a critical Windows Firewall update--and I expect Microsoft will take the opportunity to continue with its steady stream of security-related improvements.
What do you think about this matter? Let us know by answering the poll listed in this edition of the newsletter.
Until next time have a great week.
==== Sponsor: Protecting Your Company by Managing Your Users' Internet Access ====
Free White Paper from St. Bernard Software
Companies pay plenty of attention to hardening their servers and networks but pay little attention to how uncontrolled Internet access from within an organization can represent a significant legal and security risk. For example, users who browse a malicious Web site can become infected with a Trojan or other malware without their knowledge as a result of vulnerabilities in Internet Explorer. Internet filtering technology is a key player in mitigating these threats. This white paper discusses the various methods available for Internet filtering and how to use them to increase security and decrease legal exposure. Download this free white paper now!
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
The Auditor Security Collection
Many of us have discovered our favorite tools by word of mouth or while looking for the solution to a particular problem. But as you know, finding a great tool is only half the battle. Why not use a ready-made toolkit? One such kit is the free Auditor security collection, a set of security tools and utilities organized into the following categories: Footprinting, Scanning, Analyzing, Spoofing, Bluetooth, Wireless, Bruteforce, and Password cracker.
Hotmail Drops McAfee for Trend Micro
Microsoft dropped McAfee virus protection technologies from its Hotmail Web-based email service and replaced it with a solution from Trend Micro. With 187 million active users, Hotmail is a huge coup for Trend Micro. Neither Microsoft nor McAfee has issued an explanation for the change. Terms of the deal with Trend Micro have not been revealed.
==== Announcements ====
(from Windows IT Pro and its partners)
Get the Cliffs Notes to Migrating from Novell NDS to Windows Server 2003
Migrating from Novell NDS to Windows Server 2003 means moving from an established directory service to the latest version of Active Directory. Missing a step in the migration process could mean real problems. Use our quick reference guide as a cheat-sheet to help you manage each step of the migration process. Download the guide now.
Sensible Best Practices for Exchange Availability Web Seminar--January 27
If you're discouraged about not having piles of money for improving the availability of your Exchange server, join Exchange MVP Paul Robichaux for this free Web seminar and learn how to maximize your existing configuration. Survive unexpected outages, plan for the unplannable, and evaluate what your real business requirements are without great expense. Register now!
Are You a Hacker Target?
You are if you have an Internet connection faster than 384Kbps. In this free on-demand Web seminar, Alan Sugano will examine two attacks (an SMTP Auth Attack and a SQL Attack) that let spammers get into the network and relay spam. Find out how to keep the hackers out of your network and what to do if your mail server is blacklisted as an open relay. Register now!
Token Authentication: Getting It Right
More and more companies are taking the first steps toward leaving passwords behind and implementing tokens for at least a portion of their users and systems. In this free on-demand Web seminar, join Randy Franklin Smith to find out the advantages of implementing token-based Reduced Sign-On (RSO) and learn how you can you make a solid business case to management that justifies the costs. Get valuable checklists of key evaluation and testing points and critical success factors for rollout time. Register now!
==== 3. Security Matters Blog ====
by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters
Check out these recent entries in the Security Matters blog:
Santy Claws at Vulnerable Web Sites
Dashing through the holes, a new worm designed as play, through the shields it goes, hacking all the way... Read the rest of the jingle in this blog item on our Web site.
Discovering 44 Security Holes Doesn't Make the Grade
What if you were taking a computer science course and a primary requirement is that you must discover 10 new security holes or you won't get a passing grade. Could you do it? Hard to say, right?
==== 4. Instant Poll ====
Results of Previous Poll:
Are Instant Messaging (IM) or peer-to-peer (P2P) threats a problem on your network?
The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 30 votes.
17% - Yes, both are
7% - Yes, IM threats are
20% - Yes, P2P threats are
57% - No
(Deviations from 100 percent are due to rounding.)
New Instant Poll:
Do you think Microsoft should improve its security alerting process?
- Yes, it should send alerts about all security updates
- No, the process works fine for me the way it is
Go to the Security Hot Topic and submit your vote
==== 5. Security Toolkit ====
by John Savill, http://www.windowsitpro.com/windowsnt20002003faq
Q. After I upgraded from Windows 2000 Server to Windows Server 2003, I received an error about the Enterprise Domain Controllers group's access to certain Group Policy Objects (GPOs) in Group Policy Management Console (GPMC). What's causing this error?
Find the answer at
Internet Connection Firewall Configuration Problems
(One message in this thread)
A reader writes that he's using Windows Server 2003 with McAfee Antivirus, and the system also runs Microsoft IIS 6.0. He has tried to implement the Internet Connection Firewall to allow only ports 80 and 3389 for remote desktop use. He said the configuration works fine initially but after 5 to 10 minutes (or a few remote login attempts) some sort of problems arises in which the server won't allow remote logins. IIS continues to respond fine. Can anyone help him determine what the problem is? Join the discussion at:
==== Events Central ====
(A complete Web and live events directory brought to you by Windows IT Pro at http://www.windowsitpro.com/events )
Get Expert Advice on Implementing a Service Management Plan
Our expert panel delivers tips, techniques, and insight to get you closer to a service management plan in this free on-demand Web seminar. Get real-world perspectives on industry trends and examples of how to leverage service management for maximum results and how to implement a plan for your business. Register now!
==== 6. New and Improved ====
by Renee Munshi, [email protected]
Protect Private Data
Dekart offers Dekart Private Disk Multifactor 1.21, software that creates encrypted disk partitions and supports biometric authentication (fingerprint scanning) along with traditional 2-factor authentication. All information written to the encrypted disks is automatically encrypted on the fly. The encryption keys used to access these disks are securely stored on a PIN-protected hardware key. New in version 1.21 are 256-bit Advanced Encryption Standard (AES) encryption, the ability to store your encryption keys on a wide variety of removable storage devices such as USB memory cards and sticks, and Czech, French, German, Polish, and Spanish language interfaces. Dekart Private Disk Multifactor 1.21 supports Windows XP/2000/NT/Me/98/95. A personal or business license costs $49 (volume discounts are available). For more information, visit
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.
==== Sponsored Link ====
Data Protection from NSI and Microsoft
Instant recovery and data protection solutions for Exchange and SQL servers
==== Contact Us ====
About the newsletter -- [email protected]
About technical questions -- http://www.windowsitpro.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring Security UPDATE -- [email protected]
This email newsletter is brought to you by Security Administrator, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2004, Penton Media, Inc. All rights reserved.