Security UPDATE: Windows 2000 and Windows NT Leaked to the Web

==== This Issue Sponsored By ====

Be Proactive with Real-Time Monitoring

Free Download: Shavlik Security Patch Management


* In Focus: Will Leaked Code Increase Security Risks?

* Security News and Features - Recent Security Vulnerabilities - News: Windows 2000 and Windows NT Leaked to the Web - News: More Security Patches on the Way for Microsoft Platforms - News: Controversial Microsoft Security Fixes Have Company on Security Defensive - News: Security Webcasts for Microsoft Developers

* New and Improved - Combine Software and Hardware for Integrated Security - Increase Security with Real-Time Reporting

==== Sponsor: TNT Software's ELM Enterprise Manager ====
There are two ways to manage your critical systems: Reactive and Proactive. ELM Enterprise Manager supports the latter. ELM Enterprise Manager is the affordable solution that monitors the health and status of your systems and alerts you in time to take prompt corrective action. Imagine the time savings and productivity increases when event frequencies, performance trends, state changes, and quality of service breaches are clearly displayed and easily accessible. Equally important, be notified while the threat is small. Be proactive, download your FREE 30-Day license of ELM Enterprise Manager NOW and start experiencing the benefits for real-time monitoring.


==== In Focus: Will Leaked Code Increase Security Risks? ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

Last week was interesting in the Windows world for two reasons. The first reason, which I'm sure you're aware of by now, is that somehow, Windows source code was leaked to the Internet. The news story "Windows 2000 and Windows NT Leaked to the Web" below has a link to more information about this event.

Many are concerned that having the source code out in the open will play into the hands of unscrupulous individuals looking for holes to exploit. The amount of leaked code is substantial, but the code appears to be an older version of Windows. Because Microsoft has released service packs and hotfixes since the code was written, some are hoping the leak won't result in many new security vulnerability discoveries.

Another obvious problem with the code release is that Microsoft's intellectual property has been stolen and made public. If a programmer views the code and later either intentionally or inadvertently replicates it into some other body of code, any entity that relies on that body of code could be in for significant ramifications down the road.

One can look at the open-source code community for an idea of how much security trouble and plagiarism might result from the leak. Open-source code is there for anybody to look at, and even so, the number of vulnerabilities found and exploited isn't that much different when compared with the number found in Windows. Open-source code also hasn't resulted in any significant level of plagiarism. Of course, the SCO Group is suing various entities for infringement, but so far the company's allegations haven't been proven. That could change; we'll have to wait and see.

I think most security practitioners will agree that obscurity doesn't provide much security. Obscurity offers protection only from less sophisticated predators. As we've seen, plenty of people who've never seen Microsoft's source code have found vulnerabilities by probing the outside--the compiled runtime code.

The second reason that last week was interesting was the reported security vulnerability in Microsoft's ASN.1 implementation, which was discovered by eEye Digital Security (see the two related news items below). The problem could let an intruder access a computer under the security context of the all-powerful System account.

eEye worked with Microsoft to correct the problem while keeping quiet about the exact details. Microsoft released a patch for the problem only about a week ago, so surely many systems aren't yet patched. Those systems are vulnerable to an exploit released by someone who reverse-engineered the ASN.1 problem. So far, the exploit code tries to attack only ports 139 and 445 and typically causes a Denial of Service (DoS) on an affected machine by crashing the Lsass.exe process. However, somebody could tweak the code into something more sinister.

I know of only one piece of advice that can help protect all of us. When Microsoft releases a security patch or workaround or offers advice on how to better protect a system, we all must listen and act.


==== Sponsor: Free Download: Shavlik Security Patch Management ====
Install the latest critical Microsoft security patch today with HFNetChkPro. A free, fully functional, no time-out version of HFNetChkPro is available to help you automate the delivery and testing of this critical patch. HFNetChkPro offers unlimited scanning, a complete GUI and Shavlik's exclusive PatchPush capabilities. Save time on patch deployment, ensure systems are fully protected and safeguard your systems from remote code execution, identity spoofing, arbitrary code execution and other attacks. Its free, and it simplifies patch management without agents. Learn more and download the free version of HFNetChkPro at


==== Announcements ====
(from Windows & .NET Magazine and its partners)

Try a Sample Issue of Security Administrator!
Security Administrator is the monthly newsletter from Windows & .NET Magazine that shows you how to protect your network from external intruders and control access for internal users. Sign up now to get a 1-month trial issue--you'll feel more secure just knowing you did. Click here!

Download the Latest eBook--"Best Practices for Managing Linux and UNIX Servers"
This free eBook will educate systems managers about how to best approach the complex realm of Linux and UNIX management and performance monitoring. You'll learn core issues such as configuration management, accounting, and monitoring performance with an eye toward creating a long-term strategy for sustainable growth.


==== Sponsor: Virus Update from Panda Software ====
Are your traditional antivirus solutions really protecting your network? Panda Antivirus GateDefender is a dedicated hardware device installed at the Internet gateway to block viruses before they contaminate your network. It scans 7 different communication protocols, achieving optimum protection against external attacks. Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus GateDefender 7200 (500 seats+) provide the highest scalability with native load balancing that transparently adapts to traffic volume.
Visit "Panda's GateDefender Stands Guard!" at for more information.


==== Security News and Features ====

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

News: Windows 2000 and Windows NT Leaked to the Web
The story first broke on the Neowin Web site, and late last Thursday, Microsoft confirmed that portions of Windows 2000 and Windows NT 4.0 source code were leaked to various Web sites.

News: More Security Patches on the Way for Microsoft Platforms
Microsoft recently released a patch for problems with the ASN.1 library, a Windows component that interacts with multiple Windows features, including file sharing and digital certificates. Researchers at eEye Digital Security discovered the ASN.1 problem, and it's not the only problem they've discovered that will be patched by Microsoft. At least seven more security patches are on the horizon for Windows platforms.

News: Controversial Microsoft Security Fixes Have Company on Security Defensive
Last week, Microsoft issued its planned monthly set of security updates, but Paul Thurrott writes that this month, the updates are more serious and controversial than usual. One of the fixes, for the ASN.1 library as mentioned above, is rated as critical and applies to "an extremely deep and pervasive technology in Windows" that attackers can compromise to take over PCs. The flaw was discovered 7 months ago but was fixed only this week. Security experts describe the flaw as one of the most devastating ever, and Microsoft recommends that all users download and install the patch for this problem as soon as possible.

News: Security Webcasts for Microsoft Developers
This week is "Developer Security Webcast Week" at Microsoft. The company is offering a series of security-related Webcasts aimed at developers. You can see a list of the topics at the URL below and register to attend at the Microsoft Developer Network (MSDN) Web site.

==== Security Toolkit ====

Virus Center
Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.

Virus Alert: Nachi.B; DoomHunter.A; Deadhat.B; and Mitglieder.A
In the time span of only a few hours, PandaLabs detected the appearance of four new worms related to the epidemic caused by the MyDoom worms. The new worms are Nachi.B, DoomHunter.A, Deadhat.B, and Mitglieder.A. The first two worms try to remove MyDoom, and the latter two worms try to enter a system through backdoors created by MyDoom. For details about these new worms, go to

FAQ: How Can I Move a Computer Account from One Domain to Another?
by John Savill,

A. The Netdom command-line tool lets you move a computer account from one domain to another. For example, in the command

netdom move compmoveme /domain child1 /ud:[email protected] /pd:xxxxx

the /domain switch identifies the target domain to move the object to and the /ud and /pd switches identify the account and password, respectively, to use for the specified domain. To see other options for Netdom, type

netdom move /?

at the command line.

Featured Thread: ACL Utility
(Two messages in this thread)
Jim is looking for an enterprisewide utility that will read the ACLs on his folders and let him export or print the list. Lend a hand or read the responses:

==== Events Central ====
(A complete Web and live events directory brought to you by Windows & .NET Magazine: )

New Web Seminar--Realizing the Return on Active Directory
Join Mark Minasi and Indy Chakrabarti for a free Web seminar and discover how to maximize the return on your Active Directory investments and cut the cost of security exposures with secure task delegation, centralized auditing, and Group Policy management. Register now and receive NetIQ's free "Securing Access to Active Directory-A Layered Security Approach" white paper.

==== New and Improved ====
by Jason Bovberg, [email protected]

Combine Software and Hardware for Integrated Security
CrypKey announced Casper BlackBox, a license-management solution that provides copy protection, automated transaction authorization, and prepaid serial number or credit card processing--as well as the hardware to run it. Essentially a small computer that's slightly smaller than a notebook, Casper BlackBox features CrypKey Automated Software Purchasing & Electronic Registration (Casper) software, which offers e-commerce capability by automating the authorization and purchase of CrypKey-protected products by either serial number or credit card processing. Vendors can customize security specifications (which CrypKey then preconfigures on the hardware) and simply plug Casper BlackBox into their network, permitting CrypKey software to manage product licensing and authorization activities 24 x 7. Casper BlackBox eRegister offers automatic authorization and verification of CrypKey-protected products using serial numbers. Casper BlackBox eCommerce provides automatic authorization and verifies credit card processing of CrypKey-protected products. For more information about Casper BlackBox, contact CrypKey on the Web.

Increase Security with Real-Time Reporting
Hypersoft Information Systems announced OmniAnalyser 8.0, the latest version of its real-time Windows NT monitoring software. Timely data about system errors and warnings, as well as application-generated information, is essential for system optimization. OmniAnalyser 8.0 provides real-time monitoring of valid and invalid system logons, access to files and folders, and changes to accounts and groups. You can audit attempts by a particular user to read a certain file, changes in security settings, and the creation and deletion of specific objects. Information about such events appears on a Web server; thus, you can check data at any time without searching through Event Viewer. For more information about OmniAnalyser 8.0, contact Hypersoft Information Systems on the Web.

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]


==== Sponsored Links ====

Free Trial - Fast and Easy Network Management. - NetSupport DNA;7276793;8214395;y?


==== Contact Us ====

About the newsletter -- [email protected]
About technical questions --
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring Security UPDATE -- [email protected]

This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

Manage Your Account You are subscribed as #EmailAddr#.

You received this email message because you asked to receive additional information about products and services from the Windows & .NET Magazine Network. To unsubscribe, send an email message to mailto:[email protected] Thank you!

View the Windows & .NET Magazine privacy policy at

Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street,
Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.