Security UPDATE--Tracking Zero-Day Vulnerabilities--December 13, 2006


St. Bernard's Very Best Offer on Web Filtering

The Starter PKI Program

Manage Vulnerabilities. Defend Against Threats.



IN FOCUS: Tracking Zero-Day Vulnerabilities


- FastMP3Search Dubbed Baddest of the Bad

- Websense Now Protects Citrix-based Virtual Applications

- Microsoft Word Vulnerable to Remote Code Execution

- Recent Security Vulnerabilities


- Security Matters Blog: Zero-Day Tracker

- FAQ: A PowerShell Command's Function

- From the Forum: Seeking IDS Suggestions

- Share Your Security Tips

- IT Pro of the Month--November 2006 Winner


- Improved Spam Filter for Postfix

- Wanted: Your Reviews of Products




=== SPONSOR: St. Bernard Software


St. Bernard's Very Best Offer on Web Filtering

Get the IDC-rated #1 Web filtering appliance and save with this great Holiday offer. For a limited time, get the iPrism Internet Filtering Appliance free with a 2-year subscription. Or, buy a 3-year subscription and get the appliance plus a fourth year of subscription free. iPrism is the easy-to-use filtering solution that stops Internet-based threats. Get our best deal ever, get a Quick Quote now!

=== IN FOCUS: Tracking Zero-Day Vulnerabilities


by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Zero-day vulnerabilities (vulnerabilities that are published before the vendor has made a fix available) have been a part of computing since computers were invented. Publishing information about vulnerabilities too soon places the public at extreme risk, so you need to know about zero-day vulnerabilities as soon as possible.

You can learn about new vulnerabilities through many channels. Mailing lists are the primary method for disclosing zero-day vulnerabilities, so you should subscribe to those lists that you think are important for your security work. Web sites are another source of information about zero-day vulnerabilities, and several track both vulnerabilities and associated exploit code.

eEye Digital Security recently launched a new site called Zero-Day Tracker. Although the eEye Research Team doesn't always post zero-day vulnerabilities on day zero, you will find that new vulnerabilities do appear on the site within a few days of their publication. What I find most interesting about the site is that not only can you use it to learn about new vulnerabilities, but you can use it to mine data related to how vendors respond to zero-day vulnerabilities.

The site tracks the date of publication of new zero-day vulnerabilities along with their perceived severity level, and eventually the date the vendor releases a patch. This data provides a clear view of how long the public is exposed to a given risk before the vendor provides some sort of official fix to correct the problem.

For example, a quick glance at the site shows five high-risk vulnerabilities in Microsoft products for which there is no patch. As I write this, the newest of those is a Word vulnerability published a couple days ago, and the oldest is a problem with an ActiveX control in Visual Studio 2005 that has remained unpatched for 124 days.

You can view similar data for vulnerabilities for which the vendor has released a patch. And the site doesn't confine itself to Microsoft vulnerabilities, it also lists other mainstream vendors that provide solutions for Windows platforms. So if you need to catch up on new vulnerabilities and exploits for Windows-related products, the site is a good place to visit. Consider bookmarking it.

Speaking of zero-day vulnerabilities, Windows Vista, recently released to enterprises, has one, but it primarily affects Microsoft itself and not so much the users of Vista.

Microsoft publishes a key management service that lets enterprise users of Vista handle product activation without contacting Microsoft. With the key management service in place, Vista periodically contacts the service to keep the OS activated, and therein resides the vulnerability.

Someone figured out how the key management service works, created a hacked version, and published it on the Internet as an easily loadable virtual machine (VM) image. So now people can download a copy of that VM, place it on their network, and effectively run pirated copies of Vista. This of course will cost Microsoft a lot of money in lost licensing fees.

You might consider taking a look at the VM to figure out ways to detect it so that you can ensure that nobody runs a copy on your network. You can find a link to it on various Torrent tracker sites and standalone Web sites. To find related info, search the Internet for the string "Microsoft.Windows.Vista.Local.Activation.Server-MelindaGates".

=== SPONSOR: Thawte


The Starter PKI Program

Securing multiple domains or host names? Learn how the Starter PKI program can save time and reduce costs, and provide you with a multiple digital certificate account.



FastMP3Search Dubbed Baddest of the Bad undertakes an initiative to fight a plug-in that secretly disables Windows Firewall and downloads several other malware packages.

Websense Now Protects Citrix-based Virtual Applications

Websense Enterprise and Websense Web Security Suite have been integrated with Citrix Presentation Server 3.0 and 4.0 to protect browsers, email clients, and other applications.

Microsoft Word Vulnerable to Remote Code Execution

A newly reported vulnerability in Microsoft Word could allow an intruder to launch remote code on an affected system.

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

=== SPONSOR: Core Security


Manage Vulnerabilities. Defend Against Threats.

Your IT and Security budgets are tight. This White Paper shows real-world case studies demonstrating the ROI potential of automated penetration testing.




by Mark Joseph Edwards,

eEye Digital Security has a new Zero-Day Tracker Web site. Now if it would only post information about zero-day vulnerabilities on day zero....

FAQ: A PowerShell Command's Function

by John Savill,

Q: How can I determine what a Windows PowerShell command will do?

Find the answer at

FROM THE FORUM: Seeking IDS Suggestions

A forum participant is looking for both a host-based and network-based intrusion detection system (IDS). Any recommendations or experiences to share? Offer your input at:


Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

IT PRO OF THE MONTH--November 2006 Winner

Congratulations to Simon Zeltser, who was voted the November 2006 "IT Pro of the Month." Adapting a solution he found in Windows Scripting Solutions, Simon developed what he calls a ProfileBackup solution, which executes in two phases: backup and restore. He was able to upgrade more than 1500 PCs remotely, saving the IT staff time and the company money. To learn more about Simon's solution and to find out how you can become the next IT Pro of the Month, please visit:



by Renee Munshi, [email protected]

Improved Spam Filter for Postfix

Message Partners announces Message Processing Platform (MPP) 3.0, which introduces an integrated pre- and postqueue spam filter for Postfix, an open-source email server used by service providers and enterprises for their email-filtering proxies. MPP 3.0's new Postfix Policy Server adds the ability to make prequeue admission decisions for many types of email messages (including multirecipient and multidomain). In addition to the Postfix Policy Server functionality, MPP 3.0 can automatically replace message attachments with a link to the server (to save bandwidth) and includes several other features. For more information, go to

WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to [email protected] and get a Best Buy gift certificate.



For more security-related resources, visit

No IT pro today works in a completely homogeneous environment, and with virtualization, your chances of dealing with multiple OSs is increasing. Attend TechX World--available online December 14--and find out about virtualization, OS interoperability, directory and security integration, and data interoperability. Register today for free!

Sure, you know you've got compliance mechanisms in place. But do you have ways to easily and efficiently prove that your mechanisms are working? Join us for this free seminar to learn how you can demonstrate regulatory compliance for multiple regulations with fewer headaches. You'll also find out what "evidence" means to the auditor and make sure that you're collecting all the information you need!

Maximize your investment in your VoIP network by using all of its capabilities. Learn to integrate Fax for IP to reduce TCO and increase ROI for your investment. On-Demand Web Seminar

Discover a wealth of information about how to protect and secure your data in the event of a disaster. You may not be able to predict the exact details of a disaster, but you can be prepared with a solid response for when one strikes. Disaster can strike anywhere--not just where severe weather can hit--so make sure you're ready when it does. Download your free copy of this eBook today!

Information is the "I" in "IT." Do you know where your information is? Is it protected? Backed up? Download this free podcast today to find out the top 5 reasons that you should be considering storage consolidation.



The average enterprise spends nearly $10 million annually on IT compliance. Download this free white paper today to streamline the compliance lifecycle, and dramatically reduce your company's costs!

Bonus: Register for any white paper from Windows IT Pro during December, and you could win a Nintendo Wii! View the full list of white papers at -- and remember, the more you download, the better your chances of winning.



Holiday Offer--Save $40 off Windows IT Pro

Don't miss Windows IT Pro magazine in 2007! As a subscriber, you'll have full access to must-have content covering Windows Vista deployment, virtualization and disaster recovery, Active Directory enhancements, Office 2007, SharePoint fundamentals, and much more. Order now and save $40:

Make Your Mark on the IT Community!

Nominate yourself or a peer to become an "IT Pro of the Month." This is your chance to get the recognition you deserve! Winners will receive over $600 in IT resources and be featured in Windows IT Pro magazine and the TechNet Flash email newsletter. It's easy to enter--we're accepting January nominations now for a limited-time! Submit your nomination today:


Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).

Subscribe to Security UPDATE at

Unsubscribe by clicking

Be sure to add [email protected] to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- [email protected]

About technical questions --

About your product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.