There is much computer security related information being released this week, although it is not as harrying as the first week of May. Some new
flavors of old threats have been spotted, a couple of new villains are loose and more security flaws need patching.
Microsoft “Patch of the Month Club”
Microsoft Windows Security Bulletin Summary for May, 2004
Microsoft's Windows XP and Windows Server 2003, its flagship client and server operating systems, are vulnerable to attacks because of a flaw in the
“Help and Support Center” feature. "An attacker who successfully exploited this vulnerability could take complete control of an affected system,"
Microsoft warned. The attack could be triggered by simply visiting a maliciously constructed Web site or viewing an e-mail message.
Technical Details from Microsoft:
MS04-015 - Vulnerability in Help and Support Center Could Allow Remote Code Execution
- Windows XP and Windows XP Service Pack 1
- Windows XP 64-Bit Edition Service Pack 1
- Windows XP 64-Bit Edition Version 2003
- Windows Server 2003
- Windows Server 2003 64-Bit Edition
Since keeping your Windows box up-to-date has never been as important as now, this next item raises some eyebrows.
Will MS Allow Pirate Copies of its OS to install WinXP SP2?
It looks like the answer is “No.” Service Pack 2, which will be released soon for download and given away free on discs via retail stores, may not be
available to users who run illegal copies of Windows. This has been a subject of controversy since it seemingly puts profits ahead of the risk of
having thousands of un-patched, un-secure computers connected to the Internet.
SP2 will check the product ID used by the machine it is being installed on, and if the ID matches Microsoft's list of known pirated IDs, then it
won't install. Which means it looks like it's going to do pretty much the same as SP1 did, and that the checking systems Microsoft implemented at
Windows Update will at the very least remain in force.
Microsoft Updates “Sasser” Removal Tool
Microsoft Sasser Removal
The free Sasser tool (which can be downloaded from Microsoft's Website) now detects and removes five instances of Sasser. BUT! A sixth “Sasser”
variant (see next item) has been found “in the wild.” Truly, it is the tale that never ends.
Symantec on "Sasser.F"
W32.Sasser.F.Worm is a variant of W32.Sasser.Worm. This worm attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin
MS04-011. It spreads by scanning randomly selected IP addresses for vulnerable systems.
W32.Sasser.F.Worm differs from W32.Sasser.Worm as follows:
Uses a different mutex: billgate.
Uses a different file name: napatch.exe.
Creates a different value in the registry: "napatch.exe."
New “Sasser” Worms Released Despite Recent Arrest
Undeterred by the arrest of Swen Jaschan in Germany last Friday, coders have released a new Sasser variant (Sasser-F) and the first worm in a new
strain, Cycle-A. Both worms exploit a hole in Window's Local Security Authority Subsystem Service (LSASS) component. Neither is spreading
particularly widely and most AV vendors place them low on the peril index.
New Mass-mailing worm: “Wallon”
A new, low-to-medium risk Mass-mailing worm, “Wallon,” attempts to trick the user into downloading a copy of itself using a URL in an email message,
then installing automatically via an un-patched security flaw.
W32.Wallon.A@mm is a mass-mailing worm that sends out emails containing a hyperlink to download the worm body from certain URL. It also harvests
email addresses on the infected machine. The worm exploits the following vulnerability:
TrendMicro - "Wallon"
F-Secure - "Wallon"
Here is a bit of good news. To further increase the number of security options for the end-user, a major player in the motherboard chipset arena is
integrating firewall technology into some of their upcoming products.
Nvidia brings hardware firewall to Athlon XP rigs
Nvidia has upgraded its AMD Athlon XP-oriented chipset, the nForce 2, to add a Gigabyte Ethernet interface to the product, RAID and a TCP/IP packet
processing core the company is pitching as a "hardware-optimised firewall security solution".
Just to be fair I will include a Mac news item. It is a week old announcement, so “news” might not be an appropriate term, but it will make it seem
less like beating up on Microsoft!
Apple Issues Patch for Mac OS X
Apple Computer has rolled out a major security update to plug several vulnerabilities in its flagship Mac OS X server and client versions. The
patch, which is being described as "highly critical," addresses security issues with the AFP Server, CoreFoundation and IPSec and also integrates a
previously issued patch which contained bugs, Apple said.
[Edited on 11-5-2004 by Banshee]