IE Vulnerable to Execution of Arbitrary Code
A vulnerability has been discovered in Microsoft Internet Explorer
(IE) that can be used to execute arbitrary code on an affected system.
The vulnerability, located in the DirectAnimation Path ActiveX control, is caused by a memory corruption error that occurs when IE is processing arguments that are passed to the KeyFrame() or Spline() functions. Successful exploitation could reportedly allow a remote intruder to take complete control of the user's system. A working exploit is circulating on the Internet.
Microsoft is aware of the problem and is investigating the matter.
The company said that it expects to release a patch in association with an upcoming Security Bulletin. In the meantime, the company released a Security Advisory, "Vulnerability in the Microsoft DirectAnimation Path ActiveX Control Could Allow Remote Control Execution"

3 Microsoft Security Bulletins for September 2006
by Orin Thomas, orin@windowsitpro.com

Microsoft released three new Security Bulletins and re-released two existing updates. One of the new bulletins is rated as critical.

MS06-052: Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution
This vulnerability relates to invalid memory access in Windows XP's implementation of the Pragmatic General Multicast (PGM) protocol. The vulnerability could allow an attacker to send specially designed multicast messages to affected systems thereby enabling the execution of malicious code.
Applies to: Windows XP SP1 and SP2
Recommendation: Unless you use PGM or have the Microsoft Message Queuing (MSMQ) service installed, this update isn't urgent.

MS06-053: Vulnerability in Indexing Service Could Allow Cross-Site Scripting
This bulletin replaces Security Bulletin MS05-003. It fixes a vulnerability in the Indexing Service related to query validation that could be exploited to allow an attacker to run a client-side script on behalf of a user.
Applies to: Windows Server 2003 (x32, x64, and Itanium) and SP1, Windows XP (x32 and x64) SP1 and SP2, and Windows 2000 SP4
Recommendation: Test and install as a part of your regular patch managment cycle.

MS06-054: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution
This remote code execution vulnerability relates to Publisher. This vulnerability could be exploited when Publisher parses a file with a malformed string.
Applies to: Office 2003 SP1 and SP2, Office XP SP3, and Office 2000 SP3
Recommendation: Users of Publisher should test and deploy this patch immediately. This update is less important for organizations that don't use Publisher.

The following updates were re-released:

MS06-040--Vulnerability in Server Service Could Allow Remote Code Execution
A buffer overrun vulnerability in the Server service allows for complete control of an affected system.
Applies to: Windows 2003 and SP1, Windows XP SP1 and SP2, and Windows 2000 SP4
Recommendation: Test the patch and install it immediately.

MS06-042--Cumulative Security Update for Internet Explorer
This update addresses a significant number of vulnerabilities in Internet Explorer (IE). If a user running IE with administrative privileges visits a Web site that uses one of the exploits patched by this update, his or her system could be completely compromised. The attacks will be less damaging if the user is running an account with restricted rights.
Applies to: Windows 2003 and SP1, Windows XP SP1 and SP2, and Windows 2000 SP4
Recommendation: Organizations that use IE should test the update and install it immediately. For organizations that use an alternative browser, this update is important but not critical.

phpGroupWare Might Expose Sensitive Data
A vulnerability in the popular open-source phpGroupWare platform could allow remote intruders to gain access to sensitive data stored in files on the server hosting the software. The vulnerability is due to incorrect input validation of data provided in URLs. A remote intruder can exploit this condition by crafting a URL that will display file content from the server, and an exploit for this vulnerability has been published. An upgrade to phpGroupWare that addresses the vulnerability is available at the URL below.
http://list.windowsitpro.com/t?ctl=374BF:28C14

Exploits Attack Windows Server Service

LURHQ reports that two exploits are on the loose that take advantage of vulnerabilities in the Windows Server Service. (See the report at the first URL below.) The exploits install bot software onto affected systems and connect the systems to IRC channels where the systems can then be remote controlled.
Microsoft released Security Bulletin MS06-040, "Vulnerability in Server Service Could Allow Remote Code Execution (921883)," to correct the vulnerability (see the second URL below), however numerous systems remain unpatched due to a variety of reasons. Administrators should scan their networks to discover unpatched systems, install the patch as soon as possible, and ensure that their intrusion detection systems
(IDSs) are up to date.
Microsoft also issued Security Advisory (922437) "Exploit Code Published Affecting the Server Service," (see the third URL below), which contains additional information including potential workaround solutions.

Drupal Vulnerable to Cross-Site Scripting and SQL Injection Attacks
The hugely popular open-source content-management system, Drupal, contains bibliography, recipe, and job search modules that can allow intruders to perform cross-site scripting and SQL injection attacks.
The vulnerabilities are the result of input not being sanitized properly. The developers of Drupal have released new versions to correct the problems.

12 Microsoft Security Bulletins for August 2006

MS06-040--Vulnerability in Server Service Could Allow Remote Code Execution
A buffer overrun vulnerability in the Server service allows for complete control of an affected system.
Applies to: Win2K SP4, XP SP1 and SP2, Windows 2003 and SP1
Recommendation: Test patch and install immediately.

MS06-041--Vulnerability in DNS Resolution Could Allow Remote Code Execution.
A remote code execution vulnerability in Winsock could be used to take control of a system. A successful attack would occur after a user opens a file or visits a Web site that calls the affected Winsock API.
Also, a DNS client buffer overrun vulnerability could allow an attacker to gain complete control of a system.
Applies to: Win2K SP4, XP SP1 and SP2, Windows 2003 and SP1
Recommendation: Test patch and install immediately.

MS06-042--Cumulative Security Update for Internet Explorer
This update addresses a significant number of vulnerabilities in Internet Explorer (IE). If a user running IE with administrative privileges visits a Web site that uses one of the exploits patched by this update, his or her system could be completely compromised. The attacks will be less damaging if the user is running an account with restricted rights .
Applies to: Win2K SP4, XP SP1 and SP2, Windows 2003 and SP1
Recommendation: Organizations that use IE should test the update and install it immediately. For organizations that use an alternative browser, this update is important but not critical.

MS06-043--Vulnerability in Microsoft Windows Could Allow Remote Code Execution.
This vulnerability relates to the parsing of MHTML in Outlook Express. If a user with administrative privileges is running Outlook Express and opens an appropriately formatted email, the attacker could gain control of the user's system.
Applies to: Win2K SP4, XP SP1 and SP2, Windows 2003 SP1
Recommendation: Organizations that use Outlook Express as their mail client should test and install the patch immediately. The patch is important but not critical for organizations that use alternative mail clients.

MS06-044--Vulnerability in Microsoft Management Console Could Allow Remote Code Execution
The version of MMC in Win2K SP4 is vulnerable to a cross-site scripting attack that could be used to take control of a computer. As MMC is used primarily by administrators, such an attack could quickly compromise a system.
Recommendation: Test patch and install immediately on Win2K SP4 computers.

MS06-045--Vulnerability in Windows Explorer Could Allow Remote Code Execution
This update deals with a remote code execution vulnerability in all versions of Windows Explorer related to drag and drop events.
Applies to: Win2K SP4, XP SP1 and SP2, Windows 2003 and SP1
Recommendation: The update should be tested and installed as soon as possible but isn't as high a priority as some of the other bulletins this month.

MS06-046--Vulnerability in HTML Help Could Allow Remote Code Execution
This bulletin replaces a previous security update (MS05-001). This update repairs a vulnerability in the HTML Help ActiveX control that might allow remote code execution.
Applies to: Win2K SP4, XP SP1 and SP2, Windows 2003 and SP1
Recommendation: Test patch and install immediately.

MS06-047--Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution
This update addresses a remote code execution vulnerability in Microsoft Visual Basic for Applications. It applies to most versions of Microsoft Office and Microsoft Works as well as the Visual Basic for Applications SDK, versions 6.0 through 6.4. Office 2003 SP1 and SP2 aren't vulnerable to this exploit.
Recommendation: If your organization uses versions of Office prior to and including Office XP, you should test and apply this update immediately.

MS06-048--Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
This update applies to all versions of PowerPoint and replaces a previous update (MS06-038). If a PowerPoint file with a malformed shape container is parsed by PowerPoint, remote code can be executed on the system.
Recommendation: Organizations that use PowerPoint should test the patch and apply it immediately.

MS06-049--Vulnerability in Windows Kernel Could Result in Elevation of Privilege
This bulletin replaces the MS05-055 bulletin. It applies only to Win2K SP4. An attacker who exploits this vulnerability could take control of an affected system.
Recommendation: If your organization is still using Win2K, you should test and apply this update as soon as possible. The update is not as critical as others this month.

MS06-050--Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution
This bulletin replaces MS05-015. It deals with a hyperlink object buffer overflow and object function vulnerability. If exploited, an attacker could take control of an affected system.
Applies to: Windows 2K SP4, XP SP1 and SP2, Windows 2003 and SP1
Recommendation: The update should be tested and installed as soon as possible but isn't as high a priority as some of the other bulletins this month.

MS06-051--Vulnerability in Windows Kernel Could Result in Remote Code Execution
This update resolves a user privilege vulnerability and an "unhandled exception vulnerability" that could allow remote code execution.
Applies to: Win2K SP4, XP SP1 and SP2, Windows 2003 and SP1
Recommendation: Test patch and install immediately.

Buffer Overflow in Apache Could Allow Unauthorized Access

A buffer overflow vulnerability was discovered in Apache HTTP Server that could allow a remote intruder to gain complete control over an affected system. The problem occurs when the server processes certain URLs that use an LDAP prefix. The Apache Software Foundation released Apache HTTP Server 2.2.3 to correct the problem.
http://list.windowsitpro.com/t?ctl=333F4:28C14

Security Alert: 7 Microsoft Security Bulletins for July 2006
Microsoft released seven security bulletins that cover every supported version of Windows and Office, including the Mac versions of Office. We finally have patches for a nasty zero-day exploit in Office, and there are updates to block a couple of new holes that I think will be very attractive to worm writers.

Web server admins will want to pay particular attention to MS06-033-- Vulnerability in ASP.NET Could Allow Information Disclosure (917283) and MS06-034--Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537).

Both workstations and servers are vulnerable to MS06-035--Vulnerability in Server Service Could Allow Remote Code Execution (917159), especially if you have the Messenger or Alerter service started. This hole is one that I think attackers will jump on.

All Windows computers that have the DHCP Client service started need to install MS06-036--Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388) to shut down a vulnerability that I think will be attractive as a worm infection vector.

Finally, MS06-037--Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285), MS06-038--Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284), and MS06-039-- Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384) impact every version of Office and some related applications including Project, Visio, OneNote, and Visual Studio that are vulnerable to the zero-day exploit I mentioned above.

Security Alert: MySQL Vulnerable to SQL Injection Attacks
The popular open-source database server MySQL contains a vulnerability that could allow an intruder to perform SQL injection attacks. The vulnerability is in the server's multibyte encoding processing, which incorrectly parses a string escaped with the
mysql_real_escape() function. New versions of MySQL are available to address the problem at the URLs below.
http://list.windowsitpro.com/t?ctl=2D2AA:28C14
http://list.windowsitpro.com/t?ctl=2D2A9:28C14

Security Alert--Microsoft Word Might Allow Execution of Arbitrary Code
A vulnerability in Microsoft Word might allow intruders to attach to a Word document shell code that when executed could launch the code of the intruder's choice. Current exploits include a Trojan horse that deletes traces of the original exploit from the Word document. A succesful exploit could lead to the complete compromise of an affected system. Microsoft is aware of the problem, however no patch is available at this time.

Cisco Products Might Allow Bypassing of Content Filters
A vulnerability exists in Cisco PIX, ASA, and FWSM products that might allow a remote intruder to bypass Web content filters by using fragmented packets. The problem occurs when the Cisco products are configured to use Websense Enterprise for content filtering. Cisco made updates available to address the problems.
http://list.windowsitpro.com/t?ctl=29C33:28C14
Security Alert, April 26, 2006

Vulnerability in IE Could Allow Remote Intruders to Execute Code
A memory-corrupt vulnerability exists in how Microsoft Internet Explorer (IE) processes object tags. The vulnerability could allow remote intruders to execute arbitrary commands and possibly take complete control of an affected system. Microsoft is aware of this problem but has no patch available at this time.

Thank you for subscribing to Security UPDATE. Please tell your friends about this newsletter and alert list!

This email newsletter is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today (at the second URL below).
http://list.windowsitpro.com/t?ctl=283A0:28C14
http://list.windowsitpro.com/t?ctl=2839E:28C14

Security Alert, April 14, 2006

Oracle Database Might Allow Bypassing of Security Restrictions
A vulnerability exists in Oracle Database that might allow intruders to bypass security restrictions. Users with SELECT Object Privilege on base tables can delete rows from a view and might be able to insert and update data or escalate privileges. Oracle is working on a patch for the problem. A workaround suggested by a third party is available at the URL below.
http://list.windowsitpro.com/t?ctl=270B5:28C14

Microsoft released five security bulletins for the month of April:

MS06-013--Cumulative Security Update for Internet Explorer (912812) MS06-014--Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562) MS06-015--Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) MS06-016--Cumulative Security Update for Outlook Express (911567) MS06-017--Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)

The first four of these bulletins are primarily workstation risks. I recommend deploying MS06-013 and MS06-015 as soon as possible. MS06-013 is especially urgent because details of some exploits are public and attackers are already using them.
You might consider workarounds for MS06-014 and MS06-016, rather than deploying the updates for these two bulletins. MS06-014 includes a workaround, and I developed a workaround for MS06-016 (which you can read about at the URL below).
The final bulletin, MS06-017, impacts Microsoft IIS servers running Microsoft FrontPage Server Extensions or Microsoft SharePoint Team Services. Although Microsoft rates the severity of this exposure as only moderate, I recommend loading the update on all affected servers as soon as possible.
For more of my thoughts on all of these bulletins, go to
http://list.windowsitpro.com/t?ctl=26D34:28C14

Message Type : Field Notice

Title: Cisco Field Notice: FN - 62378 - ASA Hardware and Software Compatibility Issue Due to a Component Change

URL:
http://www.cisco.com/en/US/customer/products/ps6120/products_field_notice09186a0080655b8b.shtml

Posted: April 7, 2006

Summary: A new boot flash has been introduced on ASA models shipping from Cisco as of April 5, 2006. This new boot flash requires a minimum software revision level.
Units shipped with the new boot flash have the minimum software revision already installed. However, if such a unit has its software downgraded in the field, the ASA unit will produce an error message and enter into a reboot state. ASA units which do not have the new boot flash installed will not have any software/hardware
compatibility issues caused by this component change.

Subscribe/unsubscribe instructions :
This email has been sent to bill@kennon.net.
If you choose not to receive these notices, or if you would like to make changes to your notification profile, please go to:
http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=en

Security Alert, March 30, 2006

VERITAS NetBackup Vulnerable to Multiple Buffer Overflows
Symantec's VERITAS NetBackup contains critical buffer overflow vulnerabilities that could result in elevated privilege access to an affected system. Affected product components include NetBackup Master, Media Servers, and clients. Symantec posted an advisory along with patches to correct the problems.

Security Alert, March 29, 2006

.NET Framework Could Allow Execution of Arbitrary Commands
Two buffer-overflow vulnerabilities exist in Microsoft .NET Framework that could allow intruders to execute arbitrary commands. One problem occurs when a program handles malformed DLL files. The other problem occurs when a program calls a function with an excessively long function name. Microsoft .NET Framework 2.0 isn't vulnerable to these attacks, so users should upgrade to this version.

Security Alert, March 29, 2006

PHP Live Helper Vulnerable to Remote Code Execution
Turnkey Web Tools' popular live Web support tool PHP Live Helper is vulnerable to remote code execution due to an error in the way the tool processes URL parameters. By using a known URL parameter, intruders could cause their code of choice to be included in PHP Live Helper in real time so that the code would then run on the operator's system. An exploit could possibly open a port on a vulnerable system that would allow intruders to interact with the compromised system in a variety of ways. No response from the vendor is known at this time.

Security Alert, March 23, 2006

Malicious JavaScript Might Execute Arbitrary Code in IE and FrontPage
A simple JavaScript script could cause Microsoft Internet Explorer
(IE) and Microsoft FrontPage to crash or allow an intruder to run arbitrary code. An exploit can occur when a specially crafted JavaScript script in a Web page references a checkbox form field by using the getElementById and createTextRange functions. Exploit code is now in the wild, and Microsoft is investigating the matter.

Security Alert, March 22, 2006

Vulnerability in IE Could Allow Remote Intruders to Execute Code
An unpatched vulnerability in Microsoft Internet Explorer (IE) might allow a remote intruder to execute code on a user's system without the user's knowledge. Complete details of the exploit are not yet available, however the problem relates to HTML Application (HTA) files.
Microsoft is aware of the problem, is investigating, and will release a patch for the problem, possibly in April.
http://list.windowsitpro.com/t?ctl=24BCB:28C14

Security Alert, March 16, 2006

Adobe Flash, Shockwave, and Breeze Might Allow System Compromise
Critical vulnerabilities were discovered in Adobe Flash Player, Shockwave Player, and Breeze that could allow a remote intruder to take complete control of an affected system. The exact cause of the vulnerability hasn't been disclosed at this time, but an intruder could exploit the weakness by causing the user's browser to load a malicious Flash file (.swf). Adobe recommends that users upgrade to the latest version of the products (see the first URL below). Information on workarounds, including one to prevent Flash files from loading into the browser, is available from Microsoft (second URL below).
http://list.windowsitpro.com/t?ctl=24238:28C14
http://list.windowsitpro.com/t?ctl=24239:28C14

2 Microsoft Security Bulletins for March 2006
by Randy Franklin Smith, rsmith@ultimatewindowssecurity.com

Microsoft released two security bulletins for March, one related to Microsoft Office and another about certain Windows versions that have weak permissions defined for certain services. The security update for MS06-012--Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) involves specially formed Office documents and is a bigger risk because it allows remote code execution and targets the more difficult- to-control workstation environment. This security update patches a number of vulnerabilities associated with various Office and Microsoft Works Suite programs, and you should be concerned if you have systems with Office 2003/XP/2000 or Microsoft Works Suite 2006/2005/2004/2003/2002/2001/2000 or even Microsoft Excel for Mac.
With regard to the other bulletin, users of Windows Server
2003 Service Pack 1 (SP1), Windows XP SP2, and Windows 2000 SP4 can relax. Only organizations that have systems with XP SP1 and Windows 2003 without SP1 are vulnerable to the exposure described in MS06-011--Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798). I recommend applying this security update only to highly sensitive servers on which you've already made a commitment to full overall hardening. For full details about these bulletins, go to
http://list.windowsitpro.com/t?ctl=23DA2:28C14

7 Microsoft Security Bulletins for February 2006
by Randy Franklin Smith, rsmith@ultimatewindowssecurity.com

Although Microsoft released seven security updates this month, organizations running Windows Server 2003 Service Pack 1 (SP1), Windows XP SP2, and Microsoft Office 2003 will be able to avoid loading all but one patch (MS06- 005), assuming administrators refrain from dangerous interactive activities on servers. If you're using a Web browser other than Microsoft Internet Explorer (IE), be sure to read bulletin MS06-006. If you still run Office 2000, MS06- 010 will be important to you, as will MS06-009 if you have Office 2003 Proofing Tools or East Asian language versions of Windows or Office on your network. Here's a list of the seven bulletins and links to the full details of
each:

MS06-004 - Cumulative Security Update for Internet Explorer (910620)
http://list.windowsitpro.com/t?ctl=210A2:28C14

MS06-005 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
http://list.windowsitpro.com/t?ctl=210A4:28C14

MS06-006 - Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
http://list.windowsitpro.com/t?ctl=210A7:28C14

MS06-007 - Vulnerability in TCP/IP Could Allow Denial of Service (913446)
http://list.windowsitpro.com/t?ctl=210A1:28C14

MS06-008 - Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
http://list.windowsitpro.com/t?ctl=210A3:28C14

MS06-009 - Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
http://list.windowsitpro.com/t?ctl=210A6:28C14

MS06-010 - Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167)
http://list.windowsitpro.com/t?ctl=210A5:28C14

Security Alert, February 9, 2006

Buffer Overflow in Microsoft HTML Help Workshop
"Bratax" reported that a buffer overflow vulnerability exists in Microsoft HTML Help Workshop, which is part of the Microsoft HTML Help
1.4 SDK (at the URL below). The vulnerability is caused by incorrect processing of fields within .hhp files and could be exploited by intruders to execute arbitrary commands on an affected system.
Microsoft hadn't responded at the time of this writing.
http://list.windowsitpro.com/t?ctl=20732:28C14

Security Alert, February 9, 2006

Windows Local Privilege Escalation Exploit
Code has been published that might successfully exploit loose permissions on third-party Windows-based application services as well as several default Windows services, including Universal Plug and Play (UPnP), NetBIOS over TCP/IP (NetBT), Smart Card (SCardSvr), and SSDP Discovery Service (SSDPA). A successful exploit could allow a local user to gain elevated privileges. The problem affects Windows XP Service Pack 1 (SP1) and Windows Server 2003. XP SP2 and Windows 2003
SP1 aren't affected.
Microsoft is aware of the problem and has published an advisory, available at the URL below.
http://list.windowsitpro.com/t?ctl=206FF:28C14

Security Alert, February 8, 2006

Malformed Windows Metafiles Could Allow Arbitrary Code Execution
A new Windows metafile vulnerability was discovered in Microsoft Internet Explorer (IE). The vulnerability is caused by incorrect processing of image headers and could be exploited by remote intruders executing arbitrary code in the context of the currently logged-on user. The problem affects Windows 2000 with Service Pack 4 (SP4) and Windows Me. Systems that have IE 6.0 SP1 installed aren't affected.
Microsoft issued an advisory (at the URL below) that recommends installing IE 6.0 SP1.
http://list.windowsitpro.com/t?ctl=204B1:28C14

Security Alert, February 7, 2006

8 Vulnerabilities in Mozilla Suite, SeaMonkey Suite, Firefox, and Thunderbird

The following eight vulnerabilities exist in Mozilla Foundation's Mozilla Suite, SeaMonkey Suite (the code name of a new version of Mozilla Suite), Thunderbird email client, and/or Firefox browser. The first vulnerability is rated critical, the next four are rated moderate, and the final three are rated low in terms of severity. The vulnerabilities are as follows:

- XML could be injected into the browser's localstore.rdf file, which would then be read by the browser at startup. The vulnerability could allow intruders to inject JavaScript code onto a user's system.

- The browser contains integer overflow errors that could allow intruders to execute arbitrary code on an affected system.

- The products' QueryInterface method contains a flaw that causes memory corruption, which could allow intruders to execute arbitrary code on an affected system.

- Dynamic changes to certain style elements could cause the browser to attempt operations on freed memory space, which could allow intruders to execute arbitrary code on an affected system.

- Specially crafted JavaScript objects could trigger "garbage collection," which could cause the browser to attempt operations on freed memory space. The condition could allow intruders to execute arbitrary code on an affected system.

- Web pages with extremely long titles cause the browser to take a long time to start up, or to crash when the computer has insufficient memory available.

- The E4X AnyName object that's used by the products' JavaScript engine is unintentionally exposed to Web content, which could allow scripts to perform unauthorized actions.

- The products' XML parser might read beyond the end of a buffer, which could cause the browser to crash.

Mozilla Foundation released updates to the products to correct these problems. For more information, go to
http://list.windowsitpro.com/t?ctl=20228:28C14

Security Alert, February 3, 2006

Mozilla and Firefox Vulnerable to Cross-Site Scripting
A vulnerability in the Mozilla Suite and Firefox browsers could allow remote intruders to bypass security restrictions and gain access to private information. A remote intruder could cause a script to execute in the user's browser in the security context of an arbitrary domain. The problem could lead to exposure of information stored in cookies. The vulnerability is due to validation errors when processing Cascading Style Sheets (CSS) and HTML documents that contain a specially crafted property and that are used in conjunction with the Extensible Binding Language (XBL). Mozilla Foundation is aware of the problem, however no fix is available at this time.

Security Alert, February 3, 2006

MyBB Vulnerable to SQL Injection Attacks
MyBB discussion forum software incorrectly validates input of its templatelist parameter. An intruder could use a malformed parameter to launch SQL injection attacks. MyBB 1.0.3, which corrects this problem, is now available.
http://list.windowsitpro.com/t?ctl=1FD12:28C14

Security Alert, January 11, 2006

3 More WMF Vulnerabilities Discovered
Three new vulnerabilities in Windows metafiles were made known this week. The vulnerabilities can be used to cause Denial of Service (DoS) attacks, and exploits using the new vulnerabilities have already been made public. However, at this time, it doesn't appear that the vulnerabilities can be used to execute code.
Microsoft is aware of the problems. The company said that it "had previously identified these issues as part of our ongoing code maintenance and [we] are evaluating them for inclusion in the next service pack for the affected products."

Thank you for subscribing to Security UPDATE. Please tell your friends about this newsletter and alert list!

This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=1DB36:28C14

1/11/06
Microsoft released three security updates for this month:

MS06-001--Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
This is the same bulletin that was originally released early (on January 6) because of the prevalence of attacks already exploiting yet another vulnerability in Windows' graphics rendering engine. This high- priority patch should be loaded as soon as possible. For analysis of system types most affected as well as workarounds, go to
http://list.windowsitpro.com/t?ctl=1DAC5:28C14

MS06-002--Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
This HTML-content vulnerability exploits a buffer overflow in Microsoft Internet Explorer's (IE's) embedded Web font processing. For recommendations about patch deployment, workarounds, and demonstrations of how embedded Web fonts work, go to
http://list.windowsitpro.com/t?ctl=1DAC4:28C14

MS06-003--Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
This vulnerability is particularly dangerous because it can directly impact servers and because it allows the attacker to take the offensive with direct, targeted attacks instead of the "bait-and-wait" attacks common to the recent spate of graphics rendering engine attacks. Most organizations will want to load this patch on all systems that have Microsoft Office 2000, XP, or 2003 or Microsoft Exchange Server 5.x or 2000. For more details, go to
http://list.windowsitpro.com/t?ctl=1DAC3:28C14

Security Alert, January 6, 2006

WinProxy Subject to Arbitrary Code Execution
Blue Coat Systems' WinProxy SecureSuite contains critical vulnerabilities that could allow remote intruders to execute arbitrary commands or cause a Denial of Service (DoS) condition. A buffer overflow could occur when processing HTTP headers, and a heap overflow could occur when processing network traffic through the Telnet proxy.
Both overflow conditions could allow a remote intruder to execute arbitrary commands. Errors when processing overly long HTTP requests could lead to a DoS. Blue Coat Systems released WinProxy 6.1a, which corrects these problems.
http://list.windowsitpro.com/t?ctl=1D563:28C14

Security Alert, January 6, 2006

Apache Web Server Vulnerable to DoS and Arbitrary Code Execution
Apache Web Server is vulnerable to Denial of Service (DoS) attacks and execution of arbitrary code. The module that provides SSL support
(mod_ssl) doesn't properly handle certain non-SSL traffic that is sent to an SSL-enabled virtual host, which can lead to a DoS attack.
Multiple critical vulnerabilities exist in the module used for connectivity to PostgreSQL database servers (mod_auth_pgsql). The vulnerabilities could allow remote intruders to execute arbitrary commands. Apache Software Foundation corrected the SSL problem in the source code tree. A bug report can be found at the first URL below.
PostgreSQL module developer Giuseppe Tanzilli released module version
2.0.3 (at the second URL below), which corrects the arbitrary code execution problems.
http://list.windowsitpro.com/t?ctl=1D55B:28C14
http://list.windowsitpro.com/t?ctl=1D55C:28C14