Symantec Security Check is a free service designed to help you understand your computer's exposure to online security intrusions and virus threats. To access site click here .
Use Windows Update
on a regular basis, or Schedule Automatic Updates in Windows XP, Windows 2000, or Windows Server 2003
here for more details. NOTE: close ALL programs before you run
updates. If this is a host server your need to turn off all the services
you can before you attempt any patch. Exchange Server may not work after a patch
if this is not done.
U.S. Department of Homeland Security US-CERT
strongly encourages users to install and maintain anti-virus software and
exercise caution when handling attachments. Anti-virus software may not be able
to scan password protected archive files so users must use discretion when
opening archive files and should scan files once extracted from an archive.
Why should I
run Windows update?
12/13/2002 Friday InfoWorld For the second time this month Microsoft will raise the risk rating on a flaw affecting Internet Explorer (IE) after experts told the company it underrated the issue. The cumulative patch announced on Nov. 20 in Microsoft's security bulletin MS02-066 for the IE Web browser will now be rated "critical," up from "important," Steve Lipner, director of security assurance at Microsoft, said in a statement sent via e-mail on Friday. Now Microsoft warns that successful exploitation of the flaw could allow an attacker to gain control over a user's machine. Click here for the article.
Thursday InfoWorld Viruses, SPAM and malicious Internet scams
transmitted by e-mail all grew sharply in 2002, posing a threat to the smooth
running of worldwide e-mail systems, according to security vendor MessageLabs. Click
here for article.
12/06/2002 Friday Microsoft reported that a security flaw in its Internet Explorer Web-browsing software is actually more severe than it initially disclosed. An identified security issue could enable an attacker to read files or run programs on a computer that visited his or her Web site. By installing this update, you can help protect your computer against this issue and bring Microsoft Internet Explorer up-to-date with respect to security. Click Here This bulletin is Microsoft's 68th of the year.
09/30/2002 Monday - Symantec Bugbear [W32.Bugbear@mm] is a mass-mailing worm. It can also spread through Network shares. It has backdoor capabilities. For more detail click here . CNN 'BugBear' worms in, opens doors to hackers Click here for article.
Thursday Microsoft issued a cumulative patch for its Internet Explorer Web browser that also fixes six new vulnerabilities, the most serious of which could enable an attacker to take control over a user's system, Microsoft said. A cumulative patch is a patch that includes all previously released fixes for a software product. The six newly patched vulnerabilities exist in various parts of Internet Explorer and mainly put client systems at risk, but Microsoft deems the super patch
"critical" for Internet and Intranet servers too. To go directly to the Windows Update page
click here . For more details on the patch
click here .
06/17/2002 Sunday CERT® Advisory CA-2002-17 There is a remotely exploitable vulnerability in the way that Apache web servers (or other web servers based on their source code) handle data encoded in chunks. This vulnerability is present by default in configurations of Apache web server versions 1.2.2 and above, 1.3 through 1.3.24, and versions 2.0 through 2.0.36. The impact of this vulnerability is dependent upon the software version and the hardware platform the server is running on. (click here for more details)
05/23/2002 Wednesday Microsoft Security Bulletin Q320206: Security Update - This update resolves the "Authentication Flaw in Windows Debugger can Lead to Elevated Privileges" security vulnerability in Windows 2000® and Windows NT® 4.0 . This vulnerability is the result of a flaw in the authentication mechanism for the Windows debugging facility that allows unauthorized program can gain access to the debugger. Download now to prevent a malicious user from gaining elevated privileges through the debugging facility, and then running code of her choice on your computer. For Windows 2000® click here , and for Windows NT® 4.0 click here .
Microsoft Security Bulletin MS02-022 Unchecked Buffer in MSN Chat Control Can Lead to Code Execution (Q321661) Originally posted: May 8, 2002
Who should read this bulletin: All customers using the Microsoft(r) MSN Chat control, which is available for direct download and ships with MSN Messenger and Exchange Instant Messenger.
Impact of vulnerability: Run Code of Attacker's Choice
Maximum Severity Rating: Critical
Recommendation: Customers using MSN Chat should upgrade by visiting an MSN Chat site and downloading the new control. Customers using MSN Messenger and Exchange Instant Messenger should upgrade to the latest version.
* Microsoft MSN Chat Control
* Microsoft MSN Messenger 4.5 and 4.6, which includes the MSN Chat control
* Microsoft Exchange Instant Messenger 4.5 and 4.6, which includes the MSN Chat control
Click here for more details
04/17/2002 Wednesday W32.Klez.H@mm is a modified variant of the worm W32.Klez.E@mm. This variant is capable of spreading by email and network shares. It is also capable of infecting files. For more information from Symantec click here . From more information from McAfee click here . McAfee AVERT Stinger - Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Click here to download the scan removal tool. For more details about McAfee AVERT Stinger Click here .
02/25/2002 Monday CERT® Advisory CA-2002-04 Buffer Overflow in Microsoft Internet Explorer
Microsoft Internet Explorer contains a buffer overflow vulnerability in its handling of embedded objects in HTML documents. This vulnerability could allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message. (click here for more details)
02/12/2002 Tuesday CERT® Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP) Numerous vulnerabilities have been reported in multiple vendors' SNMP implementations. These vulnerabilities may allow unauthorized privileged access, denial-of-service attacks, or cause unstable behavior. If your site uses SNMP in any capacity, the CERT/CC encourages you to read this advisory. (click here for more details)
02/11/2002 Monday (Microsoft) The "11 February 2002 Cumulative Patch for Internet Explorer" update eliminates all known security vulnerabilities affecting Internet Explorer 6, 5.5 SP 1, 5.5 SP 2, (5.1 SP2 on Windows 2000 only), as well as six new vulnerabilities, and is discussed in Microsoft Security Bulletin MS02-005. Download now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer. For additional information about these issues, read Microsoft Security Bulletin MS02-005. click here for update
01/03/2002 Friday (Infoworld) WASHINGTON D.C. — THE FBI'S NATIONAL Infrastructure Protection Center (NIPC) has revised its recent security bulletin regarding Windows XP's universal plug-and-play (UPNP) service. For more details click here .
©2000-2006 Internet Partners, Inc.