Security Hero Rotating Header Image

October, 2006:

Description of the Wi-Fi Protected Access 2 support for Wireless Group Policy in Windows XP Service Pack 2 – 10/17/2006

Microsoft Security Advisory (917021): Description of the Wi-Fi Protected Access 2 support for Wireless Group Policy in Windows XP Service Pack 2 – 10/17/2006

Revision Note: Advisory Published. Advisory Summary:Microsoft is releasing this security advisory to inform customers about an update that enables Wi-Fi Protected Access 2 (WPA2) support for Wireless network Group Policy settings in Windows XP Service Pack 2. This update is being released to provide parity between Windows XP Service Pack 2 (before a broad release vehicle, like a service pack, is released) and the upcoming release of Windows Server 2003 Service Pack 2. With this update, customers can create Wireless network Group Policy settings to simultaneously manage WPA2 on systems running Windows XP Service Pack 2 and for any versions of Windows targeted by the upcoming Windows Server 2003 Service Pack 2. Also included in this update are Wireless client behavior changes for non-broadcast and ad-hoc networks. These defense-in-depth changes are intended to help prevent systems from connecting to networks other than those a user intends to connect to. The reason these defense-in-depth changes are included in this update in addition to the WPA2 support for Wireless network Group Policy is to provide parity between the two Windows versions. This makes it possible to manage WPA2 settings for wireless clients on different Windows versions using the same Wireless Group Policy. These defense-in-depth changes will be included in Windows 2003 Service Pack 2 as part of the same WPA2 support for Wireless network Group Policy settings. For more information about the upcoming Windows 2003 Service Pack 2 see the Windows Service Pack Road Map. The broad release vehicle is still considered to be a service pack for Windows XP for the defense-in-depth changes included in update 917021.

URL: http://www.microsoft.com/technet/security/advisory/917021.mspx

RealVNC Remote Authentication Bypass Vulnerability

RealVNC Remote Authentication Bypass Vulnerability

This is Cisco PSIRT’s response to the CERT advisory http://www.kb.cert.org/vuls/id/117929 and acknowledged by Real VNC at http://www.realvnc.com/products/free/4.1/release-notes.html . This vulnerability was originally discovered by James Evans.

URL: http://www.cisco.com/en/US/products/hw/voiceapp/ps967/tsd_products_security_response09186a00806c4c31.html

Vulnerability in Windows Shell Could Allow Remote Code Execution – 10/10/2006

Microsoft Security Advisory (926043): Vulnerability in Windows Shell Could Allow Remote Code Execution – 10/10/2006

Revision Note: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in supported versions of Microsoft Windows. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly and limited attacks. We are aware of Web sites attempting to use the reported vulnerability to install malware. Our investigation into these Web sites shows that, in most cases, attempts to install malicious software by exploiting this vulnerability fail. This is due to specific technical factors related to the vulnerability. We will continue to investigate these public reports. The ActiveX control called out in the public reports and in the Proof of Concept code is the Microsoft WebViewFolderIcon ActiveX control (Web View). The vulnerability exists in Windows Shell and is exposed by Web View. We are working on a security update currently scheduled for an October 10 release. Customers are encouraged to keep their anti-virus software up to date. Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site. We continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, applying software updates and installing antivirus software. Customers can learn more about these steps at the Protect Your PC Web site. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country. Services. You can contact Product Support Services in the United States and Canada at no charge using the PC Safety line (1 866-PCSAFETY). Customers outside of the United States and Canada can loc

URL: http://www.microsoft.com/technet/security/advisory/926043.mspx

Vulnerability in PowerPoint Could Allow Remote Code Execution – 10/10/2006

Microsoft Security Advisory (925984): Vulnerability in PowerPoint Could Allow Remote Code Execution – 10/10/2006

Revision Note: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft is investigating new public reports of limited ˇ§zero-dayˇ¨ attacks using a vulnerability in Microsoft PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft PowerPoint 2004 for Mac, and Microsoft PowerPoint 2004 v. X for Mac. In order for this attack to be carried out, a user must first open a malicious PowerPoint file attached to an e-mail or otherwise provided to them by an attacker. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability. Microsoft is also actively sharing information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks. Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

URL: http://www.microsoft.com/technet/security/advisory/925984.mspx

Second Annual DNS Survey Reveals Growth and Improvements, But Many Systems Still Vulnerable to Attacks

Second Annual DNS Survey Reveals Growth and Improvements, But Many Systems Still Vulnerable to Attacks

Infoblox Inc. and The Measurement Factory today announced availability of the “2006 DNS Report Card”, featuring results of their second-annual survey of domain name servers (DNS) on the public Internet. Infoblox also announced today availability of Cricket Liu’s DNS Advisor, a free online tool that assesses an organization’s external DNS systems.

URL: http://feedproxy.google.com/~r/InfobloxNewsFeed/~3/ZN3tcR54yuw/release.cfm