Virus & Security Alert list @ hardnet.ro


	Latest Security Infos: OPEN INFO CLOSE INFO Mozilla Multiple Vulnerabilities Released: August 04, 2004 About: Moderate Risk! The vendor has released details about some older vulnerabilities in Mozilla, Mozilla Firefox, and Thunderbird. These can potentially be exploited by malicious people to conduct spoofing attacks, compromise a vulnerable system, or cause a DoS (Denial of Service). IMPACT: Spoofing Exposure of sensitive information DoS System access SOFTWARE: Mozilla 0.x Mozilla 1.0 Mozilla 1.1 Mozilla 1.2 Mozilla 1.3 Mozilla 1.4 Mozilla 1.5 Mozilla 1.6 Mozilla Firefox 0.x Mozilla Thunderbird 0.x OPEN INFO CLOSE INFO Microsoft Security Bulletin MS04-025 Released: July 30, 2004 Updated: August 1, 2004 About: Cumulative Security Update for Internet Explorer (867801) Maximum Severity Rating: Critical Security Update Replacement: This update replaces the one that is provided in Microsoft Security Bulletin MS04-004, which is itself a cumulative update. OPEN INFO CLOSE INFO Microsoft Security Bulletin Summary for July, 2004 Released: July 13th, 2004 About: Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity are: Bulletin 1 Identifier: Microsoft Security Bulletin MS04-022 Bulletin 1 Severity: CRITICAL! Bulletin 1 Title: Vulnerability in Task Scheduler Could Allow Code Execution (841873) Executive 1 Summary: A remote code execution vulnerability exists in the Task Scheduler because of the way that it handles application name validation. Bulletin 2 Identifier: Microsoft Security Bulletin MS04-023 Bulletin 2 Severity: CRITICAL! Bulletin 2 Title: Vulnerability in HTML Help Could Allow Code Execution (840315) Executive 2 Summary: Two remote code execution vulnerabilities exist in HTML Help. Bulletin 3 Identifier: Microsoft Security Bulletin MS04-019 Bulletin 3 Severity: Important! Bulletin 3 Title: Vulnerability in Utility Manager Could Allow Code Execution (842526) Executive 3 Summary: A privilege elevation vulnerability exists in the way that Utility Manager launches applications. Bulletin 4 Identifier: Microsoft Security Bulletin MS04-020 Bulletin 4 Severity: Important! Bulletin 4 Title: Vulnerability in POSIX Could Allow Code Execution (841872) Executive 4 Summary: A privilege elevation vulnerability exists in the POSIX subsystem. Bulletin 5 Identifier: Microsoft Security Bulletin MS04-021 Bulletin 5 Severity: Important! Bulletin 5 Title: Security Update for IIS 4.0 (841373) Executive 5 Summary: A buffer overrun vulnerability exists in Internet Information Server 4.0. Bulletin 6 Identifier: Microsoft Security Bulletin MS04-024 Bulletin 6 Severity: Important! Bulletin 6 Title: Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) Executive 6 Summary: A remote code execution vulnerability exists in the way that the Windows Shell launches applications. User interaction is required to exploit this vulnerability. OPEN INFO CLOSE INFO Microsoft Internet Explorer Multiple Vulnerabilities Released: July 13th, 2004 About: HIGH Risk! Multiple vulnerabilities have been identified in Microsoft Internet Explorer. Some could expose sensitive information others may lead to execution of arbitrary code. IMPACT: Security Bypass Spoofing System access SOFTWARE: Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6 OPEN INFO CLOSE INFO Microsoft Security Bulletin Summary for June, 2004 Released: June 8th, 2004 About: Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity are: Bulletin 1 Identifier: Microsoft Security Bulletin MS04-016 Bulletin 1 Title: Vulnerability in DirectPlay Could Allow Denial of Service (839643) Executive 1 Summary: A denial of service vulnerability exists in the IDirectPlay4 API of Microsoft DirectPlay because of a lack of robust packet validation. Bulletin 2 Identifier: Microsoft Security Bulletin MS04-017 Bulletin 2 Title: Vulnerability in Crystal Reports Web Viewer Could Allow Information Disclosure and Denial of Service (842689) Executive 2 Summary: A directory traversal vulnerability exists in Crystal Reports and Crystal Enterprise from Business Objects that could allow Information Disclosure and Denial of Service attacks on an affected system. OPEN INFO CLOSE INFO Symantec Multiple Firewall DNS Response DoS Released: May 15th, 2004 About: Remote denial of service exploit that makes use of the flaw eEye found in Symantec Norton Personal Firewall and other related products. Sends a malicious DNS response packet to a vulnerable host, causing the kernel to go into an infinite loop. Tested against Symantec Norton Personal Firewall 2004. Systems Affected: Symantec Norton Internet Security 2002 Symantec Norton Internet Security 2003 Symantec Norton Internet Security 2004 Symantec Norton Internet Security Professional 2002 Symantec Norton Internet Security Professional 2003 Symantec Norton Internet Security Professional 2004 Symantec Norton Personal Firewall 2002 Symantec Norton Personal Firewall 2003 Symantec Norton Personal Firewall 2004 Symantec Client Firewall 5.01, 5.1.1 Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1) Symantec Norton AntiSpam 2004 OPEN INFO CLOSE INFO Slackware 8.1, 9.x: Apache security bug Released: May 12th, 2004 About: New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current tofix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog (which could create an exploit if the error log is read in a terminal program that does not filter such escapes). We recommend that sites running Apache upgrade to the new Apache package. Where to find the new packages: Updated package for Slackware 8.1 Updated package for Slackware 9.0: Updated package for Slackware 9.1: Updated packages for Slackware -current: current version's patch (these related packages are also available) curent version related 1 curent version related 2 OPEN INFO CLOSE INFO Microsoft Security Bulletin MS04-015 Released: May 11th, 2004 About: This update resolves a newly-discovered vulnerability. A remote code execution vulnerability exists in the Help and Support Center because of the way that it handles HCP URL validation. The vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. missing info MS Win Security Bulletin for May, 2004 OPEN INFO CLOSE INFO Microsoft Security Bulletin MS04-014 Released: May 11th, 2004 About: Microsoft updated this bulletin on May 11, 2004 to advise on the availability of a revised version of the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1). The original update does address the vulnerability in Windows XP for all supported languages; however, the original update was not fully localized. Specifically, optional Jet error strings were only being offered in English on Windows XP. This issue does not affect other operating systems. If you have previously applied the security update for other operating systems, including Windows XP Service Pack 1, you need not take any additional action. If you have previously applied the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1), you need not take any additional action as you are already protected from this vulnerability. However, if you want to have the Jet optional text error information in the same language as your Windows XP installation, you will need to remove the original security update MS04-014 (837001) following the Removal Information procedure located in this document and install the revised version. Once 837001 is uninstalled, revisiting Windows Update will result in the revised MS04-014 security update for Windows XP being re-offered with the correct, localized, optional text error strings. OPEN INFO CLOSE INFO Microsoft Security Bulletin MS04-012 Released: April 21st, 2004 Updated: April 24th, 2004 About: This update resolves several newly-discovered vulnerabilities in RPC/DCOM. Each vulnerability is documented in this bulletin in its own section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of the affected system. An attacker could then take any action on the affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Microsoft recommends customers apply the update immediately. OPEN INFO CLOSE INFO Sasser Worm Remover Tool Infos Released: May 2004 About: Symantec Security Response has developed a removal tool to clean the infections of the following variants of the W32.Sasser worm: W32.Sasser.Worm W32.Sasser.B.Worm W32.Sasser.C.Worm W32.Sasser.D.Worm W32.Sasser.E.Worm OPEN INFO CLOSE INFO Microsoft Security Bulletin MS04-011 Released: April 13th, 2004 About: This update resolves several newly-discovered vulnerabilities. Each vulnerability is documented in this bulletin in its own section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Microsoft recommends that customers apply the update immediately.

	Security Downloads: OPEN INFO CLOSE INFO Symantec Sasser Worm Remover Tool Download Released: May 2004 About: Symantec Security Response has developed a removal tool to clean the infections of the following variants of the W32.Sasser worm: W32.Sasser.Worm W32.Sasser.B.Worm W32.Sasser.C.Worm W32.Sasser.D.Worm W32.Sasser.E.Worm missing info Update Rollup 1 for MS WinXP (KB826939) OPEN INFO CLOSE INFO Microsoft Sasser (A-F) Worm Removal Tool (KB841720) Size: 114 KB Released: May 11, 2004 Version: 4.0 About: This tool will help to remove the Sasser (A-F) worm from infected machines. OPEN INFO CLOSE INFO Microsoft Security Bulletin MS04-011 Size: 114 KB Released: April 13, 2004 Updated: May 4, 2004 Version: 4.0 About: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

	Archive: browse alerts archive

Pentru a va ABONA la aceasta lista, trimiteti un mesaj la listserver@hardnet.ro cu urmatorul continut:

SUBSCRIBE VIRUSALERT

Pentru a va DEZABONA de la aceasta lista, trimiteti un mesaj la listserver@hardnet.ro cu urmatorul continut:

UNSUBSCRIBE VIRUSALERT

(subiectul mesajului NU este important, poate fi orice sau poate fi lasat gol, conteaza doar continutul mesajului).

(... still working @ this ...)

| webmaster | copyright © 2004 hardnet.ro

Virus & Security Alert list @ hardnet.ro

Latest Security Infos:

Security Downloads:

Archive: