[windows2000] Re: Security Alert! September 5, 2003

  • From: francine heiligman <fheiligman@xxxxxxxxx>
  • To: windows2000@xxxxxxxxxxxxx
  • Date: Mon, 8 Sep 2003 05:31:54 -0700 (PDT)

Thank you for passing on this information ... 
 
Francine Heiligman
Network Admin


"Jim Kenzig http://thethin.net"; <jimkenz@xxxxxxxxxxxxxx> wrote:
These are ones to take note of!
JK

Security Alert, September 5, 2003

Information Disclosure Vulnerability in NetBIOS
Mike Price of Foundstone Labs discovered that a vulnerability in
Microsoft NetBIOS can result in information disclosure. This
vulnerability stems from a flaw in the NetBIOS Name Service (NBNS). An
attacker can exploit this vulnerability by sending a NetBT Name
Service query to a system, then examining the response to see if it
includes random data from that system's memory. Microsoft has released
Security Bulletin MS03-034, "Flaw in NetBIOS Could Lead to Information
Disclosure (824105)," to address this vulnerability and recommends
that affected users apply the appropriate patch mentioned in the
bulletin.
http://www.secadministrator.com/Articles/Index.cfm?ArticleID=40089

Automatic Macro Execution in Word
Jim Bassett of Practitioners Publishing Company discovered that a
vulnerability in Microsoft Word can result in the automatic execution
of a macro. As a result of this vulnerability, an attacker can craft a
malicious document that bypasses the macro security model. When a user
opens the document, a malicious embedded macro will execute
automatically, regardless of the level at which you've set macro
security. The malicious macro can take actions that the user has
permissions to carry out, such as adding, changing, or deleting data
or files; communicating with a Web site; and formatting the hard disk.
Microsoft has released Security Bulletin MS03-035, "Flaw in Microsoft
Word Could Enable Macros to Run Automatically (827653)," to address
this vulnerability and recommends that affected users apply the
appropriate patch mentioned in the bulletin.
http://www.secadministrator.com/Articles/Index.cfm?ArticleID=40090

**********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

Other related posts: