Thank you for passing on this information ... Francine Heiligman Network Admin "Jim Kenzig http://thethin.net"; <jimkenz@xxxxxxxxxxxxxx> wrote: These are ones to take note of! JK Security Alert, September 5, 2003 Information Disclosure Vulnerability in NetBIOS Mike Price of Foundstone Labs discovered that a vulnerability in Microsoft NetBIOS can result in information disclosure. This vulnerability stems from a flaw in the NetBIOS Name Service (NBNS). An attacker can exploit this vulnerability by sending a NetBT Name Service query to a system, then examining the response to see if it includes random data from that system's memory. Microsoft has released Security Bulletin MS03-034, "Flaw in NetBIOS Could Lead to Information Disclosure (824105)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/Articles/Index.cfm?ArticleID=40089 Automatic Macro Execution in Word Jim Bassett of Practitioners Publishing Company discovered that a vulnerability in Microsoft Word can result in the automatic execution of a macro. As a result of this vulnerability, an attacker can craft a malicious document that bypasses the macro security model. When a user opens the document, a malicious embedded macro will execute automatically, regardless of the level at which you've set macro security. The malicious macro can take actions that the user has permissions to carry out, such as adding, changing, or deleting data or files; communicating with a Web site; and formatting the hard disk. Microsoft has released Security Bulletin MS03-035, "Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/Articles/Index.cfm?ArticleID=40090 ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm --------------------------------- Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software