[THIN] Security Alert! September 5, 2003

• From: "Jim Kenzig http://thethin.net" <jimkenz@xxxxxxxxxxxxxx>
• To: <windows2000@xxxxxxxxxxxxx>, <thin@xxxxxxxxxxxxx>
• Date: Fri, 5 Sep 2003 18:17:54 -0400

These are ones to take note of!
JK

Security Alert, September 5, 2003

Information Disclosure Vulnerability in NetBIOS
   Mike Price of Foundstone Labs discovered that a vulnerability in
Microsoft NetBIOS can result in information disclosure. This
vulnerability stems from a flaw in the NetBIOS Name Service (NBNS). An
attacker can exploit this vulnerability by sending a NetBT Name
Service query to a system, then examining the response to see if it
includes random data from that system's memory. Microsoft has released
Security Bulletin MS03-034, "Flaw in NetBIOS Could Lead to Information
Disclosure (824105)," to address this vulnerability and recommends
that affected users apply the appropriate patch mentioned in the
bulletin.
   http://www.secadministrator.com/Articles/Index.cfm?ArticleID=40089

Automatic Macro Execution in Word
   Jim Bassett of Practitioners Publishing Company discovered that a
vulnerability in Microsoft Word can result in the automatic execution
of a macro. As a result of this vulnerability, an attacker can craft a
malicious document that bypasses the macro security model. When a user
opens the document, a malicious embedded macro will execute
automatically, regardless of the level at which you've set macro
security. The malicious macro can take actions that the user has
permissions to carry out, such as adding, changing, or deleting data
or files; communicating with a Web site; and formatting the hard disk.
Microsoft has released Security Bulletin MS03-035, "Flaw in Microsoft
Word Could Enable Macros to Run Automatically (827653)," to address
this vulnerability and recommends that affected users apply the
appropriate patch mentioned in the bulletin.
   http://www.secadministrator.com/Articles/Index.cfm?ArticleID=40090
********************************************************
This Week's Sponsor:  ThinPrint
http://www.thinprint.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] Security Alert! September 5, 2003

1. Home
2. thin
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---