[Virus & Security Watch] No MS patches; multiple Sybase ones

Introduction: * No MS patches this month; multiple Sybase ones Virus News: * New mass-mailer something of a throwback... * Worm propagation in a corporate network Security News: * No new MS security bulletins for December * MS03-051 revised * Multiple Sybase vulnerabilities patched

Introduction:

* No MS patches this month; multiple Sybase ones

Virus News:

* New mass-mailer something of a throwback...

* Worm propagation in a corporate network

Security News:

* No new MS security bulletins for December

* MS03-051 revised

* Multiple Sybase vulnerabilities patched

Introduction:

First, a quick word about 'end of year' plans for the newsletter. The last issue will be next Friday, 19 December. The first issue of 2004 will be on Friday 16 January, a couple of days after Microsoft's first 'monthly patch day' in the New Year. And subscribers who receive the HTML version of this newsletter will see a change in layout, either this week or next...

Anyway, to business. It has been a quiet week, both on the virus and security fronts. On the latter, Microsoft announced it has no security bulletins (and hence no patches) for its standard patch release date this December. Next Generation Security Software have found a raft more security holes in a database product, but this time it is Sybase's rather than Oracle's... On the virus front a new mass-mailer is more interesting for its technical oddity value than anything and we have included a link to a good paper investigating the effects of three large network worm events inside corporate LANs.

Virus News:

* New mass-mailer something of a throwback...

An unusual beast amongst mass-mailers these days is one that depends on Microsoft Outlook to send its e-mail for it, but is precisely what Win32/Scold is. All the major antivirus developers have shipped updates for this mass-mailer which popped over the horizon late yesterday afternoon.

UK e-mail ASP MessageLabs does not show a truly significant level of outbreak for this virus, though it has done somewhat better than would probably be expected of an Outlook mass-mailer with all the security improvements in recent versions (and patch levels) of Outlook. MessageLabs' statistics also show a rather unusual resurgence in captures of the now archaic Lovgate.F, with close to 40,000 samples, as of this writing, having been detected at MessageLabs in the last 24 hours.

MessageLabs VirusEye Threats list - messagelabs.com

Computer Associates Virus Information Center

F-Secure Security Information Center

Network Associates Virus Information Library

Sophos Virus Info

Symantec Security Response

Trend Micro Virus Information Center

* Worm propagation in a corporate network

SecurityFocus (now owned by Symantec) has publicly released a research paper it originally published to subscribers to its DeepSight Threat Management System, detailing the effects of three network worms inside supposedly protected corporate networks. Worms such as CodeRed, Slammer and Blaster have only too painfully shown many corporate network administrators that assuming a good external (or border) firewall policy and/or only allowing external users access to the LAN via VPN are not, in and of themselves, sufficient protective measures. This paper investigates the real-world effects of these worms once they slipped into what many would have described as 'properly protected' LANs.

A Comparison Study of Three Worm Families - securityfocus.com

Security News:

* No new MS security bulletins for December

Tuesday this week passed rather quietly.

Almost too quietly it seemed... Unlike the last few 'second Tuesdays of the month', Microsoft did not announce several security patches. In fact, it did not announce any security patches, as noted in a brief comment on the TechNet Security page, linked below. A rather astonished security world was left to chuckle at the commentary provided in Illiad's 'User Friendly' cartoon strip, also linked below...

User Friendly cartoon 10 Dec 2003 - userfriendly.org

Microsoft TechNet Security page - microsoft.com

* MS03-051 revised

Despite its 'there are no new security bulletins this month' stance on Tuesday, Windows Update users of Windows XP were offered the MS03-051 patch for Microsoft FrontPage. It turns out that a change to the way Windows Update detects which patches are necessary was not entirely accurate and resulted in folk who were not vulnerable (so had not previously been offered the MS03-051 FrontPage patch) to be offered it following the change to Windows Update. Microsoft added a couple of questions and answers to the FAQ section of MS03-051 explaining that the offer was erroneous and Windows Update's detection of necessary patches would be updated again to fix this issue.

The patch itself has not changed and Microsoft is adamant that anyone using Windows Update to patch Windows XP machines who was vulnerable to this FrontPage issue would have been issued the patch originally.

Microsoft Security Bulletin MS03-051

* Multiple Sybase vulnerabilities patched

NextGeneration Security Software (NGSSoftware) researchers have

uncovered multiple vulnerabilities in Sybase's Adaptive Server Anywhere

relational database. The vulnerabilities include a number of remotely exploitable buffer overflows that could allow arbitrary code to be executed with the permissions of the server process. Sybase released an EBF to patch many of these vulnerabilities in SQL Anywhere 9 on 5 December - a link to its location and more details of the vulnerabilities are available in the NGSSoftware security advisory linked below.

Vulnerabilities in Adaptive Server Anywhere Network Server - nextgenss.com

Join the newsletter!

Error: Please check your email address.

More about CA TechnologiesF-SecureLANMessageLabsMicrosoftNext Generation Security SoftwareOracleSecurityFocusSophosSybase AustraliaSymantecTechNetTrend Micro Australia

Show Comments

Market Place

[]