Be wary of Valentine's affections, plus a patch for Windows 2000 and NT

Be wary of Valentine's affections..; Patch available for both Windows 2000 and NT privilege elevation; 'e-mail wiretapping' via HTML/JavaScript

The newsletter compiler is unexpectedly out of the office this week, so this issue is a little more to the point than usual...

A couple of Windows privilege elevation vulnerabilities are discussed which allow local users to obtain Local System privileges for arbitrary code and a new twist to electronic eavesdropping was widely uncovered this week. On the virus front, be aware that with Valentine's Day approaching, the amount of unnecessary and potentially dangerous junk code e-mailed between users will increase immensely...

Virus News

Be wary of Valentine's affections...

We've seen it in the past and it's sure to happen again -- some of the computing world's sociopaths are almost bound to try to take advantage of other computer user's proven inability to apply good judgement when the "lure of love" is hinted at. The LoveLetter virus outbreak last year showed how readily computer users would disobey good computing practices and several pieces of malware were very "successful" over the Christmas/New Year period by exploiting appeals to typical seasonal

values...

So, with Valentine's Day approaching, be especially wary of the deluge of executable jokes, greeting cards and the other digital detritus that multiplies around such events. Corporate e-mail gateways that are not already blocking such content as a matter of habit should perhaps be revisited? If your observations of your staff's behaviour with "dubious" e-mail content does not convince you more drastic steps than depending on them to remember, apply and enforce policies are needed, perhaps the results of a recent survey of user attitudes to e-mail, at the following URL, will change your mind...

- MessageLabs press release

Security News

Patch available for Windows 2000 privilege elevation

Microsoft has released a patch to fix the "Network DDE Agent Request" vulnerability which allows a local user of a Windows 2000 machine to run code under the Local System security context. This vulnerability is not present in NT 4.0 because there the Network DDE Agent runs with the user's security context. As this exploit requires not only locally run code but also access to the same window station and desktop as launched the Network DDE Agent, the risk on terminal servers is substantially

reduced, as each terminal session has its own window station. Best practices should prevent unprivileged users from logging into servers and other security-critical machines from their consoles, so the risk from this vulnerability should be limited to workstations.

The vulnerability was discovered by security researchers at @Stake, whose security advisory contains more technical details of the issue. Patches are available from Microsoft.

- @Stake security advisory

- Microsoft Security Bulletin and FAQ

Update for Windows NT 4.0 privilege elevation

The "NTLMSSP Privilege Elevation" vulnerability allows users who can interactively log into an NT 4.0 machine and run arbitrary code to obtain Local System privileges. The NTLM Securty Support Provider

(NTLMSSP) is a standard component of NT 4.0 that handles NTLM authentication requests -- its Windows 2000 implementation does not have the code flaw discussed here.

- Microsoft Security Bulletin and FAQ

"e-mail wiretapping" via HTML/JavaScript

The Privacy Foundation has released an advisory discussing the possibility of creating an e-mail message that allows eavesdropping on subsequent e-mail discussion of the original message. This problem arises from use of standard features of JavaScript that allow the code to access its container "document". A malicious user can arrange for all subsequent copies of a message, including modified ones (where this code is not removed) to "phone home" and report their contents.

If you still have not disabled JavaScript in Outlook, Outlook Express, Netscape 6 and perhaps some other e-mail clients with "advanced" HTML and JavaScript support, perhaps the Privacy Foundation's advisory on this latest form of silent electronic eavesdropping will convince you?

- Privacy Foundation advisory

Join the newsletter!

Error: Please check your email address.

More about MessageLabsMicrosoftPrivacy Foundation

Show Comments

Market Place

[]