Advisory #232 - Microsoft (Multiple), Multiple News

Sûnnet Beskerming Alert List Advisory #232

You are receiving this message because you have subscribed to our  
Information Security Alert Mailing List, or have been selected for a  
specific one-off copy.  If you believe that you are receiving this  
message in error, please contact info@... to resolve the  
error.

Why not upgrade to get same day notification on security threats?  
Details and rates available online -
(http://www.beskerming.com/premium/generic_advisory.html).

Why not go the next step and get delivery tailored just for your  
company?
(http://www.beskerming.com/premium/focussed_advisory.html)


Contents
--------------------------------------------------------------------
1. SECURITY
--------------------------------------------------------------------
1.1 Microsoft (Multiple)
        - Remote Hacker Automatic Control
        - Time Since Discovery - Same Day
=======================================
/*
        - Remote or Local - Can it be achieved through a network or does it  
require physical access?
        - Hacker - The bad guy
        - Manual or Automatic  - Does the vulnerability need to be manually  
performed, or can it be automated?
        - Control, Denial of Service or Data Theft - Will the hacker get  
control of your system / website, will they prevent you from using  
it, or will they steal data.
*/
--------------------------------------------------------------------
2.    NEWS
--------------------------------------------------------------------
2.1 Microsoft May Security Patch Release
2.2 The Danger Of Thinking Beyond Your Domain
=====================================

1. SECURITY

1.1 Microsoft (Multiple) - Remote Hacker Automatic Control

        -- Products Affected --
        Windows 2000, XP, 2003, Vista
        Content Management Server

        -- Technical Description --
        MS07-023 - Excel.  Multiple remote code execution vulnerabilities -  
Replaces MS07-003.  Critical
        MS07-024 - Word.  Multiple remote code execution vulnerabilities -  
Replaces MS07-014. Critical
        MS07-025 - Office.  Remote code execution - Replaces MS07-015. Critical
        MS07-026 - Exchange. Multiple remote Code execution, DoS,  
Information theft vulnerabilities - Replaces MS06-019, MS06-029.  
Critical
        MS07-027 - Internet Explorer. Cumulative update addressing numerous  
vulnerabilities - Replaces MS07-016. Critical
        MS07-028 - CAPICOM and BizTalk Server.  Remote code exection. Critical
        MS07-029 - DNS. RPC vulnerability allowing remote code execution.  
Critical

        -- Description --
        Microsoft delivered seven patches as part of the May Security Update  
release.  All of this month's patches have been rated as Critical,  
which is Microsoft's highest threat rating.  Several of the patched  
vulnerabilities have had active exploit code circulating for some  
time prior to patching.

        -- Recommended Action --
        All users and administrators should apply the updates at the  
earliest opportunity.

        -- Source --
        http://www.beskerming.com/premium/patch_pack.html
        http://store.eSellerate.net/s.asp?
s=STR3448907936&Cmd=CATALOG&CategoryID=9811

        -- Updates Available --
        (Paid subscription required to access)

        -- External Tracking Data --
        (Paid subscription required to access)

        -- Threat Matrix --
                        U O
        Home User 10 10 (Highly Critical)
        Corporate 10 10 (Highly Critical)

=======================================
/*
Threat Matrix:
        U - User
        O - Operator
        Harmless - 0 ----- 10 - Highly Critical
*/
=======================================

2. NEWS

2.1 Microsoft May Security Patch Release

Microsoft released seven patches for May as part of their routine  
Security Patch Release program.  Amongst the patches provided are  
fixes for vulnerabilities under current, active attack, including  
attacks against Word, DNS Server, and some of the Internet Explorer  
threats.

Users and administrators should apply all patches as soon as  
possible, to mitigate against further attack using these  
vulnerabilities.  It is expected that more detailed vulnerability  
(and exploit) data will be released in the next few days, providing  
viable attack vectors against systems that have not been updated.


2.2 The Danger Of Thinking Beyond Your Domain

Mikko Hyppönen, the Chief Research Officer at Finnish Information  
Security company, F-Secure, recently wrote an article that suggested  
the introduction of a new top level domain for financial  
institutions, .bank, to help reduce the risks of online financial  
transactions.

Once the article reached a number of key distribution sites it gained  
significant traction amongst tech news sites and other Information  
Security researchers.  Rather than supporting the ideas put forward,  
the consensus seems to be that such plans would be doomed to failure  
from the start (following the same sort of arguments as the  
failed .xxx and .safe domain suggestions).

As with other arguments for new top level domains (otherwise known  
as .tld(s)), there are significant difficulties associated with  
making sure that only the people you want to have on that domain are  
allowed on there.  Suggesting that a very high fee is associated with  
new domain registrations can help, but $50,000 per domain is more  
greed than security-sense for the registry owners.  The other major  
problem with trying to introduce a new .tld is the ubiquitousness of  
the .com domain.

Internet users have become acclimatised to seeing valid companies as  
having .com domains, to the extent that companies that have  
registered only under their respective country .tld (such  
as .co.uk, .co.nz, .com.au) have found in the past that the .com  
domain is worth more for their online presence.  Popularity of  
new .tlds has been relatively low (.info, .biz, .museum, to name a  
few), and .com registrars appear to have been happy to allow anybody  
to register sites that are close in appearance / name to the  
legitimate financial institutions.

Extending this line of thought means that financial institutions will  
need to maintain .com and .bank versions of their sites, so there is  
nothing to force users across to the .bank domain.  With a .com  
presence maintained alongside .bank, there is nothing to stop  
phishing attacks targeting the .com site.  There is also nothing  
stopping attackers from targeting weaknesses in the site code on  
the .bank domain in order to achieve their goals.

As one researcher put it, "We really need a place on the Web where  
stupid ideas go to die. I bet I could donate several of my own".  
Another - "one of the most stupid ideas ever".  While those might be  
strong opinions, the original article is a good starting point for  
people who are trying to think of solutions for online financial  
transaction problems.

=======================================

Sincerely,

Sûnnet Beskerming Team
info@...
Sûnnet Beskerming Pty. Ltd.
Adelaide, Australia
http://www.beskerming.com
Tel: +61 (0) 410 707 444

** Sûnnet Beskerming Pty. Ltd. **

Established in mid 2004, Sûnnet Beskerming Pty. Ltd. is the sister  
company to Jongsma & Jongsma Pty. Ltd., and was formed to develop and  
commercialise the research coming out of Jongsma & Jongsma Pty. Ltd..  
Sûnnet Beskerming Pty. Ltd. is an Information Security specialist  
and, in conjunction with the tools developed by Jongsma & Jongsma  
Pty. Ltd., provides total security solutions and services, from the  
perimeter to internal data stores, including web application security  
and security testing and analysis.
_______________________________________________
Alertmailinglist mailing list
Alertmailinglist@...
http://skiifwrald.com/mailman/listinfo/alertmailinglist_skiifwrald.com