AOH :: ISN-1848.HTM

Security UPDATE -- Recipe for Disaster -- December 21, 2005

Security UPDATE -- Recipe for Disaster -- December 21, 2005
Security UPDATE -- Recipe for Disaster -- December 21, 2005

This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 



1. In Focus: Recipe for Disaster

2. Security News and Features
   - Recent Security Vulnerabilities
   - Minor Problem with Software Update Services 1.0
   - Microsoft Earns New Common Criteria Certifications for Windows
   - Use Guest Accounts to Fight Malware

3. Instant Poll

4. Security Toolkit
   - Security Matters Blog
   - FAQ

5. New and Improved
   - Securely Back Up to a Remote Location

==== Sponsor: Panda ===
Provide Secure Remote Access
   It may be tempting to deploy a WiFi wireless access point or offer 
PDAs or laptops to your roaming employees so they can work from 
virtually anywhere.  In this free white paper you'll get the important 
security implications you should consider before you do so. 

==== 1. In Focus: Recipe for Disaster ===   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

What do you get when you mix malicious code developers, a newly 
reported vulnerability in the Windows 2000 and Windows NT kernel, and a 
dash of social engineering? A recipe for disaster. 

Microsoft released Security Bulletin MS05-055 "Vulnerability in Windows 
Kernel Could Allow Elevation of Privilege (908523)" (URL below) and an 
associated patch for Windows 2000 on December 13. Due to the nature of 
the problem, any program could gain complete system level access to an 
affected system. No matter how you lock down the system or how many 
restrictions you place on user accounts, an exploit is possible, 
provided an intruder can cause code to run on the system. 
eEye Digital Security discovered the problem in May. In a press release 
issued the same day as Microsoft's security bulletin, eEye explained 
the problem in some amount of detail: "The vulnerability exists in the 
thread termination routine contained within NTOSKRNL.EXE. Through a 
specific series of steps, a local attacker can cause the code 
responsible for discarding queued Asynchronous Procedure Call (APC) 
entries to erroneously attempt to free a region of kernel data, 
producing a 'data free' vulnerability that may be exploited in order to 
alter arbitrary kernel memory, or even divert the flow of execution 

This sounds like a rootkit writer's dream come true except that the 
hacker must somehow cause a malicious program to run on the computer. 
That's where social engineering comes into play. 

Because there's no direct point of attack, exploiting this 
vulnerability might require a blend of tactics. Blended attacks rely 
on the domino effect to work--an attack targets one vulnerability,  
which provides access to another vulnerability, in the hopes that the 
attacks will eventually compromise a system. 

The initial exploit might rely on a weakness in a Web browser, email 
client, media player, or other piece of software. Or the hacker might 
take a more direct approach--such as packaging an exploit in a virus or 
worm--or a sneakier tactic, for example, putting an exploit in a 
software package that's hard to resist, such as in a new tool that 
claims to be the best thing since sliced bread.

Now that word is out about this vulnerability, undoubtedly people are 
already developing code to exploit it. In my opinion, there's only one 
adequate defense against a vulnerability such as this particular kernel 
problem. That defense is to install the patch on Windows 2000 machines. 
If you use Windows NT, there's no patch. In that case, your best 
defense is layered security that includes antivirus and antispyware 
tools and host-based Intrusion Prevention Systems (IPSs) along with 
reminders to yourself and your users to use extreme caution when 
deciding whether to install any third-party software elements.

==== Sponsor: Shavlik ===
Maximizing Network Security Against Spyware and Other Threats
   Spyware installation usually exploits an underlying security 
vulnerability in the OS. You can remove spyware, but if you don't also 
patch the underlying vulnerability, you don't solve the real problem. 
By leaving your systems open to reinfestation, you risk surging 
bandwidth consumption, system instability, overwhelmed Help desks, lost 
user productivity, and other consequences. Unauthorized applications 
can even result in noncompliance with regulatory requirements. This 
free white paper addresses the need to manage both the threats and 
vulnerabilities from one console as a comprehensive security solution. 

==== 2. Security News and Features ===
Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at 

Minor Problem with Software Update Services 1.0
   Microsoft made known a minor problem with Software Update Services 
(SUS) 1.0 that might lead to confusion among administrators. When SUS 
is synchronized with systems running Windows Server 2003 Service Pack 1 
(SP1) after December 12, previously approved updates might all become 
listed as unapproved. The problem doesn't affect SUS servers built or 
deployed after December 13. 

Microsoft Earns New Common Criteria Certifications for Windows
   At Microsoft's Security Summit East, held December 14-15 in 
Washington D.C., the company announced that several of its products 
received Common Criteria (CC) Evaluation Assurance Level (EAL) 4 
certification augmented by ALC_FLR.3. The certifications were awarded 
to Windows Server 2003 Standard, Enterprise, and Datacenter editions as 
well as Windows Server 2003 Certificate Server and Windows XP Service 
Pack 2 (SP2). 

Use Guest Accounts to Fight Malware
   Configure applications that are most vulnerable to a malware attack 
to run under low-privilege Guest accounts. Mark Burnett explains in 
this article on our Web site. 

==== Resources and Events ===
WEB SEMINAR: Manage and reduce planned downtime to prevent unexpected 
outages. View this seminar today: 

SQL Server 2005 Up & Running Roadshows Coming to Europe!
   SQL Server experts will present real-world information about 
administration, development, and business intelligence to help you put 
SQL Server 2005 into practice and learn to use its new capabilities. 
Registration includes one-year PASS membership and subscription to SQL 
Server Magazine. Register now for London, UK and Stockholm, Sweden at 

WEB SEMINAR: Free tools to help you analyze threats and create 
Acceptable-Use Policies (AUPs) for your network. View this seminar 

New SQL Server 2005 Express Email Newsletter!
   Get up to speed fast with useful database projects and tips that 
illustrate the fundamentals of Microsoft's new free database offering. 
Download sample applications and code, get quick tips to help you work 
with SQL Server 2005, learn about the latest patches, service codes and 
updates for SQL Server 2005 Express, and more! 

WEB SEMINAR: Identify and troubleshoot common SMTP problems and learn 
about each component of Exchange that touches inbound and outbound 
messages. Live seminar: February 14, 2006. 

==== Featured White Paper ===
Learn about the most common complications that arise during litigation-
related email discovery and get tips on how to avoid them. 

==== Hot Spot ===
Managing Mobility in the Enterprise
   Is your mobile workforce set up for success? Mobile 
management is a key component for your mobile strategy, but 
inadequate levels can have severe consequences. This free 
white paper will help you identify the appropriate tools to 
manage it effectively, and avoid increases in TCO and more. 
Download it today and ensure your organization's mobility 

==== 3. Instant Poll ===
Which of the following methods to do you use to secure your company's 
   - Run antivirus software on PDAs
   - Password-protect PDA functions
   - Encrypt important files on PDAs
   - Disable unnecessary short-range wireless features on PDAs
   - Two or more of the above
   - None of the above
   Go to the Security Hot Topic on our Web site and submit your vote 

==== 4. Security Toolkit ==== 

Security Matters Blog: Absolute Secure Communications?
by Mark Joseph Edwards, 

    Huge sums of money are being spent on the development of quantum 
cryptography. But is there a cheaper, simpler way? At least one person 
thinks there is, and he's written a paper to help prove it. Find out 
more in this blog article. 

by John Savill, 

Q: How can I monitor registry activity during logon and logoff?

Find the answer at 

==== Announcements ===   (from Windows IT Pro and its partners)

Want to Become a VIP Subscriber?
   Become a VIP subscriber and get continuous, inside access to ALL the 
online resources published in Windows IT Pro, SQL Server Magazine, and 
the Exchange and Outlook Administrator, Windows Scripting Solutions, 
and Windows IT Security newsletters. That's more than 26,000 articles 
at your fingertips. You'll also get a valuable one-year print 
subscription to Windows IT Pro and two VIP CDs. (CDs include the entire 
article database on CD, delivered twice per year.) Don't miss out ... 
sign up now: 

Windows IT Security Newsletter
   The Windows IT Security Newsletter is a "must-have." Subscribe now 
and SAVE up to $30 off the regular price. You'll discover endless 
fundamentals on building and maintaining a secure enterprise, in-depth 
product coverage of the best security tools available, and expert 
advice on the best way to implement various security components. Paid 
subscribers also get searchable access to the full online security 
article database (over 1900 articles). Subscribe today: 

==== 5. New and Improved == by Renee Munshi, 

Securely Back Up to a Remote Location
   Asigra Televaulting is an agentless enterprise-class backup and 
recovery solution that features data protection by means of 256-bit 
encryption and authentication. With Televaulting, business-critical 
corporate data is processed for backup, compressed, and encrypted, then 
is sent to a secure offsite data vault where it's available for 
restoration 24 x 7. Data is protected both while being transferred and 
while in storage. Asigra's software requires unique identifiers for 
login to the account, use of the proper encryption keys with one-way 
hashes used for verification, and login requests that originate from 
valid hardware that uses a specific IP address. For more information, 
go to 

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.

==== Contact Us ==== 

About the newsletter -- 
About technical questions -- 
About product news -- 
About your subscription -- 
About sponsoring Security UPDATE -- 

This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today. 

View the Windows IT Pro privacy policy at 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

Earn your Master's degree in Information Security ONLINE 
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.

Site design & layout copyright © 1986-2015 CodeGods