[1265] in Security FYI
[IS&T Security-FYI] SFYI Newsletter: October 24, 2008
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Fri Oct 24 17:13:28 2008
Message-Id: <38C61F4B-96D9-4430-AE07-67A1C3718307@mit.edu>
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi@MIT.EDU
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Fri, 24 Oct 2008 17:04:20 -0400
Cc: itss@MIT.EDU
Content-Type: multipart/mixed; boundary="===============1166038982=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1166038982==
Content-Type: multipart/alternative; boundary=Apple-Mail-43--385558821
--Apple-Mail-43--385558821
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
In this issue:
1. Out of Cycle Microsoft Security Patch Released
2. Report: 30 Million Fall Victim to Fake Antivirus Programs
---------------------------------------------------------------
1. Out of Cycle Microsoft Security Patch Released
---------------------------------------------------------------
This message was sent out from the Network & Infrastructure Services
Team at MIT yesteday:
MS08-067 Vulnerability in Server Service Could Allow Remote Code
Execution (958644)
Microsoft has released a critical security patch outside of the normal
monthly patch cycle. This patch addresses a Remote Procedure Call
(RPC) vulnerability in the "Server" service on Windows systems.
(Remote Procedure Call is a protocol that one program can use to
request a service from a program located in another computer in a
network without having to understand network details. A procedure call
is also sometimes known as a function call or a subroutine call.)
Affected Software:
* 2000 SP 4
* XP SP 3, XP x64 Edition and XP x64 SP 2
* Server 2003, x86 and Itanium-based Systems, x64 Edition, SP 2
* Server 2008, x86 and Itanium-based Systems, x64 Edition
* Vista SP 1, Vista x64 Edition, SP 1
This patch has now been approved for deployment on MIT WAUS and
registered systems will begin installing the patch this evening.
Server Service Vulnerability: A remote code execution vulnerability
exists in the Server service on Windows systems. The vulnerability is
due to the service not properly handling specially crafted RPC
requests. An attacker who successfully exploited this vulnerability
could take complete control of an affected system. On Windows Vista
and Windows Server 2008, the vulnerable code path is only accessible
to authenticated users. This vulnerability is not liable to be
triggered if the attacker is not authenticated.
Details about the patch:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Note: To check whether your Windows XP computer has received the
update already, go to the control panel for Add/Remove Programs and
check the box for "Show Updates." Look for the update with the number
KB958644.
--------------------------------------------------------------------------
2. Report: 30 Million Fall Victim to Fake Antivirus Programs
--------------------------------------------------------------------------
More than 30 million Internet users have fallen victim to fake
antivirus programs that snatch up people's money and personal
information, security research firm PandaLabs has announced. The
phenomenon may not be a new one, but it's growing more and more
popular as the scammers are getting more crafty. There are now over
7,000 variants of this type of adware, says PandaLabs, and the number
of infections caused by it is increasing rapidly.
Read the full article here:
<http://arstechnica.com/news.ars/post/20081017-report-fake-antivirus-programs-claim-30-million-victims.html
>
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
---------------------------------------
Come to Security Awareness Day at MIT!: November 5, 2 - 5 PM, in
Bartos Theater (E15-070) and Lobby http://web.mit.edu/ist/topics/security/campaign2008/securityday.html
--Apple-Mail-43--385558821
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><br><div =
apple-content-edited=3D"true"> <span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; border-spacing: 0px 0px; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><div =
style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; border-spacing: 0px 0px; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; ">In this issue:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
Out of Cycle Microsoft Security Patch Released</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">2. =
Report: 30 Million Fall Victim to Fake Antivirus Programs</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">---------------------------------------------------------------</div><di=
v style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
Out of Cycle Microsoft Security Patch Released</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">---------------------------------------------------------------</div><di=
v style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">This message was sent out from =
the Network & Infrastructure Services Team at MIT =
yesteday:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">MS08-067 Vulnerability in Server Service Could Allow Remote Code =
Execution (958644)</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Microsoft has released a critical security patch outside of the normal =
monthly patch cycle. This patch addresses a Remote Procedure Call (RPC) =
vulnerability in the "Server" service on Windows systems. (Remote =
Procedure Call is a protocol that one program can use to request a =
service from a program located in another computer in a network without =
having to understand network details. A procedure call is also sometimes =
known as a function call or a subroutine call.)</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Affected Software:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; "> * 2000 SP 4</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"> * XP SP 3, XP x64 Edition and XP x64 SP 2</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"> * Server 2003, x86 and Itanium-based Systems, x64 Edition, SP =
2</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"> * Server 2008, x86 and Itanium-based Systems, x64 =
Edition</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; "> * Vista SP 1, Vista x64 Edition, SP =
1</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">This patch has now been approved =
for deployment on MIT WAUS and registered systems will begin installing =
the patch this evening.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Server Service Vulnerability: A remote code execution vulnerability =
exists in the Server service on Windows systems. The vulnerability is =
due to the service not properly handling specially crafted RPC requests. =
An attacker who successfully exploited this vulnerability could take =
complete control of an affected system. On Windows Vista and Windows =
Server 2008, the vulnerable code path is only accessible to =
authenticated users. This vulnerability is not liable to be triggered if =
the attacker is not authenticated.</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Details about the patch:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; "><span style=3D"text-decoration: =
underline"><a =
href=3D"http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx">=
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx</a></span=
></div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Note: To check whether your =
Windows XP computer has received the update already, go to the control =
panel for Add/Remove Programs and check the box for "Show Updates." Look =
for the update with the number KB958644.</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">------------------------------------------------------------------------=
--</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">2. Report: 30 Million Fall Victim to Fake Antivirus Programs</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">------------------------------------------------------------------------=
--</div><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">More than 30 million Internet =
users have fallen victim to fake antivirus programs that snatch up =
people's money and personal information, security research firm =
PandaLabs has announced. The phenomenon may not be a new one, but it's =
growing more and more popular as the scammers are getting more crafty. =
There are now over 7,000 variants of this type of adware, says =
PandaLabs, and the number of infections caused by it is increasing =
rapidly.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read the full article here:</div><div><<a =
href=3D"http://arstechnica.com/news.ars/post/20081017-report-fake-antiviru=
s-programs-claim-30-million-victims.html">http://arstechnica.com/news.ars/=
post/20081017-report-fake-antivirus-programs-claim-30-million-victims.html=
</a>></div></span></div></span></div><div =
apple-content-edited=3D"true"><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; =
white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div =
style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div =
style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div =
style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
"><div><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><div =
style=3D"font-size: 12px; "><br =
class=3D"khtml-block-placeholder"></div><div style=3D"font-size: 12px; =
"><br></div><div style=3D"font-size: 12px; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</div><div style=3D"font-size: 12px; ">Monique Yeaton</div><div =
style=3D"font-size: 12px; ">IT Security Awareness Consultant</div><div =
style=3D"font-size: 12px; ">MIT Information Services & Technology =
(IS&T)</div><div style=3D"font-size: 12px; ">(617) =
253-2715</div><div style=3D"font-size: 12px; "><a =
href=3D"http://web.mit.edu/ist/security">http://web.mit.edu/ist/security</=
a></div></span></div><div><br></div><div><span class=3D"Apple-style-span" =
style=3D"color: rgb(192, 0, 0); font-family: Arial; font-size: 12px; =
font-weight: bold; =
">---------------------------------------</span></div><div><font =
class=3D"Apple-style-span" color=3D"#C00000" face=3D"Arial" =
size=3D"3"><span class=3D"Apple-style-span" style=3D"font-size: 12px; =
"><b><span class=3D"Apple-style-span" style=3D"color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: 14px; font-weight: normal; =
"><div><span class=3D"Apple-style-span" style=3D"font-family: Arial; =
font-size: 12px; font-weight: bold; "><font class=3D"Apple-style-span" =
color=3D"#AE1D13">Come to Security Awareness Day at MIT!: November 5, 2 =
- 5 PM, in Bartos Theater (E15-070) and Lobby </font></span><font =
class=3D"Apple-style-span" face=3D"Arial" size=3D"3"><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; "><b><font =
class=3D"Apple-style-span" color=3D"#AE1D13"><a =
href=3D"http://web.mit.edu/ist/topics/security/campaign2008/securityday.ht=
ml">http://web.mit.edu/ist/topics/security/campaign2008/securityday.html</=
a></font></b></span></font></div></span></b></span></font></div></div></di=
v></div></div></div></div></div></div></div></div><div><br></div></div></s=
pan><br class=3D"Apple-interchange-newline"></div></span><br =
class=3D"Apple-interchange-newline"> </div><br></body></html>=
--Apple-Mail-43--385558821--
--===============1166038982==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1166038982==--
