News

Monday, August 25, 2008

SecurityFocus Microsoft Newsletter #408

SecurityFocus Microsoft Newsletter #408
----------------------------------------

This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an
intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/forenterprise2

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Get Off My Cloud
2.An Astonishing Collaboration
II. MICROSOFT VULNERABILITY SUMMARY
1. Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
2. Microsoft Windows Media Services 'nskey.dll' ActiveX Control Remote Buffer Overflow Vulnerability
3. Folder Lock Weak Password Encryption Local Information Disclosure Vulnerability
4. Opera Web Browser 9.51 Multiple Security Vulnerabilities
5. Ipswitch WS_FTP Server Message Response Buffer Overflow Vulnerability
6. Ipswitch WS_FTP Client Format String Vulnerability
7. ESET Smart Security 'easdrv.sys' Local Privilege Escalation Vulnerability
8. Maya Studio eo-video Playlist File Buffer Overflow Vulnerability
9. MicroWorld Technologies MailScan Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. Identifying Security Metrics in the Windows Enterprise
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478

2.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
BugTraq ID: 30818
Remote: No
Date Published: 2008-08-25
Relevant URL: http://www.securityfocus.com/bid/30818
Summary:
DriveCrypt is prone to a security vulnerability that may cause a denial-of-service condition or allow attackers to gain access to plain text passwords.

Local attackers can exploit this issue to gain access to access to sensitive information or cause the affected computer to reboot.

DriveCrypt Plus Pack version 3.9 is vulnerable; other versions may also be affected.

Note: This vulnerability is the same issue described in BID 15751 (Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness) therefore this BID is being retired.

2. Microsoft Windows Media Services 'nskey.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 30814
Remote: Yes
Date Published: 2008-08-22
Relevant URL: http://www.securityfocus.com/bid/30814
Summary:
The Microsoft Windows Media Services ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

'nskey.dll' 4.1.00.3917 is vulnerable; other versions may also be affected.

3. Folder Lock Weak Password Encryption Local Information Disclosure Vulnerability
BugTraq ID: 30771
Remote: No
Date Published: 2008-08-20
Relevant URL: http://www.securityfocus.com/bid/30771
Summary:
Folder Lock is prone to an information-disclosure vulnerability because it stores credentials in an insecure manner.

A local attacker can exploit this issue to obtain passwords used by the application that may aid in further attacks.

Folder Lock 5.9.5 is vulnerable; other versions may also be affected.

4. Opera Web Browser 9.51 Multiple Security Vulnerabilities
BugTraq ID: 30768
Remote: Yes
Date Published: 2008-08-20
Relevant URL: http://www.securityfocus.com/bid/30768
Summary:
Opera Web Browser is prone to multiple security vulnerabilities.

Successful exploits may allow attackers to:
- cause denial-of-service conditions
- violate the same-origin policy
- carry out phishing and cross-domain attacks
- execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site
- steal cookie-based authentication credentials
- masquerade insecure websites as secure
- disclose sensitive information
- mislead a user
- carry out other attacks

Versions prior to Opera 9.52 are vulnerable.

5. Ipswitch WS_FTP Server Message Response Buffer Overflow Vulnerability
BugTraq ID: 30728
Remote: Yes
Date Published: 2008-08-18
Relevant URL: http://www.securityfocus.com/bid/30728
Summary:
Ipswitch WS_FTP is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

6. Ipswitch WS_FTP Client Format String Vulnerability
BugTraq ID: 30720
Remote: Yes
Date Published: 2008-08-17
Relevant URL: http://www.securityfocus.com/bid/30720
Summary:
Ipswitch WS_FTP client is prone to a format-string vulnerability it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects the WS_FTP Home and WS_FTP Professional clients.

7. ESET Smart Security 'easdrv.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 30719
Remote: No
Date Published: 2008-08-16
Relevant URL: http://www.securityfocus.com/bid/30719
Summary:
ESET Smart Security is prone to a local privilege-escalation vulnerability that occurs in the 'easdrv.sys' driver.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

ESET Smart Security 3.0.667.0 is vulnerable; other versions may also be affected.

8. Maya Studio eo-video Playlist File Buffer Overflow Vulnerability
BugTraq ID: 30717
Remote: Yes
Date Published: 2008-08-16
Relevant URL: http://www.securityfocus.com/bid/30717
Summary:
eo-video is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when handling playlist files.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

eo-video 1.36 is vulnerable; other versions may also be affected.

9. MicroWorld Technologies MailScan Multiple Remote Vulnerabilities
BugTraq ID: 30700
Remote: Yes
Date Published: 2008-08-15
Relevant URL: http://www.securityfocus.com/bid/30700
Summary:
MailScan is prone to multiple remote vulnerabilities, including:

- A directory-traversal vulnerability
- An authentication-bypass vulnerability
- A cross-site scripting vulnerability
- An information-disclosure vulnerability

An attacker can exploit these issues to gain access to sensitive information, gain unauthorized access to the affected application, execute arbitrary script code within the context of the website and steal cookie-based authentication credentials. Other attacks are also possible.

MailScan 5.6.a espatch1 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Identifying Security Metrics in the Windows Enterprise
http://www.securityfocus.com/archive/88/495617

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an
intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/forenterprise2

No comments:

Blog Archive