|
Flaws Leave Network Vulnerable
by Arie Slob
Hello Windows users,
Earlier this month the Computer Emergency Response Team (CERT) Coordination Center issued an advisory, detailing multiple vulnerabilities in the Simple Network Management Protocol (SNMP). SNMP is a language used for communicating with network devices such as routers and switches.
According to the CERT advisory "These vulnerabilities may allow unauthorized privileged access, denial-of-service attacks, or cause unstable behavior".
The advisory list responses of some 75 companies at this time, but according to estimates around 250 companies have products that may be vulnerable.
The vulnerabilities where discovered by academic research group OUSPG who are located at the Oulu University in Finland, and where first reported to CERT in the summer of 2001.
Designed in the late 80's, the Simple Network Management Protocol (SNMP) is the most popular protocol in use to manage networked devices, enabling network and system administrators to remotely monitor and configure devices on the network. Many of the core Internet devices (Routers, Switches, Hubs, Bridges) are run with SNMP, and could thus be vulnerable to hackers.
After months of silence, word of the vulnerability started leaking out a few weeks ago, and CERT decided to put out the warning, even before many companies had the time to develop patches. According to CERT officials they where worried that rumors about the vulnerabilities would have hackers take a closer look at SNMP, to find any vulnerabilities to exploit.
Microsoft have issued a security bulletin (see below), with work-arounds and the first patches to the SNMP protocol used in its products.
Rose City Software
|
"I travel a great deal and always have to synchronize my laptop with my office desktop. SynchroMagic gets the job quickly and efficiently in about 1/10th the time it used to take me and I never forget any files! And when I return to the office synching back to my desktop is a no brainer. I love this software!"
-- David Rees, USA
|
Microsoft Security
Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files
Microsoft has posted a patch that fixes a security vulnerability in Internet Explorer, which can allow VB scripts of one domain to access the contents of another domain in a frame.
Affected Software Versions
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
Note: Versions of Internet Explorer prior to 5.01 Service Pack 2 are no longer eligible for hotfix support. Internet Explorer 5.01 SP2 is supported only via Windows 2000 Service Packs and Security Roll-up Packages.
More...
XMLHTTP Control Can Allow Access to Local Files
Microsoft has posted a patch that fixes a security vulnerability in the XMLHTTP (ActiveX control) Control, which allows web pages rendering in the browser to send or receive XML data via HTTP operations.
Affected Software Versions
- Microsoft XML Core Services versions 2.6, 3.0, and 4.0
An affected version of Microsoft XML Core Services also ships as part of the following products:
- Microsoft Windows XP
- Microsoft Internet Explorer 6.0
- Microsoft SQL Server 2000
More...
Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run
Microsoft has posted a patch for Microsoft Windows (all versions except Me) that fixes a security vulnerability in the Simple Network Management Protocol (SNMP).
Affected Software Versions
- Microsoft Windows 95, 98, 98SE
- Microsoft Windows NT 4.0, NT 4.0 Server, Terminal Server Edition
- Microsoft Windows 2000
- Microsoft Windows XP
More...
Recent Support BBS Postings
USB connectors don't work - Hardware
Launching IE6 Maximized? - Internet Explorer
Win98 vs. Win98SE - Windows 98
Power Management Settings - Windows 98
Firewall information - Security / Virus
Web Site Updates
These pages were added/updated in the past 2 weeks. Information on previously updated/added pages is available on the What's New? page for 1 month.
InfiniSource.com
Added: Pondering a Purchase of an LCD Monitor or Laptop?
Windows-Help.NET
Added: Microsoft Security: Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files
Added: Microsoft Security: XMLHTTP Control Can Allow Access to Local Files
Added: Microsoft Security: Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run
Windows 98
Updated: Internet Explorer 5: Security Patches
|
Highlights
Pondering a Purchase of an LCD Monitor or Laptop?
You might want to purchase one now while supplies are still plentiful, because...
Read Full Article
Windows XP Tip: Disable Low Diskspace Notification
When a hard disk is running out of disk space, Windows will occasionally pop up a warning message in your system tray. Nothing wrong with that, but sometimes it's just not possible to adjust the free space on the disk. For a work-around, check out this tip.
Windows 98 Tip: Improving Performance
Although Windows 98, when running on an identical setup as Windows 95, outperforms the latter, there are still a few "tweaks" to improve the performance of Windows 98.
HOW TO: Automatically Log On a User Account in Windows XP
This Microsoft Knowledge Base article describes how to automatically log on a user account during the Windows startup process.
Tell a friend about this Newsletter!
Need Help with Windows? Ask questions here!
FREE Software!
Web Site
Windows-Help.NET
Support BBS
Windows 95
Windows 98
Windows Me
Windows 2000
Windows XP
InfiniSource.com
IRC Info
'Net Humor
Search Engines
Shareware Links
Software Store
TechFiles Index
Web Design
Rose City Software
RCS Summaries
Be a Beta tester
List With Us
Subscribe Free
|
23 Feb. 2002, Vol 5 No. 8
