SecurityFocus Microsoft Newsletter #408 ----------------------------------------
This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive IronKey flash dives lock down your most sensitive data using today's most advanced security technology. IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data. https://www.ironkey.com/forenterprise2 SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Get Off My Cloud 2.An Astonishing Collaboration II. MICROSOFT VULNERABILITY SUMMARY 1. Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability 2. Microsoft Windows Media Services 'nskey.dll' ActiveX Control Remote Buffer Overflow Vulnerability 3. Folder Lock Weak Password Encryption Local Information Disclosure Vulnerability 4. Opera Web Browser 9.51 Multiple Security Vulnerabilities 5. Ipswitch WS_FTP Server Message Response Buffer Overflow Vulnerability 6. Ipswitch WS_FTP Client Format String Vulnerability 7. ESET Smart Security 'easdrv.sys' Local Privilege Escalation Vulnerability 8. Maya Studio eo-video Playlist File Buffer Overflow Vulnerability 9. MicroWorld Technologies MailScan Multiple Remote Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. Identifying Security Metrics in the Windows Enterprise IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Get Off My Cloud By Mark Rasch One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple. More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing." http://www.securityfocus.com/columnists/478 2.An Astonishing Collaboration By Dan Kaminsky Wow. It's out. It's finally, finally out. Sweet! http://www.securityfocus.com/columnists/477 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability BugTraq ID: 30818 Remote: No Date Published: 2008-08-25 Relevant URL: http://www.securityfocus.com/bid/30818 Summary: DriveCrypt is prone to a security vulnerability that may cause a denial-of-service condition or allow attackers to gain access to plain text passwords. Local attackers can exploit this issue to gain access to access to sensitive information or cause the affected computer to reboot. DriveCrypt Plus Pack version 3.9 is vulnerable; other versions may also be affected. Note: This vulnerability is the same issue described in BID 15751 (Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness) therefore this BID is being retired. 2. Microsoft Windows Media Services 'nskey.dll' ActiveX Control Remote Buffer Overflow Vulnerability BugTraq ID: 30814 Remote: Yes Date Published: 2008-08-22 Relevant URL: http://www.securityfocus.com/bid/30814 Summary: The Microsoft Windows Media Services ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. 'nskey.dll' 4.1.00.3917 is vulnerable; other versions may also be affected. 3. Folder Lock Weak Password Encryption Local Information Disclosure Vulnerability BugTraq ID: 30771 Remote: No Date Published: 2008-08-20 Relevant URL: http://www.securityfocus.com/bid/30771 Summary: Folder Lock is prone to an information-disclosure vulnerability because it stores credentials in an insecure manner. A local attacker can exploit this issue to obtain passwords used by the application that may aid in further attacks. Folder Lock 5.9.5 is vulnerable; other versions may also be affected. 4. Opera Web Browser 9.51 Multiple Security Vulnerabilities BugTraq ID: 30768 Remote: Yes Date Published: 2008-08-20 Relevant URL: http://www.securityfocus.com/bid/30768 Summary: Opera Web Browser is prone to multiple security vulnerabilities. Successful exploits may allow attackers to: - cause denial-of-service conditions - violate the same-origin policy - carry out phishing and cross-domain attacks - execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site - steal cookie-based authentication credentials - masquerade insecure websites as secure - disclose sensitive information - mislead a user - carry out other attacks Versions prior to Opera 9.52 are vulnerable. 5. Ipswitch WS_FTP Server Message Response Buffer Overflow Vulnerability BugTraq ID: 30728 Remote: Yes Date Published: 2008-08-18 Relevant URL: http://www.securityfocus.com/bid/30728 Summary: Ipswitch WS_FTP is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. 6. Ipswitch WS_FTP Client Format String Vulnerability BugTraq ID: 30720 Remote: Yes Date Published: 2008-08-17 Relevant URL: http://www.securityfocus.com/bid/30720 Summary: Ipswitch WS_FTP client is prone to a format-string vulnerability it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition. This issue affects the WS_FTP Home and WS_FTP Professional clients. 7. ESET Smart Security 'easdrv.sys' Local Privilege Escalation Vulnerability BugTraq ID: 30719 Remote: No Date Published: 2008-08-16 Relevant URL: http://www.securityfocus.com/bid/30719 Summary: ESET Smart Security is prone to a local privilege-escalation vulnerability that occurs in the 'easdrv.sys' driver. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. ESET Smart Security 3.0.667.0 is vulnerable; other versions may also be affected. 8. Maya Studio eo-video Playlist File Buffer Overflow Vulnerability BugTraq ID: 30717 Remote: Yes Date Published: 2008-08-16 Relevant URL: http://www.securityfocus.com/bid/30717 Summary: eo-video is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when handling playlist files. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. eo-video 1.36 is vulnerable; other versions may also be affected. 9. MicroWorld Technologies MailScan Multiple Remote Vulnerabilities BugTraq ID: 30700 Remote: Yes Date Published: 2008-08-15 Relevant URL: http://www.securityfocus.com/bid/30700 Summary: MailScan is prone to multiple remote vulnerabilities, including: - A directory-traversal vulnerability - An authentication-bypass vulnerability - A cross-site scripting vulnerability - An information-disclosure vulnerability An attacker can exploit these issues to gain access to sensitive information, gain unauthorized access to the affected application, execute arbitrary script code within the context of the website and steal cookie-based authentication credentials. Other attacks are also possible. MailScan 5.6.a espatch1 is vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Identifying Security Metrics in the Windows Enterprise http://www.securityfocus.com/archive/88/495617 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive IronKey flash dives lock down your most sensitive data using today's most advanced security technology. IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data. https://www.ironkey.com/forenterprise2
