August 2005 – CastleCops

Microsoft Security Newsletter – Volume 2, Issue 8

In this month’s MS security newsletter, I happened to be chosen for MVP of the month:

MVP Update

MVP of the Month: Paul Laudanski – Windows Security
Paul Laudanski, a.k.a. Zhen-Xjell, has been a techno-geek since the 1970s. Laudanski’s first genuine computer experience was with the Commodore-64 and a 300 Baud modem running a 24/7 colored ASCII BBS. In the 1980s he became involved in DOS and Windows. During the 1990s he obtained a Bachelor’s degree in pure Mathematics and expanded his reach into PCBoard, Centipede, Ygdrasil, Fidonet, Unix, and Linux. These days Laudanski loves to hang out at CastleCops.com (which he founded in 2002), as well as other security-related lists and Web sites. His passions include programming, system hardening, security, and privacy. Paul and his wife (who is also a Microsoft MVP in Windows Security and wrote the MVP Article of the Month below) are proud parents of their first son.

Get more information about the MVP program here.

Microsoft Security Bulletin Summary for August 2005

MS05-038 – Cumulative Security Update for Internet Explorer (896727)

– Affected Software:
– Windows 2000 Service Pack 4
– Windows XP Service Pack 1
– Windows XP Service Pack 2
– Windows XP Professional x64 Edition
– Windows Server 2003
– Windows Server 2003 Service Pack 1
– Windows Server 2003 for Itanium-based Systems
– Windows Server 2003 with SP1 for Itanium-based Systems
– Windows Server 2003 x64 Edition

– Review the FAQ section of bulletin MS05-O38 for information about these operating systems:
– Windows 98
– Windows 98 Second Edition (SE)
– Windows Millennium Edition (ME)

– Impact: Remote Code Execution
– Version Number: 1.0

MS05-039 – Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)

– Affected Software:
– Windows 2000 Service Pack 4
– Windows XP Service Pack 1
– Windows XP Service Pack 2
– Windows XP Professional x64 Edition
– Windows Server 2003
– Windows Server 2003 Service Pack 1
– Windows Server 2003 for Itanium-based Systems
– Windows Server 2003 with SP1 for Itanium-based Systems
– Windows Server 2003 x64 Edition

– Impact: Remote Code Execution
– Version Number: 1.0

MS05-043 – Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)

– Affected Software:
– Windows 2000 Service Pack 4
– Windows XP Service Pack 1
– Windows XP Service Pack 2
– Windows Server 2003
– Windows Server 2003 for Itanium-based Systems

– Impact: Remote Code Execution
– Version Number: 1.0

Important Security Bulletins
============================
MS05-040 – Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)

– Affected Software:
– Windows 2000 Service Pack 4
– Windows XP Service Pack 1
– Windows XP Service Pack 2
– Windows XP Professional x64 Edition
– Windows Server 2003
– Windows Server 2003 Service Pack 1
– Windows Server 2003 for Itanium-based Systems
– Windows Server 2003 with SP1 for Itanium-based Systems
– Windows Server 2003 x64 Edition

– Review the FAQ section of bulletin MS05-O38 for information about these operating systems:
– Windows 98
– Windows 98 Second Edition (SE)
– Windows Millennium Edition (ME)

– Impact: Remote Code Execution
– Version Number: 1.0

– Impact: Remote Code Execution
– Version Number: 1.0

Moderate Security Bulletins
===========================
MS05-041 – Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)

– Affected Software:
– Windows XP Service Pack 1
– Windows XP Service Pack 2
– Windows XP Professional x64 Edition
– Windows Server 2003
– Windows Server 2003 Service Pack 1
– Windows Server 2003 for Itanium-based Systems
– Windows Server 2003 with SP1 for Itanium-based Systems
– Windows Server 2003 x64 Edition

– Impact: Denial of Service
– Version Number: 1.0

MS05-042 – Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)

– Affected Software:
– Windows 2000 Service Pack 4
– Windows XP Service Pack 1
– Windows XP Service Pack 2
– Windows XP Professional x64 Edition
– Windows Server 2003
– Windows Server 2003 Service Pack 1
– Windows Server 2003 for Itanium-based Systems
– Windows Server 2003 with SP1 for Itanium-based Systems
– Windows Server 2003 x64 Edition

– Impact: Remote Code Execution
– Version Number: 1.0

Source<!–

–>

Microsoft Security Bulletin Re-Releases, August 2005

* MS05-023

– http://www.microsoft.com/technet/security/bulletin/MS05-023.mspx
– Reason for revision: Bulletin updated to reflect an additional affected product- Microsoft Word 2003 Viewer
– Originally posted: June 14, 2005
– Updated: August 9, 2005
– Bulletin Severity Rating: Critical
– Version: 2.0

* MS05-032

– http://www.microsoft.com/technet/security/bulletin/MS05-032.mspx
– Reason for revision: Bulletin updated to advise customers that a revised version of the security update is available for x64-based systems, Microsoft Windows Server 2003 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems.
– Originally posted: June 14, 2005
– Updated: August 9, 2005
– Bulletin Severity Rating: Moderate
– Version: 2.0<!–

–>

CoolWebSearch found in massive spyware ring

Sunbelt Software recently reported to the FBI evidence that shows CoolWebSearch is in a massive spyware ring where private information such as user names, passwords, chat sessions, bank information are stored and uploaded to servers. The FBI responded and are working on the case.

Note that there is a LOT of bank information in here, including one company bank account with over US$350,000 and another small company in California with over $11,000 readily accessible. This list goes on and on and on. Of course, there’s also eBay accounts and much more.

http://castlecops.com/a6172-CoolWebSearch_found_in_massive_spyware_ring.html