Windows XP SP2 Experience Forum / Exchange 5.5 Security Bulletin / Mac OS X Bulletins
Special Note: Internet Storm Center Webcast
Today (Wednesday) at 14:00 EST / 20:00 CEST. For details, see
http://www.sans.org/webcasts/show.php?webcastid=90491
Note that this webcast will start one hour later then most of our
other SANS webcasts.
Windows XP SP2 Experience Forum
Windows XP Service Pack 2 was officially released to the world yesterday (as noted in yesterday's Handlers Diary and numerous other trade magazines and websites). While most users should not have significant problems with SP2, others stumble upon cases where home grown web applications or other 3rd party software may not work properly after installation. The Internet Storm Center has set up a forum to collect the experiences of others in the security community. It is the hope of the ISC that users will be able to share information on problems they have encountered and/or steps they used to help remedy these issues. If you would like to submit your experiences, please see the following URL:
http://isc.sans.org/xpsp2.php
Microsoft Exchange 5.5 Security Bulletin (MS04-026)
Today is the regularly scheduled Microsoft Patch Day. While most people are focused on Windows XP SP2, those that are using Exchange 5.5 need to take heed of today's security bulletin. An update was released today to resolve a problem within the Outlook Web Access service of Exchange version 5.5 involving cross-site scripting and the ability of an attacker to convince users to run malicious scripts. Though the bulletin rates the severity of the exposure as only Moderate, it is still a wise idea to patch your Outlook 5.5 Servers at the nearest maintenance time administrators have available. There are plenty of "click-happy" end-users that could create some headaches to many administrators if attackers start using this vulnerability in junk or malicious email. Also, continue to try to raise security awareness when it comes to those clicking on links or attachments without regard. For more technical information on the vulnerability and available patch, please see the following URL:
http://www.microsoft.com/technet/security/Bulletin/MS04-026.mspx?pf=true
Apple Mac OS X Bulletins (APPLE-SA-2004-08-09)
Yesterday, two bulletins were released by Apple. The first bulletin involved the libpng (Portable Network Graphics) vulnerability that has been in numerous patches in the Unix and Linux world in the past 2 weeks. The Mac OS X CoreGraphics and AppKit frameworks have been updated to protect against the flaws in the reference library. The software update is available for these versions of OS X:
* Mac OS X v10.3.4 "Panther"
* Mac OS X Server v10.3.4 "Panther"
* Mac OS X v10.2.8 "Jaguar"
* Mac OS X Server v10.2.8 "Jaguar"
The second bulletin announced the availability of Mac OS X v 10.3.5. The new version of OS X includes the patch for libpng, and also includes security updates for the Safari Web Browser and the TCP/IP stack (the rose fragmentation attack).
For more information on either of these, please see the following URLs:
http://docs.info.apple.com/article.html?artnum=61798
http://www.apple.com/support/downloads/
---
Scott Fendley - Handler on Duty
University of Arkansas
scottf /at/ uark /dot/ edu
Keywords:
0 comment(s)
×
Diary Archives
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago