A Microsoft disponibilizou 10 boletins de segurança, sete deles crítico, nesta última terça-feira (12/10) causando uma dor de cabeça aos gerentes da área de informática. Os boletins de segurança descrevem como um atacante pode causar um ataque de negação de serviço (DoS), acessar informações confidenciais ou até mesmo executar códigos maliciosos. Diversas versões do Windows foram afetadas pelas vulnerabilidades, incluindo NT, Excel, XP, 2003 Server e Internet Explorer.

Confira um resumo dos boletins contendo falhas críticas:

MS04-032, which fixes multiple vulnerabilities an attacker could use to take complete control of an affected system to install programs; view, change or delete data; or create new accounts that have full privileges.

MS04-033, which fixes a vulnerability in Excel an attacker could also use to install programs; view, change or delete data; or create new accounts with full privileges. "Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges," the bulletin said.

MS04-034, which fixes a vulnerability in compressed folders that could allow many of the same exploits.

MS04-035, which fixes a vulnerability an attacker could use for many of the same exploits. "A remote code execution vulnerability exists in the Windows Server 2003 SMTP component because of the way that it handles Domain Name System (DNS) lookups," the bulletin said. "An attacker could exploit the vulnerability by causing the server to process a particular DNS response that could potentially allow remote code execution. The vulnerability also exists in the Microsoft Exchange Server 2003 Routing Engine component when installed on Microsoft Windows 2000 Service Pack 3 or on Microsoft Windows 2000 Service Pack 4."

MS04-036, which fixes a vulnerability within the Network News Transfer Protocol (NNTP) component of the affected operating systems. "This vulnerability could potentially affect systems that do not use NNTP. This is because some programs that are listed in the affected software section require that the NNTP component be enabled before you can install them," the bulletin said. Like the vulnerabilities listed above, an attacker could use this to take over machines, launch malicious code and cause other problems.

"This one is especially serious because if you're running the news service, you can be attacked by anyone in the network," said Ivan Arce, CTO of Boston-based Core Security Technologies, which reported the vulnerability to Microsoft Aug. 16. "Your server can be compromised internally or externally. It's an ideal attack vector."

MS04-037, which fixes a vulnerability in the Windows shell that could be exploited in similar fashion.

MS04-038, a cumulative security update for Internet Explorer fixing several vulnerabilities an attacker could use to take over machines and do many of the things outlined above.

Confira um resumo dos boletins classificados como "importante":

MS04-029, which fixes a vulnerability in the RPC Runtime Library that could allow information disclosure and a denial of service. "An attacker who successfully exploited the vulnerability could cause the affected system to stop responding or could potentially read portions of active memory content," the bulletin said.

MS04-030, which describes a vulnerability in the WebDAV XML Message Handler that could lead to a denial of service. "An attacker who successfully exploited this vulnerability could cause WebDAV to consume all available memory and CPU time on an affected server. This behavior could cause a denial of service. The IIS service would have to be restarted to restore functionality," the bulletin said.

MS04-031, which describes a vulnerability in NetDDE that could allow remote code execution. "However, the NetDDE services are not started by default and would have to be manually started, or started by an application that requires NetDDE, for an attacker to attempt to remotely exploit this vulnerability," the bulletin said.

O CSIRT da Batori Software & Security recomenda que os administradores de ambientes Windows executem os procedimentos de atualização.

Autor: Denny Roger  (denny@batori.com.br)

Um novo vírus, batizado de Funner, está circulando pela internet. Ele infecta o MSN Messenger, se envia a todo os contatos listados no aplicativo e, de acordo com a fabricante de antivírus Symantec, tenta se conectar a um site suspeito para baixar arquivos maliciosos. Alguns especialistas em segurança acham que o Funner pode ser o responsável por problemas apresentados na segunda-feira pelo MSN Messenger.

Fonte: http://www.estadao.com.br/tecnologia/internet/2004/out/13/15.htm

Hackers estão usando a imagem do astro do futebol David Beckham para espalhar um tipo de vírus. Mensagens por e-mail propõem ao internauta o acesso a fotos do capitão da seleção inglesa em "posições comprometedoras".

Matéria completa: http://www.batori.com.br/noticcon.asp?arquivo=seg04101307.htm

A Batori Software & Security estará realizando um curso prático sobre perícia forense aplicada à informática. Serão apresentadas diversas técnicas, entre elas:

• Determinar a origem de um ataque
• Realizar uma investigação na Internet
• Rastrear e investigar e-mails
• Realizar a perícia eletrônica
• Evitar fraudes eletrônicas e procedimentos de segurança
• Segurança em sistemas e aspectos jurídicos

Este curso apresenta os conhecimentos e habilidades necessárias para a perícia forense aplicada à informática e também apresenta de forma clara e objetiva as principais relações jurídicas formadas em ambiente virtual.

Para  mais informações, acesse:

http://www.batori.com.br/treinamentos/curs4con.asp.

Data: 19 a 21 de Outubro.

Local: São Paulo (Batori Computer Security Training)

Inscrições: (11) 3105 1619