is a worm that spreads via the Internet by exploiting the LSASS vulnerability, as described in Microsoft Security Bulletin MS04-011
, in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.W32.Korgo
listens to the TCP ports 113, 3067 and 2041 and connects to several IRC servers through the port 6667.
The Korgo Family
Register for Windows Server 2003 Webcast Week, June 1-4, 2004
This series of webcasts, presented by Microsoft subject matter experts and partners, starts with an introduction to Windows Server 2003 followed by in-depth information on Group Policy, Active Directory, maintenance, administration, and troubleshooting. Register early, space is limited.
Source: TechNet Windows Server 2003
Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)SummaryImpact of Vulnerability:
Remote Code ExecutionMaximum Severity Rating:
Customers should install the update at the earliest opportunity.Caveats:
Microsoft Knowledge Base Article 841996
documents a known issue that customers may experience when they install this security update on a system where the Help and Support Center service is disabled. For the installation of this security update to be successful, the Help and Support Center service cannot be disabled. The article also documents recommended solutions for this issue. For more information, see Microsoft Knowledge Base Article 841996
Source: TechNet Security
Internet Security and Acceleration (ISA) Server 2000 Service Pack 2 (SP2) provides the latest updates to ISA Server 2000 and provides an even higher level of security, reliability and stability to customers. Overview
Internet Security and Acceleration (ISA) Server 2000 Service Pack 2 (SP2) provides the latest updates to ISA Server 2000 and provides an even higher level of security, reliability and stability to customers. Microsoft strongly encourages customers to install SP2 on all computers running ISA Server.
ISA Server 2000 SP2 can be installed directly on ISA Server 2000, ISA Server 2000 Service Pack 1 or ISA Server 2000 Feature Pack 1 or any other combination of hot fixes.
ISA Server SP2 can be applied to ISA Server Standard and Enterprise Editions, and includes:
- All hot fixes and security updates issued since ISA Server was released to manufacturing.
- Fixes for common issues reported by customers through Microsoft Product Support Services (PSS).
- Enhanced stability of the ISA Server services and administration tool in a number of scenarios.
- Fixes that enable ISA Server to run on Microsoft Windows Server™ 2003, Standard Edition and Windows Server 2003, Enterprise Edition.
- Fixes recommended through an audit by third-party security experts.
Source: Microsoft Download Center
As part of Microsoft's Strategic Technology Protection Program
, and in response to direct customer need for a streamlined method of identifying common security misconfigurations, Microsoft has developed the Microsoft Baseline Security Analyzer (MBSA).
MBSA Version 1.2 includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000, Windows XP, and Windows Server 2003 systems and will scan for common system misconfigurations in the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS), SQL Server, Internet Explorer, and Office. MBSA 1.2 will also scan for missing security updates for the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS, SQL Server, IE, Exchange Server, Windows Media Player, Microsoft Data Access Components (MDAC), MSXML, Microsoft Virtual Machine, Commerce Server, Content Management Server, BizTalk Server, Host Integration Server, and Office.
Source: TechNet Security
A settlement has been reached in a class action lawsuit over McAfee VirusScan versions 3 and 4. If you are a U.S. resident and you bought a retail version of McAfee VirusScan version 3 or version 4, then you are a member of the class. As a member of the class, you may receive a free download version of your choice of one of the three McAfee perpetual products: (1) VirusScan version 8, (2) AntiSpyware version 1.0, or (3) QuickClean version 4.01 (collectively "Software").
In order to receive your free Software download, you must do the following:
NOTE: ALL RIGHTS WILL EXPIRE ON JULY 16, 2004. YOU MUST COMPLETE THE CLASS CERTIFICATION FORM AND DOWNLOAD THE SOFTWARE ON OR BEFORE JULY 16, 2004, OR YOU WILL LOSE YOUR RIGHT TO RECEIVE THE SOFTWARE.
- Complete the certification form below. Then select Submit
- Once you have agreed to the class certification requirements, we will send you an email with a link to download your software.
For further information about the class action settlement please see the following items:
Adobe Acrobat Link to Software
- Class Notice
- Settlement Agreement
If you do not want to be a member of the class, you must opt-out of the class by July 6, 2004. For more information on how to opt-out, please read the Opt-Out Instructions
Source: McAfee Security
Although many organizations have deployed antivirus software, malicious software such as computer viruses, worms, and Trojan horses continue to infect computer systems around the world. There is no single reason for this apparent contradiction, but the current situation indicates that the standard approach of deploying antivirus software on each computer in your environment may not be sufficient.
Source: Microsoft TechNet
Download: The Antivirus Defense-in-Depth Guide
Reported May 18, 2004, by Paul Kurczaba
Microsoft Internet Explorer (IE) 5.0 and 6.0
A vulnerability in IE 5.0 and 6.0 could let a potential attacker spoof the URL displayed in the lower left corner of the IE window by using a specially coded image map.
The discoverer posted the following code as proof of concept and has made a demonstration available on his Web site.
Take advantage of tools designed to help your organization keep apprised of security risks, so you can react quickly and effectively to potential threats. Assess vulnerabilities and strengthen security with tools and technologies like the Microsoft Baseline Security Analyzer (MBSA) and Software Update Services (SUS).
Source: Microsoft Security