Updates, Patches, and Bugs (RSS)

This is a collection of update, security, and bug announcements.

Fake Support Email from DotNetJunkies

Please be aware that someone/thing is sending out a fake support email using a DotNetJunkies.com email address. The message has a ZIP file attached. Please delete this message and do not open the attachment.

The email reads:

Dear user of dotnetjunkies.com,

Your account was used to send a large amount of spam during this week. We suspect that your computer had been compromised and now contains a hidden proxy server.

We recommend that you follow the instruction in order to keep your computer safe.

Virtually yours,

The dotnetjunkies.com support team.

Again, please delete this email and do not open it.

posted Wednesday, February 16, 2005 2:24 PM by DougSeven with 0 Comments

Critical Product Vulnerability - January 2005 Microsoft Security Bulletin Release

TECHNICAL DETAILS

MS05-001
Title:  Vulnerability in HTML Help Could Allow Code Execution (890175)
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS05-001.mspx

 

MS05-002
Title:  Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx

 

MS05-003
Title: Vulnerability in the Indexing Service Could Allow Remote Code Execution (871250)
Impact of Vulnerability: Remove Code Execution
Maximum Severity Rating: Important

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS05-003.mspx

posted Tuesday, January 11, 2005 10:47 AM by DougSeven with 0 Comments

MUST READ: What You Should Know About a Reported Vulnerability in Microsoft ASP.NET

For those of you working with ASP.NET, please be aware of the following reported security vulnerability in ASP.NET.

From Microsoft's Web site:

Microsoft is currently investigating a reported vulnerability in Microsoft ASP.NET. An attacker can send specially crafted requests to the server and view secured content without providing the proper credentials. This reported vulnerability exists in ASP.NET and does not affect ASP.

This issue affects Web content owners who are running any version of ASP.NET on Microsoft Windows 2000, Windows 2000 Server, Windows XP Professional, and Windows Server 2003.

The underlying issue is that ASP.NET is failing to perform proper canonicalization of some URLs. Microsoft Knowledge Base (KB) article 887459, "Programmatically Checking for Canonicalization Issues with ASP.NET," describes how to add additional safeguards to an ASP.NET application to help protect against common canonicalization issues, such as those related to this reported vulnerability.

Resources
     http://www.microsoft.com/security/incident/aspnet.mspx
     http://support.microsoft.com/?kbid=887459

Both DotNetJunkies and SqlJunkies have been patched.

posted Wednesday, October 06, 2004 12:53 PM by DougSeven with 1 Comments

Microsoft Consumer Virus Alert - W32/Mydoom@MM

Microsoft Consumer Virus Alert

Why We Are Issuing This Alert

W32/Mydoom@MM spreads through e-mail. This worm can disguise the sender's address, a tactic known as spoofing, and may generate e-mails that appear to have been sent by Microsoft. Many of the addresses Mydoom uses are valid addresses that are being spoofed for malicious purposes.

Mydoom Virus Alert: What to Do

Treat all e-mail attachments with caution, particularly .zip files in the case of this virus, even if they appear to be from a trusted source. Learn what to do about virus infections. http://www.microsoft.com/security/antivirus/mydoom.asp

Complete Information: http://www.microsoft.com/security/antivirus/mydoom.asp

posted Friday, January 30, 2004 8:44 AM by DougSeven

PRB: "Access denied" Error Message When You Run an ASP.NET 1.0 Application in IIS 6.0

Full Knowledge Base (KB) Article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q817033

The information in this article applies to:

  • Microsoft ASP.NET (included with the .NET Framework) 1.0, when used with:
      the operating system: Microsoft Windows Server 2003
      Microsoft Internet Information Services version 6.0
SYMPTOMS
When you run an ASP.NET Web Application project on a computer running Windows Server 2003 with the .NET Framework 1.0 installed, and the Internet Information Services (IIS) 6.0 is running in IIS 5.0 isolation mode, you may receive the following error message if you do not grant the seImpersonatePrivilege function to the ASPNET account:
System.Web.HttpException: Access denied to 'd:\inetpub\wwwroot\ImpersonateTest\WebForm1.aspx'. Failed to start monitoring file changes.
RESOLUTION
To resolve this problem, grant the seImpersonatePrivilege to your ASPNET account. To do so, follow these steps:
  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Administrative Tools.
  3. Double-click Local Security Policy. Under Local Policies, click User Rights Assignment.
  4. In the details pane, double-click Impersonate a client after authentication.
  5. Click Add, and then assign the permission to the local account that you name ASPNET.
  6. Open a command prompt, and then type iisreset.

STATUS

This behavior is by design.

posted Saturday, August 23, 2003 7:41 AM by DougSeven with 0 Comments

"Server Application Unavailable" Issue on Windows XP

I heard about the following from Scott Guthrie (Product Unit Manager for ASP.NET):
------------------------------------------------------------------------------------------

We have identified an issue with the recent MS03-32 Security Update for Internet Explorer security patch and ASP.NET V1.0 running on Windows XP. This patch can be installed manually or by obtaining recent critical updates from the Windows Update site.

The symptom of this issue is that after installing the patch, all requests to ASP.NET result in an error message saying "Server Application Unavailable".

This issue only impacts installations running ASP.NET V1.0 on Windows XP Professional. It *does not* impact machines running Windows 2000 or Windows Server 2003. It also *does not* impact machines running Windows XP with ASP.NET v1.1 installed.

We are working hard on a permanent solution for this issue. In the meantime, you can visit the below page to learn about the problem as well as a safe workaround you can apply immediately to fix the issue:

http://www.asp.net/faq/ms03-32-issue.aspx

Included on the page with the details is a link to a new forum dedicated to the problem (http://www.asp.net/Forums/ShowForum.aspx?tabindex=1&ForumID=128). Please post any questions or issues you run into with this issue in this forum -- we on the ASP.NET team will be actively monitoring these posts and will be able to provide technical help to hopefully address them.

Many apologies for the inconvenience that this has caused. We'll post additional information as it becomes available.

Thanks,

ASP.NET Team

posted Saturday, August 23, 2003 7:34 AM by DougSeven with 0 Comments

What Do/Did You Think of Blaster?

I'm trying to collect a little info:

  1. What do you believe were the ‘big concerns’ when the Blaster Worm hit last week?
  2. What are your concerns about the worm today?
  3. Has there been any change in opinion?
posted Monday, August 18, 2003 1:46 PM by DougSeven with 0 Comments

Blaster Notice from Stacey G.

Purpose:      Help Protect Your Computer Today (Immediately)

Action:         Read about the Blaster worm and update your software immediately. Check the Security site for more information and steps you should take to help protect your systems.

URL:            http://www.microsoft.com/security/incident/blast.asp

posted Thursday, August 14, 2003 3:58 PM by DougSeven with 0 Comments

How do I remove W32/Blaster-A manually?

http://www.sophos.com/support/disinfection/blastera.html#3

To remove W32/Blaster-A manually on Windows 95/98/Me and Windows NT/2000/XP:

  • ensure you have installed Microsoft patch MS03-026 and implemented as many of the other steps from Sophos as is feasible.
  • press Ctrl+Alt+Del
  • in Windows NT/2000/XP click Task Manager and select the Processes tab
  • look for a process named msblast.exe in the list
  • click the process to highlight it
  • click the 'End Process' (in Windows 95/98/Me 'End Task') button
  • close Task Manager.

Search for the file msblast.exe in the Windows system folder (usually a subfolder of Windows or WINNT) and delete it.

In Windows NT/2000/XP you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.

  • At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
  • Before you edit the registry, you should make a backup. If in doubt, contact your network administrator. Incorrect editing of the Windows Registry can cause system failure.
  • Locate the HKEY_LOCAL_MACHINE entry:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    in the righthand pane select

    windows auto update = msblast.exe

    and delete it if it exists.
  • Close the registry editor.

You should reboot your computer and repeat the above process to ensure all traces of the worm have been removed from your system.

If you have any problems removing W32/Blaster-A after following these instructions, please contact technical support.

To remove W32/Blaster-A on other platforms please follow the instructions for removing worms.

posted Wednesday, August 13, 2003 6:55 AM by DougSeven with 0 Comments