Home
Resources
Training
About Us
eStore
<a href="http://www.isdecisions.com/en/software/userlock/?xtor=SEC-230"><img src="http://www.isdecisions.com/images/pubs/Randy/userlock.gif" alt="UserLock" border="0" /></a>

>

resources > newsletter > archive > issue #13

 

 

 

 

 

 

 

Latest Blog: WinReporter 4.0 Makes It Easy to Assess Attack Surface

  

Ultimate Windows Security Newsletter:

Issue #13, 3/14/06

In this issue:
- New Security Log Secrets Interactive Edition!
- Randy's Independent Insights on This Month's bulletins
- Randy's take on Secure Vantage Technologies' SCMP
- Public Seminar Schedule

This Month's Security Updates from Microsoft

Microsoft released 2 security bulletins today, one that affects Office and another that impacts certain Windows versions that have weak permissions defined for certain services. For full details see below.

New Computer Based Training for Windows Security Log!

I am very excited to announce the immediate availability of Security Log Secrets Interactive Edition. As you may know, my Security Log secrets seminar is the only training program available that reveals the cryptic Windows security log.

Over the past year many of you who cannot travel to the public seminar have inquired about a computer based training or video version of the course.
SLS Interactive is an interactive flash video with picture-in-picture of the instructor (yours truly), demonstrations on Windows and flash quizzes to keep you engaged.

We recorded the main content at a public seminar in Charlotte and have been working hard the past couple months on editing and production.
SLS-Interactive is delivered on DVD-ROM and includes a printed copy of the course material. visit www.ultimatewindowssecurity.com/dvd to learn more about SLS-Interactive.

As a special value to all newsletter subscribers we are offering a $100 discount on the course with promo code NLI. This offer is only good for 7
days.

Randy's take on System Controls MP

If you need to monitor and report on the Windows security log and you already use or are considering Microsoft Operations Manager you should definitely take a look at SCMP from Secure Vantage Technologies' System Controls Management Pack. SCMP is a MOM management pack that enables you to leverage MOM to collect, alert and report on Windows security events.

What I like about SCMP is its strong functionality for processing description fields (called parameters in SCMP) and the number of monitoring rules and pre-built reports that come with SCMP. SCMP is currently the only security log management tool that integrates my Security Log Encyclopedia and eBook, The Windows Server 2003 Security Log Revealed, into its internal knowledge base. To learn more about SCMP and its integrated Security Log Secrets content visit www.ultimatewindowssecurity.com/scmp.

MS06-012 - Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)

On Windows XP pre-SP2 and Windows Server 2003 pre-SP2 the default permissions for a number of system services allow a non-administrative user write access to certain properties that would allow the attacker to elevate their privileges to administrator level apparently by pointing the service to a specially written executable that would exploit the administrator level authority under which the service runs to do the attacker's bidding. As an elevation of privilege risk that requires a valid logon I don't regard this as critical to load except on sensitive servers where you've already made a full hardening effort or on workstations where you are committed to preventing end-users from gaining administrator access to their own workstation. Terminal Services servers delivering applications to end-users should receive this patch to prevent end-users from gaining administrator access to the server. At the same time, this patch presents low risk to stability since it makes no updates to executable files, it simply strengthens the ACL on ssdpsrv, netbt, upnphost, scardsvr, dhcp and dnscache services. Unless you have an automated process running as an unprivileged account updating these services the patch probably won't be noticeable.
This patch again demonstrates the dividend gained by staying up-to-date with the latest service pack since up-to-date Windows 2000, 2003 and XP systems are immune.

Ultimate Windows Security Public Seminars

Security Log Secrets - New York - May 1-3 Complete Windows Security - London - May 22-26 There's still time to save $100 of the registration fee!

MS06-011 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)

This security update patches a number of vulnerabilities associated with various Office and MS Works programs and you should be concerned if you have systems with Office 2000, XP, 2003 or MS Works Suite 2000-2006, Excel Viewer
2003 or even Excel for Mac. These vulnerabilities allow an attacker to run arbitrary code on remote systems where he is successful in getting the user to open a specially formed Office document through email attachment, download from webpage and similar vectors. Since information on how to exploit some of the vulnerabilities in this patch are already public, I recommend loading this patch on all vulnerable systems as soon as possible after basic testing in your environment.

For centralized event management

Prism Microsystems' EventTracker software provides centralized event consolidation, correlation, reporting and monitoring for Windows, UNIX and SNMP systems from a single console. EventTracker helps meet audit compliance and enhances security. It provides unattended enterprise-wide event log management allowing you to consolidate event logs across platforms, correlate event occurrences, and perform in-depth event log analysis and reporting for tens of millions of events a day.

For more information and to download free trials visit www.ultimatewindowssecurity.com/et.

Until next month, happy patching! Don't forget about the NLI coupon code for saving $100 on Security Log Secrets Interactive Edition. The coupon code expires in 7 days.

Regards,
Randy Franklin Smith
CISA, SSCP, Microsoft Security VIP
CEO, Monterey Technology Group, Inc.

============================================
Subscribe, Unsubscribe and Usage Information
============================================

- subscribe to this newsletter
- unsubscribe from this newsletter
- usage information

If you've received this message as a forward from a friend, or are reading it online in the archives, you can sign up for your own newsletter subscription.

Also, if you want to unsubscribe, you can do that too (but we'll be sad to see you go).

You can use this information as you see fit, but if you're going to copy any portion, please FORWARD THE ENTIRE email.

While Monterey Technology Group, Inc. tries to ensure that all information is technically accurate, we make no warranty with regard to the information within. Please use at your own risk.

If you need personalized attention in any way, just email me: mailto:rsmith@montereytechgroup.com. I endeavor to respond to everyone who emails.

Thanks for reading!

List address: MonthlySecurityTip@ultimatewindowssecurity.com
Subscribe: MonthlySecurityTip-subscribe@ultimatewindowssecurity.com
Unsubscribe: MonthlySecurityTip-unsubscribe@ultimatewindowssecurity.com

 

Additional Links

A
D
V

Get Randy's Security Log Resource Kit

Sick of LimitLogin? Get UserLock for real logon control

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map