Microsoft Releases SNMP Patches
Microsoft recently released patches (last updated Feb. 15, 2002) for its Windows 2000 and Windows XP operating systems in response to the latest round of vulnerabilities discovered surrounding SNMP. The Windows implementation of SNMP contained an unchecked buffer, which could enable an attacker to execute arbitrary code or cause a denial of service. All Windows platforms are affected except for Windows ME, which does not include SNMP as part of the default operating system installation. Patches for Windows 95/98/NT are still in the works.
Free SNMP Vulnerability Detection Tools Released
The SANS Institute and the Center for Internet Security joined the National Security Agency (NSA) in releasing free software tools and benchmark guidelines that can be used to detect SNMP vulnerabilitities. These tools aid in detecting a wide range of SNMP vulnerabilities and can be used to beef up the security of Cisco routers. You may obtain the SNMP vulnerability testing tool and the CISCO benchmark data tools from the Center For Internet Security website.
National Cyber Security Alliance Unveils STAY SAFE Online Website
The National Cyber Security Alliance, a unique partnership between the federal government and leading private sector companies, has developed a new web site, http://www.staysafeonline.org, to help educate citizens on cyber security. The site contains tips on how to safeguard home or small business computers, as well as a number of additional security resources.
Previous Tech Alerts: 02/20/02 Email Address Belonging to Legitimate Security Site Hijacked to Deliver Dangerous Yarner Worm 02/15/02 Mass Mailing Email Worm Compromises Word 2000 Security Settings 02/13/02 SNMP VULNERABILITY 02/07/02 Bloodhound Mass Mailing Worm and Managing Risks in Wireless Networks 02/04/02 Microsoft Issues Collection of Security Fixes for Windows 2000 01/31/02 Copycat Virus Unleashed 01/30/02 Netscape Browser Vulnerable to Cookie Theft 01/28/02 "My Party" Mass Mailing Worm 01/18/02 IT Contingency Planning Guide, Information Security Checklist and Solaris Vulnerability 01/15/02 Trojan.StartPage Alters Web Browsers 01/12/02 New Internet Worm Gigger Masquerades as Microsoft Outlook Upgrade
01/08/02 Microsoft Universal Plug and Play Vulnerability 12/20/01 Holiday Themed Computer Virus Unleashed
BankersOnline is a free service made possible by the generous support of our
advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all
banking professionals. Support our advertisers and sponsors by clicking
through to learn more about their products and services.