February 28, 2008
New Skype-Based Applications Enhance Call Center Deployment Flexibility & Reduce Costs
FREMONT, Calif. and SUNNYVALE, Calif., — AltiGen Communications, Inc. and VoSKY today announced a partnership bringing advanced Skype-based applications and cost savings to AltiGen’s Voice over Internet Protocol (VoIP) solutions for call centers. The addition of the VoSKY Exchange VoIP application gateway to AltiGen’s complete line of VoIP Phone Systems will equip call centers with a new remote agent, Web Click2Call, VoIP trunking and global direct inward dial (DID) functionality utilizing Skype, the world’s largest VoIP network.
“This partnership adds a series of industry-first features to our VoIP call center platform that will give our customers useful new call handling abilities as well as further lower their telecom costs,” said Jeremiah Fleming, AltiGen president and COO. “The ability of VoSKY Exchange to route Skype calls through our VoIP business phone system marks yet another milestone in our efforts to deliver innovative new business solutions for the VoIP era.”
VoSKY Exchange is a Skype-certified plug-and-play rackmount appliance that adds enhanced Skype-based VoIP applications as well as Skype trunks to AltiGen’s complete line of VoIP Phone Systems through analog FXS ports, eliminating the need to use PCs or headsets for Skype calls. When deployed as part of an AltiGen call center solution, VoSKY Exchange offers four key enhancements to AltiGen’s robust call routing and management capabilities. These include:
– Skype Remote Agent: Allows remote agents to be added to the system in minutes and supported at virtually no cost. Incoming calls can now be routed for free via the Skype network to remote agents using the free Skype client on their computers. Utilizing AltiGen’s ExtensionAnywhere feature, remote Skype agents will have the same control and access to AltiGen PBX functionalities as an onsite call center agent. The use of Skype also assures consistently good voice quality over the public Internet. — Web Click2Call: Enables visitors to a company’s website to place free Skype calls to a corporate or third-party call center with the click of a button. VoSKY Exchange will route the call to the appropriate queue in the AltiGen call center system over Skype, reducing the company’s toll-free/800 phone number costs. Web Click2Call also helps increase online sales conversion rates by allowing customers to communicate with agents in real time. — Skype Trunking: Provides a low-cost solution for outbound calls that leverages Skype Pro, a $3 per month domestic flat rate plan, and SkypeOUT international long-distance rates as low as 2.2 cents per minute. These packages allow users to save 90% or more on US/Canada calls and 50% or more on international calls with no contracts or setup fees. — Global Direct Inward Dial (DID): Allows businesses to set up local access numbers outside of their cities, states or countries for incoming customer calls. This feature enables companies to create a local market presence anywhere in the world as well as reduce toll- free/800 phone number costs by allowing customers to use phone numbers close to home.
“Skype has opened up new possibilities for enhancing business communications, and AltiGen quickly recognized the potential of our Skype-to-PBX application gateway to bring innovative capabilities to VoIP-based call centers,” said David Tang, VoSKY vice president of Global Marketing. “This partnership is the first to take full advantage of Skype’s flexibility, low cost and superior voice quality in a call center environment.”
VoSKY Exchange is available immediately as an add-on to AltiGen’s call center platform. The combined AltiGen and VoSKY solution is available through Jenne Distributors (http://www.jenne.com).
About VoSKY
VoSKY is a leading developer of innovative Voice over Internet Protocol (VoIP) solutions that simplify and enhance the use of Skype, the world’s largest VoIP network. The company’s flagship product is VoSKY Exchange, a family of enterprise-grade PBX-to-Skype application gateways that allow companies to connect their existing phone systems to the Internet to optimize Skype for the business environment. VoSKY Exchange application gateways seamlessly integrate with existing TDM or IP PBX phone systems to deliver business-class applications that enable small-to-medium size businesses (SMBs) and enterprises to reduce communications costs and improve productivity. All VoSKY products have received Skype certification. With distribution in over 20 countries, VoSKY’s principal office is located in Sunnyvale, CA, and maintains branch offices in Colorado Springs, CO; Basingstoke, United Kingdom; Beijing, China; Bogota, Colombia; Shanghai, China; and Taipei, Taiwan. VoSKY is a wholly owned subsidiary of Actiontec Electronics. For more information please visit the VoSKY website at http://www.vosky.com.
About AltiGen Communications
AltiGen Communications, Inc. is a leading provider of VoIP business phone systems and Microsoft-based Unified Communications solutions for small-to-medium businesses (SMBs), including companies with multiple distributed locations, branch offices and call centers. AltiGen’s scalable, integrated, and easy to manage all-in-one unified communications solutions enable an array of applications like standards based SIP VoIP phones and servers, unified messaging, voicemail, call recording, conferencing, call activity reporting and mobility solutions that leverage both the Internet and the public telephone network to take advantage of the convergence of voice and data communications. AltiGen’s systems are designed with an open architecture and are built on an industry standard platform. This adherence to widely used standards allows products to integrate with and leverage the existing technology investment of partners and customers. For more information, call 1-888-ALTIGEN or visit the website at http://www.altigen.com.
Leave a Comment » | 
Altigen, PBX, Phone System, Skype, VoIP Phone, VoSky | Tagged: Allentown, Altigen, business telephone Allentown PA, business telephone DE, business telephone Delaware, business telephone Harrisburg PA, business telephone Lancaster PA, business telephone New Jersey, business telephone NJ, business telephone NYC, business telephone Philadelphia, business telephone York PA, call center phone system Allentown PA, call center phone system DE, call center phone system Delaware, call center phone system Harrisburg PA, call center phone system Lancaster PA, call center phone system New Jersey, call center phone system NJ, call center phone system NY, call center phone system NYC, call center phone system Philadelphia, call center phone system York PA, call recording Allentown PA, call recording DE, call recording Delaware, call recording Harrisburg PA, call recording Lancaster PA, call recording New Jersey, call recording NJ, call recording NY, call recording NYC, call recording Philadelphia, call recording York PA, call tracking phone system Allentown PA, call tracking phone system DE, call tracking phone system Delaware, call tracking phone system Harrisburg PA, call tracking phone system Lancaster PA, call tracking phone system New Jersey, call tracking phone system NJ, call tracking phone system NY, call tracking phone system NYC, call tracking phone system Philadelphia, call tracking phone system York PA, DE, Delaware, hosted phone system Allentown PA, hosted phone system DE, hosted phone system Delaware, hosted phone system Harrisburg PA, hosted phone system Lancaster PA, hosted phone system New Jersey, hosted phone system NJ, hosted phone system NYC, hosted phone system Philadelphia, hosted phone system York PA, hosted voip Allentown PA, hosted voip DE, hosted voip Delaware, hosted voip Harrisburg PA, hosted voip Lancaster PA, hosted voip New Jersey, hosted voip NJ, hosted voip NYC, hosted voip Philadelphia, hosted voip York PA, ip pbx Allentown PA, ip pbx DE, ip pbx Delaware, ip pbx Harrisburg PA, ip pbx Lancaster PA, ip pbx New Jersey, ip pbx NJ, ip pbx NYC, ip pbx Philadelphia, ip pbx York PA, Microsoft exchange phone system Allentown PA, Microsoft exchange phone system DE, Microsoft exchange phone system Delaware, Microsoft exchange phone system Harrisburg PA, Microsoft exchange phone system Lancaster PA, Microsoft exchange phone system New Jersey, Microsoft exchange phone system NJ, Microsoft exchange phone system NY, Microsoft exchange phone system NYC, Microsoft exchange phone system Philadelphia, Microsoft exchange phone system York PA, Microsoft phone system Allentown PA, Microsoft phone system DE, Microsoft phone system Delaware, Microsoft phone system Harrisburg PA, Microsoft phone system Lancaster PA, Microsoft phone system New Jersey, Microsoft phone system NJ, Microsoft phone system NY, Microsoft phone system NYC, Microsoft phone system Philadelphia, Microsoft phone system York PA, multi branch phone system Allentown PA, multi branch phone system DE, multi branch phone system Delaware, multi branch phone system Harrisburg PA, multi branch phone system Lancaster PA, multi branch phone system New Jersey, multi branch phone system NJ, multi branch phone system NY, multi branch phone system NYC, multi branch phone system Philadelphia, multi branch phone system York PA, New Jersey, New York, NJ, NY, NYC, PA, PBX, pbx Allentown PA, pbx DE, pbx Delaware, pbx Harrisburg PA, pbx Lancaster PA, pbx New Jersey, pbx NJ, pbx NYC, pbx Philadelphia, pbx York PA, Pennsylvania, Philadelphia, Phone System, Phone System Allentown PA, phone system call monitoring Allentown PA, phone system call monitoring DE, phone system call monitoring Delaware, phone system call monitoring Harrisburg PA, phone system call monitoring Lancaster PA, phone system call monitoring New Jersey, phone system call monitoring NJ, phone system call monitoring NY, phone system call monitoring NYC, phone system call monitoring Philadelphia, phone system call monitoring York PA, phone system conference calls Allentown PA, phone system conference calls DE, phone system conference calls Delaware, phone system conference calls Harrisburg PA, phone system conference calls Lancaster PA, phone system conference calls New Jersey, phone system conference calls NJ, phone system conference calls NY, phone system conference calls NYC, phone system conference calls Philadelphia, phone system conference calls York PA, Phone System DE, Phone System Delaware, Phone System Harrisburg PA, Phone System Lancaster PA, Phone System New Jersey, Phone System NJ, Phone System NYC, Phone System Philadelphia, Phone System York PA, SIP, SIP phone system Allentown PA, SIP phone system DE, SIP phone system Delaware, SIP phone system Harrisburg PA, SIP phone system Lancaster PA, SIP phone system New Jersey, SIP phone system NJ, SIP phone system NY, SIP phone system NYC, SIP phone system Philadelphia, SIP phone system York PA, SIP Trunking Allentown PA, SIP Trunking DE, SIP Trunking Delaware, SIP Trunking Harrisburg PA, SIP Trunking Lancaster PA, SIP Trunking New Jersey, SIP Trunking NJ, SIP Trunking NY, SIP Trunking NYC, SIP Trunking Philadelphia, SIP Trunking York PA, Skype, supervise phone calls Allentown PA, supervise phone calls DE, supervise phone calls Delaware, supervise phone calls Harrisburg PA, supervise phone calls Lancaster PA, supervise phone calls New Jersey, supervise phone calls NJ, supervise phone calls NY, supervise phone calls NYC, supervise phone calls Philadelphia, supervise phone calls York PA, telephone system Allentown PA, telephone system DE, telephone system Delaware, telephone system Harrisburg PA, telephone system Lancaster PA, telephone system New Jersey, telephone system NJ, telephone system NYC, telephone system Philadelphia, telephone system York PA, voicemail to email phone system Allentown PA, voicemail to email phone system DE, voicemail to email phone system Delaware, voicemail to email phone system Harrisburg PA, voicemail to email phone system Lancaster PA, voicemail to email phone system New Jersey, voicemail to email phone system NJ, voicemail to email phone system NY, voicemail to email phone system NYC, voicemail to email phone system Philadelphia, voicemail to email phone system York PA, VoIP, voip Allentown PA, voip DE, voip Delaware, voip Harrisburg PA, voip Lancaster PA, voip New Jersey, voip NJ, voip NYC, voip pbx Allentown PA, voip pbx DE, voip pbx Delaware, voip pbx Harrisburg PA, voip pbx LancasterPA, voip pbx New Jersey, voip pbx NJ, voip pbx NYC, voip pbx Philadelphia, voip pbx York PA, voip Philadelphia, voip York PA, VoSky | 
Permalink
Posted by bardissi
February 15, 2008
I’m pleased to let you know that Dell has announced the intent to buy MessageOne, a leading provider of SaaS e-mail continuity, compliance and archiving solutions. The acquisition is subject to certain closing conditions.
We are very excited about the prospect of helping our customers and partners address an increasingly common IT pain point: email continuity, security, archiving and e-discovery. Effective email continuity and compliance have grown to be key issues in this era of heightened legal scrutiny and increasingly mobile and distributed workers. Very simply, email has become the most ubiquitous application for companies of all sizes, with potential to impact revenue, reputation and on-going business continuity.
MessageOne provides a better way to address e-mail continuity, security and archiving, leveraging a proven Software as a Service (SaaS) model that simplifies management, reduces infrastructure costs, and enables rapid deployment and provisioning. MessageOne solutions are the industry leaders in helping eliminate downtime by, for example, ensuring seamless continuity of Outlook and wireless messaging systems even when Exchange and Active Directory are down.
MessageOne is a great fit with Dell’s partner strategy and directly complements our other recent acquisitions in, providing an additional building block in our portfolio of SaaS-enabled configurable IT services. Our intent upon close is to make the MessageOne solutions available as both a Dell product and on a white-labeled basis by certified channel partners.
Thanks for your continued support.
Leave a Comment » | 
Dell, MessageOne | Tagged: Dell, MessageOne | 
Permalink
Posted by bardissi
February 15, 2008
These new releases for our Firebox X Core, Peak, and Edge UTM appliances include extensive enhancements to the appliance and management software, providing you broader security, greater flexibility and interoperability, and better visibility into the network.
Here’s what’s in version 10 for you:
New solutions for Remote Access, Monitoring, Authentication, and Voice
- Integrated SSL VPN on the appliance. Secure remote access via an SSL VPN thin client
- SNMPv3 support. Secures device communications, with fallback to SNMPv2
- Single sign-on. Transparent Firebox Authentication via Active Directory
- Protocol support for VoIP and video conferencing. One of the most-requested new features
Improvements to proxy-based security subscriptions
- New virus outbreak detection in spamBlocker. Adds another powerful layer of malware protection for the network
- Enhanced IPS signature set and engine. Technology behind a Gateway AV/IPS subscription gets faster and stronger
- HTTPS in WebBlocker, and 54 category support. More specific surfing restrictions increase productivity and protection
- Expanded quarantine to include AV. Email caught by antivirus engine can be quarantined for later administrator review
More robust logging and reporting
- New reporting. Faster and more flexible, with a great new look and feel
Bug fixes
Fireware version 10 includes numerous bug fixes, resolved issues, and stability enhancements. Of particular interest to users, Fireware version 10 also fixes a defect in our implementation of PPTP support in Fireware. WatchGuard’s authentication service for PPTP returned one type of error when a login attempt failed due to a bad user name, and returned another type of error when a login failed due to a bad password. This opened up the possibility of a user name guessing attack against the PPTP server. We have changed the server so that login failures due to bad user names and bad passwords can no longer be distinguished from one another. We thank Luke Jennings of MWRInfosec for bringing this to our attention.
If you have further questions about this bug or security concerns about any of WatchGuard’s products, please contact:
Steve Fallin
Director, Rapid Response Team
Product Manager, LiveSecurity
+1 206.521.8373
Does this release pertain to me?
There are important things to understand before you get started using version 10, especially related to WebBlocker, the new logging and reporting server, and our support for VoIP protocols. Refer to the Release Notes and the FAQ before you upgrade.
Fireware and Firebox Edge e-Series users
Fireware and Edge users benefit from the many enhancements described above. Follow the upgrade instructions in the Release Notes to complete the upgrade.
WatchGuard Firebox System users
If you are running WFS appliance software on your Firebox X Core or Firebox III, you can install WFS 7.5 using this package. If you previously installed WFS 7.5, there is no need to upgrade with this release. There are no changes to WFS since the previous release in April, 2007. If you are running a version older than 7.5 and wish to upgrade, please follow the upgrade instructions in the Release Notes.
For legacy WFS users with Firebox III and Firebox X Core devices who want to maintain use of VPN Manager and Basic DVCP, a stand-alone package (WSM 7.5) has also been posted for download.
How do I get the release?
Firebox X Peak, Core, and Firebox III owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Software Center web page, which also includes clear installation instructions. As always, if you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)
3 Comments | Business Computer Support, Computer Security, Network Infrastructure, Non-Profit Technology, Watchguard | Permalink
Posted by bardissi
February 15, 2008
Cisco Wednesday issued two separate security alerts concerning its unified communications products – the third UC-related alert of this year. One of the alerts issued this week concern flaws in Cisco’s Unified IP Phone models, specifically related to the company’s Skinny Call Control Protocol (SCCP, or “Skinny”) and Session Initiation Protocol (SIP), while the other relates to an SQL Injection attack that could affect Cisco’s Unified Communications Manager – formerly CallManager.
According to Cisco, a number of its IP phones contain multiple overflow and denial-of-service vulnerabilities. Certain phones running SCCP and/or SIP firmware are vulnerable (see the list at the Cisco advisory). SCCP- and SIP-based phones contain a buffer overflow vulnerability in the handling of DNS responses. A specially-crafted DNS response may be able to trigger a buffer overflow and execute arbitrary code on a vulnerable phone, says Cisco. The hole is fixed in SCCP firmware version 8.0(8) and SIP firmware version 8.8(0).
Cisco outlined three vulnerablities that affect certain SCCP devices: a large Internet Control Message Protocol (ICMP) Echo Request DOS, which can cause a vulnerable device to reboot by sending a large ICMP echo request packet; an HTTP Server DOS problem that could cause certain phones to reboot by sending a specially crafted HTTP request to TCP port 80; and a Secure Shell (SSH) flaw in other Cisco phones that could cause the phones to reboot if an unauthenticated attacker sent a specially crafted packet to port 22.
There are also three vulnerabilities affecting Cisco’s SIP devices: a SIP Multipurpose Internet Mail Extensions (MIME) boundary overflow; a Telnet Server overflow, and a SIP Proxy Response overflow.
The company also warned that its Unified Communications Manager is vulnerable to an SQL Injection attack in the parameter key of the admin and user interface pages. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database, according to this Cisco advisory. Cisco has released free software updates that address this vulnerability.
In January, Cisco warned that its Cisco Unified Communications Manager contains a heap overflow vulnerability in the Certificate Trust List that could allow a hacker to cause a denial-of-service attack or execute arbitrary code.
Leave a Comment » | 
Business Computer Support, Cisco, Computer Security, Network Infrastructure, Non-Profit Technology, VoIP Phone | Tagged: SIP, Unified Communications Manager, Vulnerability | 
Permalink
Posted by bardissi
February 12, 2008
Severity: Medium
12 February, 2008
Summary:
- These vulnerabilities affect: Internet Information Services 7 and earlier
- How an attacker exploits them: By modifying a file in a root directory; or by sending maliciously crafted ASP input
- Impact: Elevation of privilege. A local user could take over a computer; a remote attacker could become a low-privileged user
- What to do: Deploy the appropriate IIS patches at your earliest convenience
Exposure:
Microsoft’s two security bulletins detail vulnerabilities found in Internet Information Services (IIS) versions 5.1, 6.0, and 7. Each bulletin describes a security vulnerability in IIS, but in both cases, common administrative practices blunt the likelihood of a successful exploit, or make the attacker expend a lot of effort for a low-yield result. For those reasons, Microsoft has rated the severity of each security flaw as Important, but not Critical. We briefly recap the bulletins below.
MS08-005: File Change Notification Vulnerability
IIS suffers from a problem in the way it handles files in three root-level folders (specifically, FTPRoot, NNTPFile\Root, and WWWRoot). If an attacker can successfully upload a script and execute it in one of these directories, he might be able to take over the IIS server. However, to exploit the vulnerability, the attacker would need login credentials to the victim server, and he would need write access to the vulnerable folders — which, by default, are not configured to grant write access (at least in XP SP2 and Windows Server 2003). Very few real-world scenarios meet those conditions.
Microsoft rating: Important.
MS08-006: ASP Vulnerability
An Active Server Page (ASP) is really just an HTML page that contains scripts, which the Web server executes before sending the page to a user’s browser. Web developers use ASP commonly to implement anything a Web page displays that should change dynamically; for instance, date and time. Many ASP pages are also forms, where users are allowed to input data. A flaw in the way IIS handles such input could allow an attacker to trigger the flaw in ASP. However, all he gets for his trouble is an elevation of privilege from a guest user to a low-privileged authenticated user. Further reducing the impact of this threat: It doesn’t work on Vista, and it doesn’t work in IIS 7. And on Windows Server 2003, if you disable classic ASP, the exploit is not possible.
Microsoft rating: Important.
Solution Path
Microsoft has released patches for IIS to correct these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network at your earliest convenience.
Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft recommends that you migrate to supported versions, thus preventing potential exposure to vulnerabilities. You can learn more about Microsoft’s Product Life-Cycle here.
MS08-005:
MS08-006:
Note: Windows 2000 SP 4, Vista, and Server 2008 are not affected
For All WatchGuard Users:
Attempts to exploit these flaws must come through port 80. If your users need to access the World Wide Web, you must leave this port open. In the case of the File Change Notification vulnerability, one possible attack vector is local, which means the attack probably would not pass through your gateway firewall at all. For these reasons, your best defense is to apply the patches above.
Status:
Microsoft has released patches correcting these issues.
References:
1 Comment | Business Computer Support, Computer Security, Microsoft, Watchguard, Windows 2000, Windows NT, Windows Server 2003, Windows Vista, Windows XP | Permalink
Posted by bardissi
February 12, 2008
Severity: High
12 February, 2008
Summary:
- These vulnerabilities affect: Many current versions of Microsoft Office for Windows (MS08-013 affects OS X, too) and Microsoft Works and Works Suite
- How an attacker exploits them: By enticing you to open maliciously crafted Office documents
- Impact: An attacker can execute code, potentially gaining complete control of your computer
- What to do: Install the appropriate Office or Works patches immediately.
Exposure:
Today, Microsoft released four security bulletins describing seven vulnerabilities found in components or programs that ship with Microsoft Office for Windows (and in one case, Office 2004 for Mac). Some of the vulnerabilities also affect Microsoft Works and Works Suite. Each vulnerability affects different versions of Office to a different extent. The seven flaws affect different components and applications within Office, but the end result is always the same. By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit any of these vulnerabilities to execute code on a victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privilege, the attacker gains full control of the user’s machine. One of the vulnerabilities (MS08-013) allows an attacker to gain complete control of a vulnerable machine immediately.
An attacker can exploit these flaws using just about any Office document. While three of Microsoft’s bulletins specifically mention Word (.doc), Works (.wps) and Publisher (.pub) files, the fourth bulletin only generally mentions, “Office files,” which could refer to any Office document type, including Excel. So beware of all unexpected Office documents.
If you’d like to learn more about each individual flaw, drill into the “Vulnerability Details” section of the security bulletins listed below:
- MS08-009: Word Memory Corruption Vulnerability, rated Critical
- MS08-011: Three Works Vulnerabilities, rated Important
- MS08-012: Two Publisher Vulnerabilities, rated Critical
- MS08-013: Office Remote Code Execution Vulnerability, rated Critical.
In January, Microsoft also released an early advisory warning customers of a zero day vulnerability in Microsoft Excel, which attackers are exploiting in targeted attacks. Surprisingly, Microsoft has not released a security update to patch that zero day Excel vulnerability. Even if you apply all of today’s Office patches, you should still inform your users to remain suspicious of unexpected Excel documents.
Solution Path
Microsoft has released patches for Office and Works to correct all of these vulnerabilities (except for the zero day Excel vulnerability mentioned in the previous paragraph). You should download, test, and deploy the appropriate patches throughout your network immediately.
MS08-009:
MS08-011:
- Office 2003, Works 8.0, and Works Suite 2005
MS08-012:
MS08-013:
For All WatchGuard Users:
While you can configure some of WatchGuard’s Firebox models to block all Office documents, most organizations need to allow Office documents in order to conduct business. Blocking them could bring your business to a halt. Therefore, the patches are your best recourse. That said, Microsoft still hasn’t patched one particular zero day Excel vulnerability. You may want to temporarily block .XLS files until Microsoft patches that flaw.
If you want to block any Office documents, follow the links below for instructions on using your Firebox proxies’ content blocking features:
- Firebox X Edge running 8.5
- Firebox III and X Core running WFS
- Firebox X Core and X Peak running Fireware Pro
Status:
Microsoft has released patches correcting these issues.
References:
Leave a Comment » | Apple, Apple Leopard, Apple Safari, Apple Tiger, Business Computer Support, Computer Security, Home Computer Support, Mac, Microsoft, Microsoft Office 2003, Microsoft Word, Network Infrastructure, Non-Profit Technology, OS X, Office 2007, Student Computing, Windows NT, Windows Server 2003, Windows Vista, Windows XP | Permalink
Posted by bardissi
February 12, 2008
12 February, 2008
Summary:
- These vulnerabilities affect: All current versions of Windows
- How an attacker exploits them: Multiple vectors of attack, including sending specially crafted packets or enticing your users to malicious Web pages
- Impact: Various results. In the worst case, attacker can gain complete control of your Windows computer
- What to do: Install the appropriate Microsoft patches immediately
Exposure:
Today, Microsoft released four security bulletins describing vulnerabilities that affect Windows and components shipping with it. Each vulnerability affects different versions of Windows to a different extent. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PCs. The summary below lists the vulnerabilities in order from highest to lowest severity.
MS08-007: WebDAV Heap Buffer Overflow Vulnerability
Web Distributed Authoring and Versioning (WebDAV) is a set of extensions to the HTTP protocol allowing you to manage and publish content to your Web server remotely, using TCP port 80. Windows ships with the Web Client service to support WebDAV, and most versions of Windows (except Server 2003) enable this service by default. The Web Client service suffers from a heap buffer overflow vulnerability involving the way it handles maliciously crafted WebDAV responses. By sending such a response to a vulnerable Windows computer, a remote attacker could exploit this vulnerability to gain complete control of that machine. All Windows machines are vulnerable to this flaw; however, it poses the greatest threat to your Windows web servers. Since this attack occurs over port 80, and you must give external users port 80 access so that they can reach your Web site, your Windows system Web servers suffer the greatest risk of attack.
Microsoft rating: Critical.
MS08-008: OLE Heap Buffer Overflow Vulnerability
According to Microsoft, Object Linking and Embedding (OLE) Automation is a Windows protocol that allows an application to share data or to control another application. For example, OLE is the technology that allows you to add special object links, such as pictures and movies, to your Microsoft documents. The Windows OLE component suffers from a buffer overflow vulnerability. By luring one of your users to a malicious Web page, an attacker can exploit this flaw to execute code on that user’s computer, with that user’s privileges. If your users have local administrative privileges, an attacker could then leverage this vulnerability to gain complete control of their PCs. The affected OLE components also ship with Microsoft Visual Basic 6.0 and Microsoft Office 2004 for Mac, so they are vulnerable to this flaw as well.
Microsoft rating: Critical.
MS08-003: Active Directory Denial of Service Vulnerability
Active Directory is the Windows component that provides central authentication and authorization services for Windows computers. Active Directory runs on Windows servers, but also on Windows clients as the Active Directory Application Mode (ADAM) service. Microsoft’s security bulletin warns of an unspecified Denial of Service (DoS) vulnerability involving the way Active Directory handles specially crafted LDAP packets. By sending a malicious LDAP request, a remote attacker could exploit this vulnerability to cause your Windows computer to lock up or to reboot. The attacker could repeatedly exploit this vulnerability to keep your Windows machines offline for as long as he could sustain this attack. However, most administrators don’t allow LDAP traffic (TCP ports 389 and 3268) through their perimeter firewall. Therefore, this vulnerability primarily poses an internal threat.
Microsoft rating: Important.
MS08-004: Denial of Server Vulnerability in Vista DHCP Response Handling
Windows Vista suffers from an unspecified Denial of Service (DoS) vulnerability involving the way it handles specially crafted DHCP response packets. By sending a malicious DHCP response packet to a vulnerable Vista machine, a remote attacker could exploit this vulnerability to cause that machine to lock up or to reboot. The attacker could repeatedly exploit this vulnerability to keep the victim’s machine offline for as long as he could sustain this attack. Since DHCP traffic doesn’t typically pass through perimeter firewalls, this vulnerability primarily poses an internal threat.
Microsoft rating: Important.
Solution Path
Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions to prevent potential exposure to vulnerabilities. You can learn more about Microsoft’s extended security update support at its Product Support Services Web site.
MS08-007:
Doesn’t affect Windows 2000, Vista w/SP1, or Server 2008
MS08-008:
MS08-003:
Doesn’t affect Windows 2000, Vista w/SP1, or Server 2008
MS08-004:
For All WatchGuard Users:
WatchGuard Fireboxes, by default, reduce the risks presented by some of these vulnerabilities. However, attackers would exploit most of them locally, without passing traffic through your firewall. For that reason, we urge you to apply the patches above.
Status:
Microsoft has released patches correcting these issues.
References:
Leave a Comment » | Business Computer Support, Computer Security, Microsoft, Network Infrastructure, Windows Server 2003, Windows Vista | Permalink
Posted by bardissi
February 12, 2008
Severity: High
12 February, 2008
Summary:
- This vulnerability affects: Internet Explorer 7 and earlier versions
- How an attacker exploits it: By enticing one of your users to visit a malicious Web page
- Impact: In the worst case, the attacker an execute code on your user’s computer, gaining complete control of it
- What to do: Deploy the appropriate Internet Explorer patches immediately
Exposure:
In a security bulletin released today as part of its monthly patch update, Microsoft describes four memory corruption vulnerabilities in Internet Explorer (IE) versions 5.01, 6.0, and 7.0. Though they differ technically, all four vulnerabilities share the same general characteristics: IE doesn’t properly handle certain HTML objects, properties, or image files, which causes memory corruption. By luring one of your users into visiting a maliciously crafted Web page, an attacker can exploit one of these memory corruption vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges. In that case, the attacker could gain complete control of the victim’s computer.
In addition to fixing these four newly announced flaws, today’s Internet Explorer patch also fixes all previously known flaws.
Solution Path:
These patches fix serious issues. You should download, test, and deploy the appropriate IE patches as soon as possible.
For All WatchGuard Users:
These attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.
Status:
Microsoft has released patches to fix these vulnerabilities.
References:
1 Comment | Business Computer Support, Computer Security, Home Computer Support, Internet Explorer, Microsoft, Non-Profit Technology, Student Computing, Watchguard | Tagged: Internet Explorer, Microsoft, Windows | Permalink
Posted by bardissi
February 12, 2008
Severity: High
11 February, 2008
Summary:
- These vulnerabilities affect: OS X 10.4.11(Tiger) and OS X 10.5.x (Leopard), both client and server versions
- How an attacker exploits them: Multiple vectors of attack, including enticing one of your users into visiting a malicious web site
- Impact: Various results. In the worst case, attacker executes code on your user’s computer, with your users privileges
- What to do: OS X 10.4.11 users should install Security Update 2008-001. OS X 10.5.x users should install version 10.5.2
Exposure:
Today, Apple released a security update fixing over 11 security issues in software packages that ship as part of OS X, including Mail, Launch Services, and Samba. Many of these vulnerabilities allow attackers to execute any code they choose on your OS X machines, so we rate this update Critical. Apply it as soon as you can. Some of the fixed vulnerabilities include:
- Foundation memory corruption vulnerability. Foundation is an OS X component that helps Safari handle and web pages and URLs. According to Apple, Foundation suffers from an unspecified security vulnerability involving how it handles maliciously crafted URLs. If an attacker can entice one of your users into visiting a malicious URL, he could exploit this vulnerability to execute code on the user’s computer, with that user’s privileges. Furthermore, the attacker could then leverage another vulnerability described in Apple’s alert to elevate this privilege and gain complete control of your user’s computer.
- Mail security vulnerability allows attackers to execute code. Mail is the email client that ships with OS X. Mail suffers from an unspecified implementation flaw involving the way it handles certain types of URLs (specifically, the file:// URL). If an attacker can entice one of your users into clicking a specially crafted URL within an email message, he can exploit this flaw to execute code on that user’s computer without any further user interaction. By default, the attacker would only execute code with that user’s privileges. However, he could then leverage another vulnerability from Apple’s alert to gain complete control of your user’s computer.
- Samba buffer overflow vulnerability. Samba — the OS X component that allows Mac computers to handle Windows shares — suffers from a stack-based buffer overflow vulnerability. By sending a specially crafted NetBIOS Name Service request, an attacker could exploit this vulnerability to either crash Samba, or to execute code on your Macintosh computers. Apple’s alert doesn’t specify what privileges an attacker gains when exploiting this vulnerability. However, even if the attacker gains basic user privileges, he could exploit other vulnerabilities described in Apple’s alert to gain complete control of your OS X computers.
Apple’s alert includes over eight more flaws, including more code execution flaws besides the ones described above. The remaining vulnerabilities also include Denial of Service (DoS) flaws, an elevation of privilege flaw, and an information disclosure vulnerability, plus others. Components patched by this security update include:
| Directory Services |
Foundation |
| Launch Services |
Mail |
| NFS |
Open Directory |
| Parental Controls |
Samba |
| Terminal |
X11 |
Refer to Apple’s alert for more details.
Solution Path:
Apple has released updates to fix these vulnerabilities for both OS X 10.4.11 and 10.5.x. Apple OS X administrators should download, test, and deploy the appropriate updates as soon as possible.
Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend you let OS X’s Software Update utility automatically pick the correct update for you.
For All Users:
These flaws support diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). The most secure course of action is to install the updates.
Status:
Apple released updates to fix these issues.
References:
Leave a Comment » | Apple, Apple Leopard, Apple Safari, Apple Tiger, Business Computer Support, Computer Security, Home Computer Support, Mac, Student Computing | Tagged: Apple, Leopard, Mac, OS X, Security Updates, Tiger | Permalink
Posted by bardissi
