Information Security Bulletin

ALERT: Microsoft Security Bulletin Scam

29 Aug 11:37

Websense Security Labs has received reports of a new wave of email scams disguised as Microsoft Security Bulletins. Users receive an email message which urges the immediate installation of a cumulative security patch for the "plug and play" vulnerability. Although the Microsoft patch number is similar to a previous alert issued in June, the website and the code that gets downloaded and installed are different.

Upon visiting the site and running the code the user is infected with a password stealing Trojan Horse.

Email message:
Microsoft Security Bulletin MS05-039

Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)

Summary:
Who should receive this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution and Local Elevation of Privilege Maximum Severity Rating: CRITICAL
Recommendation: Customers should apply the update immediately.

Security Update Replacement: None

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:
Microsoft Windows 2000 Service Pack 4 - Download the update. Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 - Download the update. Microsoft Windows XP Professional x64 Edition - Download the update. Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 - Download the update. Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems - Download the update. Microsoft Windows Server 2003 x64 Edition - Download the update

Non-Affected Software:
Microsoft Windows 95

Executive Summary:
This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs view, change, or delete data or create new accounts with full user rights.

Conclusion: We recommend that customers apply the update immediately.

Related links: (Open in a new window.)
www.websensesecuritylabs.com/alerts/alert.php?AlertID=591
www.websensesecuritylabs.com/alerts/alert.php?AlertID=534

View printable version (opens in new window)
Back

Search ISB News:

Not yet sure you want to subscribe? Download a free sample copy!

Download the much quoted October Editorial

Portal Frontpage
Web Editorial
About This Portal
Contact Info

IS Alerts
General News
Product News
Vendor News
People News
Literature
Events
CHI News

Subscribe Online
About ISB
Publishing in ISB
Advertising in ISB
PR Information

In the current issue:

Security Management
The Importance of Adaptability
Steve Purser

From the Trenches
Reversing Perimeter Defences – a Case Study
Søren Maigaard

Security Architectures
The Self Defending Network: New Trends In ICT Security Infrastructures
Drs. Ing. René Pluis

Subscribe Online!