PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

St. Bernard's Very Best Offer on Web Filtering

http://www.stbernard.com/forms/quickquote/quote_ip_q406_2WaysSave.asp?oc=592

The Starter PKI Program

http://www.windowsitpro.com/go/whitepapers/thawte/pki?code=SECMid1213

Manage Vulnerabilities. Defend Against Threats.

http://findtechinfo.com/penton/nl/178

CONTENTS

===========================================

IN FOCUS: Tracking Zero-Day Vulnerabilities

NEWS AND FEATURES

- FastMP3Search Dubbed Baddest of the Bad

- Websense Now Protects Citrix-based Virtual Applications

- Microsoft Word Vulnerable to Remote Code Execution

- Recent Security Vulnerabilities

GIVE AND TAKE

- Security Matters Blog: Zero-Day Tracker

- FAQ: A PowerShell Command's Function

- From the Forum: Seeking IDS Suggestions

- Share Your Security Tips

- IT Pro of the Month--November 2006 Winner

PRODUCTS

- Improved Spam Filter for Postfix

- Wanted: Your Reviews of Products

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS

=== SPONSOR: St. Bernard Software

====================

St. Bernard's Very Best Offer on Web Filtering

Get the IDC-rated #1 Web filtering appliance and save with this great Holiday offer. For a limited time, get the iPrism Internet Filtering Appliance free with a 2-year subscription. Or, buy a 3-year subscription and get the appliance plus a fourth year of subscription free. iPrism is the easy-to-use filtering solution that stops Internet-based threats. Get our best deal ever, get a Quick Quote now!

http://www.stbernard.com/forms/quickquote/quote_ip_q406_2WaysSave.asp?oc=592

=== IN FOCUS: Tracking Zero-Day Vulnerabilities

======

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Zero-day vulnerabilities (vulnerabilities that are published before the vendor has made a fix available) have been a part of computing since computers were invented. Publishing information about vulnerabilities too soon places the public at extreme risk, so you need to know about zero-day vulnerabilities as soon as possible.

You can learn about new vulnerabilities through many channels. Mailing lists are the primary method for disclosing zero-day vulnerabilities, so you should subscribe to those lists that you think are important for your security work. Web sites are another source of information about zero-day vulnerabilities, and several track both vulnerabilities and associated exploit code.

eEye Digital Security recently launched a new site called Zero-Day Tracker. Although the eEye Research Team doesn't always post zero-day vulnerabilities on day zero, you will find that new vulnerabilities do appear on the site within a few days of their publication. What I find most interesting about the site is that not only can you use it to learn about new vulnerabilities, but you can use it to mine data related to how vendors respond to zero-day vulnerabilities.

http://research.eeye.com/html/alerts/zeroday/index.html

The site tracks the date of publication of new zero-day vulnerabilities along with their perceived severity level, and eventually the date the vendor releases a patch. This data provides a clear view of how long the public is exposed to a given risk before the vendor provides some sort of official fix to correct the problem.

For example, a quick glance at the site shows five high-risk vulnerabilities in Microsoft products for which there is no patch. As I write this, the newest of those is a Word vulnerability published a couple days ago, and the oldest is a problem with an ActiveX control in Visual Studio 2005 that has remained unpatched for 124 days.

You can view similar data for vulnerabilities for which the vendor has released a patch. And the site doesn't confine itself to Microsoft vulnerabilities, it also lists other mainstream vendors that provide solutions for Windows platforms. So if you need to catch up on new vulnerabilities and exploits for Windows-related products, the site is a good place to visit. Consider bookmarking it.

Speaking of zero-day vulnerabilities, Windows Vista, recently released to enterprises, has one, but it primarily affects Microsoft itself and not so much the users of Vista.

Microsoft publishes a key management service that lets enterprise users of Vista handle product activation without contacting Microsoft. With the key management service in place, Vista periodically contacts the service to keep the OS activated, and therein resides the vulnerability.

Someone figured out how the key management service works, created a hacked version, and published it on the Internet as an easily loadable virtual machine (VM) image. So now people can download a copy of that VM, place it on their network, and effectively run pirated copies of Vista. This of course will cost Microsoft a lot of money in lost licensing fees.

You might consider taking a look at the VM to figure out ways to detect it so that you can ensure that nobody runs a copy on your network. You can find a link to it on various Torrent tracker sites and standalone Web sites. To find related info, search the Internet for the string "Microsoft.Windows.Vista.Local.Activation.Server-MelindaGates".

=== SPONSOR: Thawte

==================================

The Starter PKI Program

Securing multiple domains or host names? Learn how the Starter PKI program can save time and reduce costs, and provide you with a multiple digital certificate account.

http://www.windowsitpro.com/go/whitepapers/thawte/pki?code=SECMid1213

=== SECURITY NEWS AND FEATURES

=======================

FastMP3Search Dubbed Baddest of the Bad

StopBadware.org undertakes an initiative to fight a plug-in that secretly disables Windows Firewall and downloads several other malware packages.

http://www.windowsitpro.com/Article/ArticleID/94509

Websense Now Protects Citrix-based Virtual Applications

Websense Enterprise and Websense Web Security Suite have been integrated with Citrix Presentation Server 3.0 and 4.0 to protect browsers, email clients, and other applications.

http://www.windowsitpro.com/Article/ArticleID/94493

Microsoft Word Vulnerable to Remote Code Execution

A newly reported vulnerability in Microsoft Word could allow an intruder to launch remote code on an affected system.

http://www.windowsitpro.com/Article/ArticleID/94488

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

=== SPONSOR: Core Security

===========================

Manage Vulnerabilities. Defend Against Threats.

Your IT and Security budgets are tight. This White Paper shows real-world case studies demonstrating the ROI potential of automated penetration testing.

http://findtechinfo.com/penton/nl/178

=== GIVE AND TAKE

====================================

SECURITY MATTERS BLOG: Zero-Day Tracker

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

eEye Digital Security has a new Zero-Day Tracker Web site. Now if it would only post information about zero-day vulnerabilities on day zero....

http://www.windowsitpro.com/Article/ArticleID/94485/94485.html

FAQ: A PowerShell Command's Function

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I determine what a Windows PowerShell command will do?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/94448

FROM THE FORUM: Seeking IDS Suggestions

A forum participant is looking for both a host-based and network-based intrusion detection system (IDS). Any recommendations or experiences to share? Offer your input at:

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=82970&enterthread=y

SHARE YOUR SECURITY TIPS AND GET $100

Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to r2rwinitsec@windowsitpro.com. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

IT PRO OF THE MONTH--November 2006 Winner

Congratulations to Simon Zeltser, who was voted the November 2006 "IT Pro of the Month." Adapting a solution he found in Windows Scripting Solutions, Simon developed what he calls a ProfileBackup solution, which executes in two phases: backup and restore. He was able to upgrade more than 1500 PCs remotely, saving the IT staff time and the company money. To learn more about Simon's solution and to find out how you can become the next IT Pro of the Month, please visit:

http://www.windowsitpro.com/go/itpromonth

=== PRODUCTS

=========================================

by Renee Munshi, products@windowsitpro.com

Improved Spam Filter for Postfix

Message Partners announces Message Processing Platform (MPP) 3.0, which introduces an integrated pre- and postqueue spam filter for Postfix, an open-source email server used by service providers and enterprises for their email-filtering proxies. MPP 3.0's new Postfix Policy Server adds the ability to make prequeue admission decisions for many types of email messages (including multirecipient and multidomain). In addition to the Postfix Policy Server functionality, MPP 3.0 can automatically replace message attachments with a link to the server (to save bandwidth) and includes several other features. For more information, go to

http://messagepartners.com

WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to whatshot@windowsitpro.com and get a Best Buy gift certificate.

=== RESOURCES AND EVENTS

=============================

For more security-related resources, visit

http://www.windowsitpro.com/go/securityresources

No IT pro today works in a completely homogeneous environment, and with virtualization, your chances of dealing with multiple OSs is increasing. Attend TechX World--available online December 14--and find out about virtualization, OS interoperability, directory and security integration, and data interoperability. Register today for free!

http://events.unisfair.com/rt/techx?code=1213emailannc

Sure, you know you've got compliance mechanisms in place. But do you have ways to easily and efficiently prove that your mechanisms are working? Join us for this free seminar to learn how you can demonstrate regulatory compliance for multiple regulations with fewer headaches. You'll also find out what "evidence" means to the auditor and make sure that you're collecting all the information you need!

http://www.windowsitpro.com/go/seminars/bindview/multiregcompliance/?partnerref=1213emailannc

Maximize your investment in your VoIP network by using all of its capabilities. Learn to integrate Fax for IP to reduce TCO and increase ROI for your investment. On-Demand Web Seminar

http://www.windowsitpro.com/go/seminars/faxback/leveragefax/?partnerref=1213emailannc

Discover a wealth of information about how to protect and secure your data in the event of a disaster. You may not be able to predict the exact details of a disaster, but you can be prepared with a solid response for when one strikes. Disaster can strike anywhere--not just where severe weather can hit--so make sure you're ready when it does. Download your free copy of this eBook today!

http://www.windowsitpro.com/go/ebooks/ca/disaster/?code=1216emailannc

Information is the "I" in "IT." Do you know where your information is? Is it protected? Backed up? Download this free podcast today to find out the top 5 reasons that you should be considering storage consolidation.

http://www.windowsitpro.com/go/podcast/hp/consolidation/?code=1216emailannc

=== FEATURED WHITE PAPER

=============================

The average enterprise spends nearly $10 million annually on IT compliance. Download this free white paper today to streamline the compliance lifecycle, and dramatically reduce your company's costs!

http://www.windowsitpro.com/go/whitepapers/scalable/compliance?code=1216featwp

Bonus: Register for any white paper from Windows IT Pro during December, and you could win a Nintendo Wii! View the full list of white papers at http://www.windowsitpro.com/whitepapers -- and remember, the more you download, the better your chances of winning.

=== ANNOUNCEMENTS

====================================

Holiday Offer--Save $40 off Windows IT Pro

Don't miss Windows IT Pro magazine in 2007! As a subscriber, you'll have full access to must-have content covering Windows Vista deployment, virtualization and disaster recovery, Active Directory enhancements, Office 2007, SharePoint fundamentals, and much more. Order now and save $40:

https://store.pentontech.com/index.cfm?s=1&promocode=eu206cuw

Make Your Mark on the IT Community!

Nominate yourself or a peer to become an "IT Pro of the Month." This is your chance to get the recognition you deserve! Winners will receive over $600 in IT resources and be featured in Windows IT Pro magazine and the TechNet Flash email newsletter. It's easy to enter--we're accepting January nominations now for a limited-time! Submit your nomination today:

http://www.windowsitpro.com/go/itpromonth

===========================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).

http://www.windowsitpro.com/windowssecurity

https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb

Subscribe to Security UPDATE at

http://www.windowsitpro.com/Email/Index.cfm?action=archive

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=%%SUBSCRIBER_ID_TAG%%

Be sure to add Security_UPDATE@list.windowsitpro.com to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- letters@windowsitpro.com

About technical questions -- http://www.windowsitpro.com/forums

About your product news -- products@windowsitpro.com

About your subscription -- windowsitproupdate@windowsitpro.com

About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.