SANS ISC: Update to MS04-025; Windows 2003 Guides Released; Port 3072; Your Daily Phish

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

Update to MS04-025 for XP users

For all folks using Windows XP, it is advised that you do another Windows Update to ensure that your patches have been correctly updated.

Microsoft stated the following:

"Subsequent to the release of this security bulletin, Microsoft was
made aware that the update provided for Windows XP customers running
the new version of Windows Update, Windows Update Version 5, did not
contain the final release code for the vulnerabilities addressed in
the security bulletin. Microsoft has corrected the update and is
re-releasing this bulletin to advise of the availability of a revised
update available to Windows Update Version 5 customers. Customers who
are utilizing Windows Update Version 4, the vast majority of
customers, are not affected by this revision."

http://www.microsoft.com/technet/security/Bulletin/MS04-025.mspx



Windows 2003 Guides Released

Microsoft has released two documents, available at the links below,
for download that has some excellent information regarding security.
These documents contain excellent information and references to tools
that every administrator could use.

Threats and Countermeasures: Security Settings in Windows Server 2003 and
Windows XP
http://www.microsoft.com/downloads/details.aspx?FamilyID=1b6acf93-147a-4481-9346-f93a4081eea8&DisplayLang=en

Windows Server 2003 Security Guide
http://www.microsoft.com/downloads/details.aspx?FamilyID=8a2643c1-0685-4d89-b655-521ea6c7b4db&DisplayLang=en

Port 3072

We have received more emails concerning traffic on Port 3072 and some good suggestions as to the cause. If you have any captures of the traffic, please pass them our direction.



Your Daily Phish

A user submitted to ISC today another phishing email scam. This one wanted the victim to change their pin number. As a general reminder, keep in mind which email address, if any, you have given to your financial institution(s) and always verify before you update any information requested via email.
Lorna J. Hutcheson/Tony Carothers

Handler on Duty

http://www.iss-md.com