=============== SPONSORED BY WINDOWS NT MAGAZINE ==================
Power + Speed = Windows NT Magazine Article Archive CD.  Fight your
NT fires quickly and intelligently with this complete collection of
Windows NT Magazine articles.  Search by keyword, subject, issue,
author, or month, and find the right solution in seconds. Includes
the entire article database from our September 1995 premiere issue
to December 1999.
           http://winntmag.com/OurProducts/ArchiveCD/
====================================================================

December 23, 1999 - Security UPDATE Alert - Several new security
are being reported in this alert. Georgio Guninski discovered
yet another problem with Internet Explorer 5.x and cross frame
navigation. No patch is available at this time.

USSRLabs reported a denial of service condition in ZBServer v1.5.

Microsoft reported a problem with Outlook 5, as well as Internet
Explorer 4.5 on Macintosh platform. The Outlook problem could lead
to a Trojan infection of the local system. The IE problem pertains
to certificates. Patches are now available.

Microsoft reported that Internet Information Server (IIS) is prone
to reveal source code under certain conditions. Patches are now
available.

Microsoft also revealed problems with the way IIS handles escape
character parsing. Patches are available for this problem as well.

Norton Antivirus 2000 was reported to contain a serious buffer
overflow condition. No vendor response is known at this time.

Kevork Belian shows how easy it is to crash an SQL Server 7.0 using
a very simple malformed packet. Microsoft has now issued a patch for
this month old problem.

For complete details on each of the discoveries, please visit our
Web site at the URLs listed below:

  - IE 5.01 Cross Frame Navigation
    http://www.ntsecurity.net/scripts/loader.asp?iD=/security/ie58.htm
  - ZBServer v1.5 Denial of Service
    http://www.ntsecurity.net/scripts/loader.asp?iD=/security/zbnserver1.htm
  - Outlook 5 and IE 4.5 for Macintosh
    http://www.ntsecurity.net/scripts/loader.asp?iD=/security/outlook51.htm
  - IIS Reveals Source Code
    http://www.ntsecurity.net/scripts/loader.asp?iD=/security/iis4-2.htm
  - IIS Escape Char Processing
    http://www.ntsecurity.net/scripts/loader.asp?iD=/security/iis4-3.htm
  - Norton Antivirus 2000
    http://www.ntsecurity.net/scripts/loader.asp?iD=/security/nav20001.htm
  - SQL 7.0 Denial of Server
    http://www.ntsecurity.net/scripts/loader.asp?iD=/security/sql7-2.htm

Thanks for subscribing to Security UPDATE.

Please tell your friends about this newsletter and alert list!

Sincerely,
The Security UPDATE Team
security@ntsecurity.net

=======================================================================
TO UNSUBSCRIBE from this alert list DO NOT REPLY, instead send e-mail
to listserv@listserv.ntsecurity.net with the words "unsubscribe
securityupdate" in the body of the message without the quotes.

TO SUBSCRIBE to this alert list, send e-mail to the same address listed
above with the words "subscribe securityupdate anonymous" in the body
of the message without the quotes.
=======================================================================
             Security UPDATE is powered by LISTSERV(R) software
                 http://www.lsoft.com/LISTSERV-powered.html
=======================================================================
Copyright (c) 1999 Duke Communications Intl. Inc. - ALL RIGHTS RESERVED
Forwarding this email is permitted, as long as the entire message body,
the mail header, and this notice are included.