| |
 |
 |
 |
|
|
|
|
Date: 24 October 2008
Click here for printable version
Greetings,
I will give everyone one guess as to the first topic that I want to talk
about...
If you did not guess MS08-067 then you can't have read (or you ignored)
our sms and our security bulletin (AL-2008.0110). There are 2 things I
would like to bring up in relation to this new vulnerability, after which
there are a couple of links that may interest you.
Firstly, even system a with a host firewall enabled may not be safe because
Windows may add an exception in the firewall for file/printer sharing.
Secondly, even if ports 139 and 445 are blocked at the border of your
company, this does not stop someone downloading the file, and then having
it execute and spread all around the office.
"What file" I hear you say - well unfortunately even Microsoft were alerted
to this vulnerability because of malware that was exploiting it.
So what is the good news? Well UAC (on Vista and Server 2008) means that
the attacker must be authenticated. So those systems are much safer than
other versions of Windows. Also in Vista and Server 2008, an attacker would
only have 3 chances to exploit the bug because the "service is marked to
restart only twice after a crash".
MS08-067 links of interest:
- http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx
- Great information from Microsoft (refrence for quotes above)
- http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html
- Quite a bit of detail in this blog
Two other alerts this week are also ones to check are patched. The F-Secure
(AL-2008.0107) patch (some products require manual updates), and the Trend
Micro OfficeScan patch (AL-2008.0108).
Finally, keep an eye out for further security advisories relating to the
"Outpost24 TCP" DoS (ESB-2008.0986). Cisco has released a response, but
patches may be coming in the following weeks.
Regards,
Richard
|
|
|
|
 |
|
 |
|
|