Internet Storm Center
Training
Certification
Cyber Security Graduate School
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software Security
advertisement
Use Discount Code SANSFIREISC10 when registering to get a 10% discount!!
Use Discount Code SANSFIREISC10 when registering to get a 10% discount!!
MS06-049 re-release
Published: 2006-09-26,
Last Updated: 2006-09-27 00:46:05 UTC
by Jim Clausing (Version: 1)
Last Updated: 2006-09-27 00:46:05 UTC
by Jim Clausing (Version: 1)
When Microsoft release the out-of-cycle patch for the VML exploit, they also re-released MS06-049 (again) which was responsible for causing corruption of compressed NTFS files on Windows 2000 systems. You can find more info from Microsoft here
0 comment(s)* VML Update Released
Published: 2006-09-26,
Last Updated: 2006-09-26 20:09:21 UTC
by Robert Danford (Version: 4)
Last Updated: 2006-09-26 20:09:21 UTC
by Robert Danford (Version: 4)
Microsoft has just released an update to address the VML (VGX) issue
The update can currently be found on Microsoft Update and is titled
Security Update for Windows XP (KB925486)
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx
It is recommended that the patch be applied immediately (after testing) unless a suitable mitigation strategy is in place.
Update: Also, note that if you applied the ACL mitigation (removing Everyone Read access from the DLL), you will need to undo that before this update will apply successfully.
Thanks to everyone that submitted analysis, news, samples, malicious website reports, etc
More info:
http://isc.sans.org/diary.php?storyid=1727
http://blogs.technet.com/msrc/archive/2006/09/26/459194.aspx
The update can currently be found on Microsoft Update and is titled
Security Update for Windows XP (KB925486)
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx
It is recommended that the patch be applied immediately (after testing) unless a suitable mitigation strategy is in place.
Update: Also, note that if you applied the ACL mitigation (removing Everyone Read access from the DLL), you will need to undo that before this update will apply successfully.
Thanks to everyone that submitted analysis, news, samples, malicious website reports, etc
More info:
http://isc.sans.org/diary.php?storyid=1727
http://blogs.technet.com/msrc/archive/2006/09/26/459194.aspx
Keywords:
0 comment(s)Deja Vu - Request for W32.Pasobir Malware Sample
Published: 2006-09-26,
Last Updated: 2006-09-26 12:29:30 UTC
by Patrick Nolan (Version: 1)
Last Updated: 2006-09-26 12:29:30 UTC
by Patrick Nolan (Version: 1)
If any of ISC participants have a sample of W32.Pasobir we'd really appreciate a submission via our contact page.
Thanks!
**snip**
"Periodically checks for both fixed and removable drives starting with drive D: that are attached to the system and copies itself as the following file:
[DRIVE LETTER]:\sxs.exe
Creates the following file containing instructions to start the worm when the drive is attached to the system:
[DRIVE LETTER]:\autorun.inf"
Thanks!
**snip**
"Periodically checks for both fixed and removable drives starting with drive D: that are attached to the system and copies itself as the following file:
[DRIVE LETTER]:\sxs.exe
Creates the following file containing instructions to start the worm when the drive is attached to the system:
[DRIVE LETTER]:\autorun.inf"
Keywords:
0 comment(s)Comments
Please choose a specific diary above to comment
Diary Archives
