Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS06-049 re-release

Published: 2006-09-26
Last Updated: 2006-09-27 00:46:05 UTC
by Jim Clausing (Version: 1)
0 comment(s)
When Microsoft release the out-of-cycle patch for the VML exploit, they also re-released MS06-049 (again) which was responsible for causing corruption of compressed NTFS files on Windows 2000 systems.  You can find more info from Microsoft here
Keywords: Microsoft patch
0 comment(s)

* VML Update Released

Published: 2006-09-26
Last Updated: 2006-09-26 20:09:21 UTC
by Robert Danford (Version: 4)
0 comment(s)
Microsoft has just released an update to address the VML (VGX) issue

The update can currently be found on Microsoft Update and is titled
Security Update for Windows XP (KB925486)
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx


It is recommended that the patch be applied immediately (after testing) unless a suitable mitigation strategy is in place.

Update: Also, note that if you applied the ACL mitigation (removing Everyone Read access from the DLL), you will need to undo that before this update will apply successfully. 

Thanks to everyone that submitted analysis, news, samples, malicious website reports, etc

More info:
http://isc.sans.org/diary.php?storyid=1727
http://blogs.technet.com/msrc/archive/2006/09/26/459194.aspx

Keywords:
0 comment(s)

Deja Vu - Request for W32.Pasobir Malware Sample

Published: 2006-09-26
Last Updated: 2006-09-26 12:29:30 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
If any of ISC participants have a sample of W32.Pasobir we'd really appreciate a submission via our contact page.

Thanks!

**snip**
"Periodically checks for both fixed and removable drives starting with drive D: that are attached to the system and copies itself as the following file:

[DRIVE LETTER]:\sxs.exe

Creates the following file containing instructions to start the worm when the drive is attached to the system:

[DRIVE LETTER]:\autorun.inf"
Keywords:
0 comment(s)
Diary Archives