Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

With Every Patch Tuesday there is a Black Wednesday, Juniper Update, COAST (adware-spyware) is toast, Virus Spreading through MSN?, Comcast downtime

Published: 2005-04-13
Last Updated: 2005-04-14 01:53:34 UTC
by John Bambenek (Version: 1)
0 comment(s)
With Every Patch Tuesday there is a Black Wednesday

With all the patches for MS yesterday, several new proof-of-concepts and exploit codes were published (they're not just for Microsoft anymore).

MS05-16 - Windows Shell Vulnerability

Details: and

MS05-17 - Message Queueing Vulnerability


Oracle Buffer Overflows

which is patchable.

which is not patchable as of right now.

Debugger Exploits

and for you Visual C++, OllyDbg, WinDbg users.

is so you Linux-based malware analysts don't feel left out from the fun.

These exploits have been brought to you be the number 0 and the letters w and n.

Juniper Update

(login required)

Juniper has updated their notification to state that they do not user PMTUD for BGP sessions. Therefore, if you can filter or disable SQuench you may not have an ICMP BGP vulnerability.

COAST (adware-spware) is toast

The Consortium Of Anti-Spyware Technology vendors (COAST) has ceased operations and their website will go away on Tax Day (April 15th). No explanation is given.

Virus Spreading through MSN?

Messages will refer you to a URL similar to http://www.reallybadpeople.fakeTLD/gallery/pictures.php? (not a real URL) that will then download some malware to your machine and then proceed to propogate its funness. This just came in and haven't had the chance to reverse engineer it to see more precisely what it does, but its standard fare. Download bad file, trick user into running bad file, "Dude, you're getting pwn3d!".

Comcast Downtime

We've had several reports today at various times that Comcast was having troubles. Turns out they were.

From there:

(Connection to the Internet is currently unavailable. Our technicians are aware of the situation and are working to resolve the issue. This outage was logged at : 4/13/2005 6:47:00 PM EDT.)


John Bambenek

bambenek - at -
0 comment(s)
Diary Archives