Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-03-14 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

March Microsoft Security Bulletins Released

Published: 2006-03-15
Last Updated: 2006-03-15 21:44:20 UTC
by Johannes Ullrich (Version: 2)
0 comment(s)
As covered in the pre-announcement, Microsoft released two bulletins today:

MS06-012: Critical Vulnerability in Microsoft Office, KB905413

This update fixes a number of different Excel vulnerabilities, and a "Malformed Routing Slip" vulnerability which affects muliple Office components.

All the vulnerabilities come down to the same issue: If you open a malformed file, an attacker could get control of the system as the user opening the file.

If you use Microsoft Office, you should apply this patch quickly.

UPDATE: 2006-03-15: PoC exploits have been released.  The patch window is closing rapidly.

MS06-011: Priviledge Escalation in Windows (Important)

It may be possible for a regular user to obtain the privileges assigned to a service. A lower privileged user could change the configuration for a service in order to have it execute code or modify the system in other ways, once the service is running at the higher privilege (e.g. 'system').

This vulnerability has been disclosed for a while now. It is important to note that a "service" is not just a "server". Services typically have to run at a higher privilege level as they require access to files across multiple users, and access to system resources.

Keywords:
0 comment(s)

McAfee DAT 4715 clean up tool available

Published: 2006-03-14
Last Updated: 2006-03-14 15:47:18 UTC
by Jim Clausing (Version: 1)
0 comment(s)
In one of the updates to Pat's story on Sunday, I mentioned that we had heard McAfee would make its tool to restore files that had been incorrectly quarantined by the bad DAT publically available at some point.  Well, one of our readers, Mark, has pointed out to us, that the tool is now available (thanx, Mark).  Follow the link in the 13 Mar update at http://vil.nai.com/vil/content/v_138884.htm.
Keywords:
0 comment(s)
Diary Archives