Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - MSIE DirectAnimation ActiveX 0-day update InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MSIE DirectAnimation ActiveX 0-day update

Published: 2006-09-15
Last Updated: 2006-09-20 17:44:59 UTC
by Swa Frantzen (Version: 4)
0 comment(s)
Microsoft released a security advisory regarding the 0-day we reported on earlier.

Timeline:
Workarounds:
Please note that windowsupdate needs an ActiveX enabled browser, but you can do that with settings to the security zones and trusting Microsoft.

Please not that the outlook family is affected as well but that the default settings will typically mitigate much of the risk. That is as long as nobody or nothing has modified the settings ...

With thanks to the readers writing in to remind us and keep the details right.

Update #1

Snort VRT Rule #8053 catches this vulnerability.  The rules are available at
http://www.snort.org/rules.  Sourcefire released rules for this vulnerability on September 1st.

--
Swa Frantzen -- Section 66
0 comment(s)
Diary Archives