Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft exploits on Reboot Wednesday

Published: 2006-08-09
Last Updated: 2006-08-09 11:55:47 UTC
by Swa Frantzen (Version: 1)
0 comment(s)
Well it certainly didn't take long for some to start making available (those I've seen so far are not for free) exploits against the vulnerabilities described in MS06-040, MS06-042 and MS06-046, which where only released yesterday.

Those of you're still testing patches, you'd better hurry up and get some of these fixed before you get hit.

Just as a reminder:
  • Filtering ports 135-139 and 445 helps against MS06-040; as do private VLANs (preventing client-client communication in the switch). None of those will help your fileserver, so patching is critical.
    Since there are still unpatched vulnerabilities in this software, filtering still remains crucial.
  • If you cannot apply MS06-042: stop using MSIE now, use an alternate browser.
  • Switching away to a browser not doing ActiveX (almost any will do) should help protect you against MS06-046 attacks as well.
But the best solution is to patch and do the above, layered defences!

Swa Frantzen -- Section 66
0 comment(s)
Diary Archives