Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Older Microsoft word unpatched vulnerability used as vector in targeted attacks InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Older Microsoft word unpatched vulnerability used as vector in targeted attacks

Published: 2007-01-31
Last Updated: 2007-01-31 22:10:11 UTC
by Swa Frantzen (Version: 3)
0 comment(s)
Symantec reported on what was thought of initially as yet another unpatched vulnerability being exploited by the bad guys out there. We have confirmation it is in fact one of the older -still unpatched- vulnerabilities CVE-2006-6456 that is exploited in targeted attacks.

Even though it appears there might be little gain in once again trying to convince people not to email office documents, not to open them, etc. some renewed attention might be required.
If actively exploited unpatched vulnerabilities is the risk level you need before being allowed to act and start to filter, you might have your "go" at this point. The oldest of the 4 vulnerabilities is publicly known since December 5th, 2006. This latest wave of attacks is exploiting a vulnerability that was publicly known since December 10th, 2006.

Let's hope at least some of them get patched in February's Black Tuesday patches.
With thanks to Juha-Matti, Ryan, and others helping out on this issue as it developed.

--
Swa Frantzen -- net2s.com
Keywords:
0 comment(s)
Diary Archives