Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Overview of the WMF related articles at the ISC

Published: 2006-01-02
Last Updated: 2006-01-03 16:28:03 UTC
by Tom Liston (Version: 6)
0 comment(s)
Since this is one of the more complex stories to follow I've made a quick overview of the WMF issues.

The first story on the WMF vulnerability and the initial exploit

The update explaining why we went to yellow the first time around

The story pointing to the Microsoft bulletin

The availability of the first snort sigs

The going back to green article

More WMF signatures

Lotus notes affected

The bandaid post: deregistering not reliable, extension filtering not enough

The free phone number for micrsoft support

Indexing and WMF

Musings on how to protect organisations beyond the trivial

An IM worm found using the WMF stuff

The second exploit, back to yellow, new sigatures and an unoffical patch


2nd generation exploit use in spam

Trustwothy computing

Recommended block list

Status of the anti-virus detection after one day

Updated version of Ilfak Guilfanov's patch

More .wmf woes

Installing a Patch Silently

.wmf FAQ Translations

Checking for .wmf Vulnerabilities

MS to Release Update on Jan 10

.MSI installer file for WMF flaw available

Swa Frantzen

0 comment(s)
Diary Archives