Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Handlers Diary Blog - WMF and Indexing InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

WMF and Indexing

Published: 2005-12-31
Last Updated: 2005-12-31 12:24:04 UTC
by Patrick Nolan (Version: 1)
0 comment(s)

WMF Indexing, White Elephants and White Rabbits

The WMF White Elephant in the room as far as I'm concerned is Indexing. YMMV. How many Vendors have other Indexing services installed that are going to automagically enable WMF exploitation on or across your network?

 F-Secure pointed out the White Elephant when they recommended you "disable indexing of media files (or get rid of Google Desktop) if you're handling infected files under Windows" and  said "This is enough to invoke the exploit and infect the machine. This all happens in realtime as Google Desktop contains a file system filter and will index new files in realtime.". And I agree, turn all Indexing off until a fix is out.

Microsoft, Google and other vendors should immediately address what the role is of their indexing services, particularly as it relates to shares, synchronization and potential mitigation activities. Their lack of comment on this issue is glaring.

MS Indexing (White Rabbit Link)

F-Secure's blog today has a new vulnerability workaround (unrelated to indexing).
Keywords:
0 comment(s)
Diary Archives