Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Firefox patches; MS DoSed my Grandma; MS05-019 Exploit published - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Firefox patches; MS DoSed my Grandma; MS05-019 Exploit published

Recent Firefox patches

Firefox 1.0.3 was released Friday (well, that's when I installed it.) On Saturday, two proof-of-concept examples were released. The little green update button in Firefox is your friend.

Microsoft DoSed my Grandma!

Everybody feels a little pain on Microsoft Tuesday: the Security Intelligence folks rushing to release targeted advisories, the System Administrators struggling with the if/when to patch problem, the Security Researchers rushing to publish Proof-of-concept code, the Snort-heads rushing to develop signatures, and plenty of others that I'm missing. But let's not forget the poor dial-up users attempting to keep up with the security arms-race. I called to check in on my "grandma" this week and she complained that all of a sudden should couldn't surf the web or download her email. "Everything is timing out, or server's aren't available," was the reported symptom. "Am I infected again?" she worried aloud. It turned out to be her machine pulling down the patches. I told her to leave it logged in while she's watching her television programs and it would all work out. Take two patches and call me in the morning.

MS05-019 Proof of concept released

Numerous intelligence services are reporting (and in some cases publishing) proof of concept code for MS05-019. MS05-019 is the TCP/IP stack issue with ICMP. On other platforms, it can result in a Denial of Service. On Microsoft, it is reported to also allow execution of code. Fortunately, the Proof of concept is only a Denial of Service.


Kevin Liston

kliston at isc dot sans dot org
Kevin Liston

284 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!