Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-040 and MS06-042 updates

MS06-040 (Server Service Patch):

We are getting a lot of questions about this one. The short answer: Don't panic, but keep on patching. It apprears that the release of a public exploit is imminent, but we don't have it. A lot of speculations about a possible worm. But then again, worms are so 2004. Once an exploit is made public, I would expect it to be added to standard bot payloads quickly.

MS06-042 (MSIE Rollup patch):

We received some reports about users having problems with Internet Explorer crashing after applying the latest patch (MS06-042) and accessing certain sites ? mainly Peoplesoft applications.

We can't confirm this yet, but it looks like only Windows XP SP1 machines that applied the patch are affected (Windows XP SP2 with the patch seems to be working ok, from some very limited tests we were able to do).

Let us know if you can confirm this.

We have also had a number of reports that Windows 2000 is also affected, particularly accessing Peoplesoft applications. Rather than un-installing the patch, using an alternate browser is another workaround.

I will be teaching next: Intrusion Detection In-Depth - SANS Doha March 2022


4352 Posts
ISC Handler
Aug 9th 2006

Sign Up for Free or Log In to start participating in the conversation!