Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Microsoft's Surprise Box / Port 42 and 8634 / My personal poll - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft's Surprise Box / Port 42 and 8634 / My personal poll
Microsoft's Surprise Box





Next tuesday will be Microsoft monthly security bulletin release. I have the feeling that I will not be the handler on duty on this day. According the Microsoft Advance Notification, they are planning to release nothing less than 13 Patches! and at least 4 are rated as Critical! I feel kind of sad, (not for me, my linux uptime is 6:04pm up 59 days, 1:39, 1 user, load average: 0.00, 0.00, 0.00, which is kind of ok...), but for the users that will not apply and that they will be the first victims of exploits and, who knows, worms...

Maybe I am been too dramatic, but maybe in this way I could convince someone to pay attention an apply the next patches that will be released...



Just a brief of the releases:



- 9 Microsoft Security Bulletins affecting Microsoft Windows. The greatest aggregate, maximum severity rating for these security updates is Critical. Some of these updates will require a restart.


- 1 Microsoft Security Bulletin affecting Microsoft SharePoint Services and Office. The greatest aggregate, maximum severity rating for this security bulletin is Moderate. These updates may or may not require a restart.


- 1 Microsoft Security Bulletin affecting Microsoft .NET Framework. The greatest aggregate, maximum severity rating for this security bulletin is Important. This update will require a restart.


- 1 Microsoft Security Bulletin affecting Microsoft Office and Visual Studio. The greatest aggregate, maximum severity rating for this security bulletin is Critical. These updates will require a restart.


- 1 Microsoft Security Bulletin affecting Microsoft Windows, Windows Media Player, and MSN Messenger. The greatest aggregate, maximum severity rating for these security updates is Critical. These updates will require a restart.



In a words of our friend Adrien, Happy patch Day!






Ports 42 and 8634





We noticed an upswing on probes for port 42.

Port 42, as much discussed here, is the one used by WINS and that got a vulnerability disclosed some days ago. One report that we got today was about probes for port 42 with SOURCE port 80.


Did you notice that or ,as our fellow handler Don likes to say, "got packets?"




On another topic, but also related to our good friends ,also called packets, we received a question about probes on port 8634. It didnt ring the bell here, but you may be getting anything...if so, please let us know!




My personal poll



This is not related to the ISC poll, just part of my curiosity.
If you are a home adsl user and have the opportunity to have 16 mb link, what would you do with that amount of bandwidth? If you want, use the email address bellow.

I am kind of worried because I think that it is too much bandwidth for a home user. And I am worried about what the bad guys could do with that (DoS comes to my mind)...In fact, I think that I miss my 300 bps modem times...


-----------------------------------------------------------------

Handler on Duty: Pedro Bueno (pbueno@isc.sans.org)
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!