Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: More MS06-042 woes - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More MS06-042 woes
The hotfix for MS06-042, which was supposed to be released today, has been delayed. Worse: It turns out that MS06-042 introduced a new security problem. The crashes everyone is having so much fun with are just the tip of the iceberg. The issue can also be used to execute arbitrary code. In particular, note that MSFT's advisory essentially tells you how to exploit the issue. Exploits will likely follow very soon (days?).


At this point, we recommend:
  • Keep MS06-042 applied if you can. It fixes more bugs than it creates.
  • If you are having problems with internal web sites that can no longer be used: Restrict MSIE to be used internally only.
  • Use Firefox/Opera or other browsers for now.
  • "SandboxIE" can be used to protect your system from damage caused via MSIE.
  • If you establish a "No MSIE" policy, you can use the snort rule below to detect accidental policy violations.
Snort Rule:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS \
(content: "|0D 0A|User-Agent\: Mozilla/4.0 (compatible\; MSIE 6.0";)
Links:
http://isc.sans.org/diary.php?storyid=1611 (updated patch matrix)
http://research.eeye.com/html/alerts/AL20060822.html (EEye Alert regarding the code execution)
http://www.microsoft.com/technet/security/advisory/923762.mspx
http://blogs.technet.com/msrc/archive/2006/08/16/447023.aspx (MSRC blog article regarding MS06-042 issue, dated Aug. 16th).
http://blogs.technet.com/msrc/archive/2006/08/22/448689.aspx (latest MSRC blog)
Sandboxie
 

I will be teaching next: Defending Web Applications Security Essentials - SANS Brussels September 2019

Johannes

3605 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!