Overview of the WMF related articles at the ISC
Since this is one of the more complex stories to follow I've made a quick overview of the WMF issues.

The first story on the WMF vulnerability and the initial exploit
http://isc.sans.org/diary.php?storyid=972

The update explaining why we went to yellow the first time around
http://isc.sans.org/diary.php?storyid=975

The story pointing to the Microsoft bulletin
http://isc.sans.org/diary.php?storyid=976

The availability of the first snort sigs
http://isc.sans.org/diary.php?storyid=977

The going back to green article
http://isc.sans.org/diary.php?storyid=978

More WMF signatures
http://isc.sans.org/diary.php?storyid=980

Lotus notes affected
http://isc.sans.org/diary.php?storyid=981

The bandaid post: deregistering not reliable, extension filtering not enough
http://isc.sans.org/diary.php?storyid=982

The free phone number for micrsoft support
http://isc.sans.org/diary.php?storyid=985

Indexing and WMF
http://isc.sans.org/diary.php?storyid=986

Musings on how to protect organisations beyond the trivial
http://isc.sans.org/diary.php?storyid=990

An IM worm found using the WMF stuff
http://isc.sans.org/diary.php?storyid=991

The second exploit, back to yellow, new sigatures and an unoffical patch
http://isc.sans.org/diary.php?storyid=992

The WMF FAQ
http://isc.sans.org/diary.php?storyid=994

--
Swa Frantzen


Swa

760 Posts
Jan 1st 2006

Sign Up for Free or Log In to start participating in the conversation!