Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Regularly scheduled MS updates - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Regularly scheduled MS updates
Microsoft has released two more security bulletins today.  They made no changes to the WMF bulletin from last week.  I'll be updating this throughout the day.

The first issue, MS06-002, is another client vulnerability that is triggered by browsing to a malicious web server.  You should probably treat this with the same severity as you treated the WMF issue from last week.  The eEye advisory gives some more details about the issue here: http://www.eeye.com/html/research/advisories/AD20060110.html.  It seems that malicious files may have .eot extensions and you may want to consider blocking those file types on web surfing, but the eEye advisory specifically states that the file extension could be anything.  Given the recent speed of Metasploit modules for new exploits, I would guess that a new module to create exploit files will soon be available.  Another point to note is that the data is compressed, so writing IDS/IPS signatures may be difficult.

The second issue, MS06-003, affects Outlook and Microsoft Exchange and it also looks fairly serious.  If you can't patch your Exchange servers immediately, read the "workarounds" section of the bulletin for information about blocking files that could be triggering this vulnerability.  It mentions the possibility of blocking email with an attachment name "Winmail.dat", however this will create other issues.  Read the entire "workarounds" section of the bulletin for the complete story.

Kyle

112 Posts

Sign Up for Free or Log In to start participating in the conversation!