Serious Symantec VulnerabilityUpdate: It appears that Symantec has not actually released the patches as is mentioned on their web site. We have not found any patches for the Symantec Antivirus Corporate Edition 8 and 9. We are investigating this futher. http://www.sarc.com/avcenter/security/Content/2005.02.08.html ISS X-Force has found a serious heap overflow vulnerability in many versions of the Symantec UPX decompression engine. As some of you may be aware, most modern trojans are packed with a combination of obfuscating and compression methods to evade detection; a component of which is UPX compression. It is conjectured that malware will soon take advantage of this attack to evade, disable, and possibly damage Symantec security products. Please examine the list of products posted by SARC and take immediate action to remedy any vulnerability you might be exposed to. Hotfixes are available. Stop reading and go patch now. This webpage will be here when you get back, which is more than we can say for your browsing experience should you decide NOT to take action. Further information is available at http://xforce.iss.net/xforce/alerts/id/187 PoC's available for MS05-005 and MS05-009Proof of concept code has been released for the MS05-005 (Microsoft Office URL handling) and MS05-009 (Multiple PNG file decode problems) issues. Both of these are on the critical patch list, and we expect to see malware utilizing either of these attacks in the near future. The portion of MS05-009 that relates to MSN Messenger; the CAN-2004-0597 libpng vulnerability, is especially serious, as CORE Security has determined that this attack may be possible to execute in a completely undetected manner to the end user with little to no user interaction, depending on MSN client settings. Major antivirus vendors have signatures posted or nearly complete for both of these issues, and you can get snort signatures for MS05-009 over at http://www.bleedingsnort.com/ The 13th PatchIn all the ruckus yesterday, many of us missed the fact that Microsoft quietly issued an update to the MS04-035 SMTP server DNS validation overflow issue from October, 2004. It appears that Exchange 2003 and the "Exchange-Lite" SMTP Server bundled with Windows Server 2003 are also suceptible to this attack. Get'cher patch on. http://www.microsoft.com/technet/security/bulletin/ms04-035.mspx |
Erik 21 Posts Feb 10th 2005 |
Thread locked Subscribe |
Feb 10th 2005 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!