Threat Level: green Handler on Duty: Tom Webb

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-03-08 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Scans for CA LM Vulnerability; MSFT Update #1: MS05-002; MSFT Update #2: MS05-015; MSFT Update #3: Malicious Software Removal Tool

Published: 2005-03-08
Last Updated: 2005-03-09 13:49:53 UTC
by David Goldsmith (Version: 1)
0 comment(s)

Scans for Computer Associate's License Manager Vulnerability



Yesterday, we received a report from Ken about the significant traffic increase on TCP port 10202 and 10203. For the ISC port graphs, click and
.



These scans are likely due to the public release of respective exploit code, which was released to the public on Monday in a posting to the VulnWatch mailing list.
Note that the scans for the respective ports increased significantly as early as Thursday March 3rd. You can access a summary of early scanners for this port here:
http://isc.sans.org/10203 .
For an archived copy of the VulnWatch mailing list post, click see http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0078.html .

MSFT Update #1: MS05-002 (Windows 98)



We received reports today from two of our readers, Juha-Matti and Erik, that Microsoft has finally released patches for Windows 98, Windows 98SE and Windows ME. For more information, see the Microsoft


This set of patches fixes two vulnerabilities:

CAN-2004-1049: LoadImage API Buffer Overflow / Cursor and Icon Format Handling Vulnerability

This vulnerability allows the execution of arbitrary code using crafted .bmp, .cur, .ani and .ico images. This vulnerability is severe and the patch should be applied ASAP.

CAN-2004-1305: Cursor and Icon DDOS Kernel Vulnerability.

This is an "extension" to the prior issue that would render a system unresponsive using malformed images (.bmp, .ico, .cur, .ani).

MSFT Update #2: MS05-015 (Windows 98/ME)



MS05-015 was updated as well to include information regarding Windows 98 and ME. Thanks to Jaakko and Juha-Matti our two top Finish readers for pointing that out ;-).

Note that Windows 9x is no longer officially supported by Microsoft. Patches like this will be released occassionally, but will tend to be delayed compared to patches for Windows XP. Users of Windows 9x should upgrade to XP.

MSFT Update #3: Updated Malicious Software Removal Tool



And a third Microsoft update on a Tuesday without official updates. The Microsoft malicious software removal tool is distributed via Windows Update like patches. Its function is to identify and remove commonly found malicious code. Note that this tool is just detecting highly popular malware and no replacement for an Anti-Virus scanner. Tyler, who pointed out the update also noted that the tools log file can be found in %windir%\debug\mrt.log. For more details see:
http://support.microsoft.com/?id=890830 .
Keywords:
0 comment(s)
Diary Archives