MS06-049 re-release
When Microsoft release the out-of-cycle patch for the VML exploit, they also re-released MS06-049 (again) which was responsible for causing corruption of compressed NTFS files on Windows 2000 systems. You can find more info from Microsoft here
0 comment(s)
* VML Update Released
Microsoft has just released an update to address the VML (VGX) issue
The update can currently be found on Microsoft Update and is titled
Security Update for Windows XP (KB925486)
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx
It is recommended that the patch be applied immediately (after testing) unless a suitable mitigation strategy is in place.
Update: Also, note that if you applied the ACL mitigation (removing Everyone Read access from the DLL), you will need to undo that before this update will apply successfully.
Thanks to everyone that submitted analysis, news, samples, malicious website reports, etc
More info:
http://isc.sans.org/diary.php?storyid=1727
http://blogs.technet.com/msrc/archive/2006/09/26/459194.aspx
The update can currently be found on Microsoft Update and is titled
Security Update for Windows XP (KB925486)
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx
It is recommended that the patch be applied immediately (after testing) unless a suitable mitigation strategy is in place.
Update: Also, note that if you applied the ACL mitigation (removing Everyone Read access from the DLL), you will need to undo that before this update will apply successfully.
Thanks to everyone that submitted analysis, news, samples, malicious website reports, etc
More info:
http://isc.sans.org/diary.php?storyid=1727
http://blogs.technet.com/msrc/archive/2006/09/26/459194.aspx
Keywords:
0 comment(s)
Deja Vu - Request for W32.Pasobir Malware Sample
If any of ISC participants have a sample of W32.Pasobir we'd really appreciate a submission via our contact page.
Thanks!
**snip**
"Periodically checks for both fixed and removable drives starting with drive D: that are attached to the system and copies itself as the following file:
[DRIVE LETTER]:\sxs.exe
Creates the following file containing instructions to start the worm when the drive is attached to the system:
[DRIVE LETTER]:\autorun.inf"
Thanks!
**snip**
"Periodically checks for both fixed and removable drives starting with drive D: that are attached to the system and copies itself as the following file:
[DRIVE LETTER]:\sxs.exe
Creates the following file containing instructions to start the worm when the drive is attached to the system:
[DRIVE LETTER]:\autorun.inf"
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
© 2024 SANS™ Internet Storm Center
Developers: We have an API for you! 
Comments