Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft exploits on Reboot Wednesday
Well it certainly didn't take long for some to start making available (those I've seen so far are not for free) exploits against the vulnerabilities described in MS06-040, MS06-042 and MS06-046, which where only released yesterday.

Those of you're still testing patches, you'd better hurry up and get some of these fixed before you get hit.

Just as a reminder:
  • Filtering ports 135-139 and 445 helps against MS06-040; as do private VLANs (preventing client-client communication in the switch). None of those will help your fileserver, so patching is critical.
    Since there are still unpatched vulnerabilities in this software, filtering still remains crucial.
  • If you cannot apply MS06-042: stop using MSIE now, use an alternate browser.
  • Switching away to a browser not doing ActiveX (almost any will do) should help protect you against MS06-046 attacks as well.
But the best solution is to patch and do the above, layered defences!

Swa Frantzen -- Section 66

760 Posts
Aug 9th 2006

Sign Up for Free or Log In to start participating in the conversation!