The hotfix for MS06-042, which was supposed to be released today, has been delayed. Worse: It turns out that MS06-042 introduced a new security problem. The crashes everyone is having so much fun with are just the tip of the iceberg. The issue can also be used to execute arbitrary code. In particular, note that MSFT's advisory essentially tells you how to exploit the issue. Exploits will likely follow very soon (days?).
At this point, we recommend:
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS \Links:
http://isc.sans.org/diary.php?storyid=1611 (updated patch matrix)
http://research.eeye.com/html/alerts/AL20060822.html (EEye Alert regarding the code execution)
http://blogs.technet.com/msrc/archive/2006/08/16/447023.aspx (MSRC blog article regarding MS06-042 issue, dated Aug. 16th).
http://blogs.technet.com/msrc/archive/2006/08/22/448689.aspx (latest MSRC blog)
I will be teaching next: Intrusion Detection In-Depth - SANS San Antonio 2019
Aug 22nd 2006
1 decade ago