New IE Exploit PoC
On Thursday, Microsoft released a describing a new unpatched vulnerability in javaprxy.dll. FrSIRT also released a bulletin yesterday. Microsoft updated their bulletin last night with some additional workarounds including requiring prompting for all ActiveX controls and/or disabling the javaprxy entirely. For those of you who must continue to use IE as a browser, we highly recommend that you look at these workarounds. This morning the folks at FrSIRT released a proof-of-concept that results in a shell open on a high TCP port, so we expect active exploitation attempts in the very near future.
In case it wasn't clear in our diaries earlier this week, we are seeing active exploit attempts against the viewtopic vulnerability in phpBB 2.0.15, so if you haven't upgraded to 2.0.16, you need to do so immediately.
New book: Forensics
This isn't really a book review, but I picked up the latest (I believe) book in the Hacking Exposed series, Hacking Exposed Computer Forensics. So far, as with all the others that I've read in the series, it seems very well done with a lot of excellent information. Speaking of forensics, there was an interesting comment made on the forensics mailing list, I'm wondering what others think. Tobin Craig states "Can I suggest that the proliferation of substandard [forensic] examiners is the result of
treating computer forensics as an offshoot of information security?" and "Perhaps it might be
time for the information security arena to stop regarding computer forensics as
a subset of IT investigation, and see it instead as a completely separate
entity." I'm not sure that I entirely agree (nor entirely disagree) with these sentiments, but I'd like to hear from our readers.
To our Canadian friends, I hope you had a great holiday yesterday. For our American readers, I hope Monday is a great day for barbecues and fireworks.
Obligatory Tour de France comment: Also, congrats to Lance on an excellent prologue (a strong second place), I doubt that this is where Jan planned to be as the Tour begins. Ah, well. The next 3 weeks should be fun.
Jim Clausing, gro.snas.csi@gnisualcjI will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Bethesda 2020
Jul 3rd 2005
1 decade ago