Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Unpatched exploit gets publicity SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Unpatched exploit gets publicity
An exploit that got missed by the patches in MS06-035 is receiving public attention on mailing lists. The exploit itself has been public since July, and got reported on by Microsoft in their blog on July 28th.

Microsoft has confirmed in that blog that this is indeed a problem that results in a crash. We also got confirmation that MS06-040 does not fix this problem either.

We are looking forward to a patch from Microsoft, but have not received any indication of a timeline at this point.

In the mean time, consider blocking ports 135-139 and 445. It is good advise to have them restricted on all but your fileservers at all times.

Block it in your perimeter using firewalls or routers (e.g. in SOHO setups) and block them in personal firewalls to help tightening it down.

Swa Frantzen -- Section 66

760 Posts
Aug 14th 2006

Sign Up for Free or Log In to start participating in the conversation!