Threat Level: green Handler on Duty: Chris Mohan

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS06-040 and MS06-042 updates

Published: 2006-08-11
Last Updated: 2006-08-11 17:04:59 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

MS06-040 (Server Service Patch):

We are getting a lot of questions about this one. The short answer: Don't panic, but keep on patching. It apprears that the release of a public exploit is imminent, but we don't have it. A lot of speculations about a possible worm. But then again, worms are so 2004. Once an exploit is made public, I would expect it to be added to standard bot payloads quickly.

MS06-042 (MSIE Rollup patch):

We received some reports about users having problems with Internet Explorer crashing after applying the latest patch (MS06-042) and accessing certain sites mainly Peoplesoft applications.

We can't confirm this yet, but it looks like only Windows XP SP1 machines that applied the patch are affected (Windows XP SP2 with the patch seems to be working ok, from some very limited tests we were able to do).

Let us know if you can confirm this.

Update
We have also had a number of reports that Windows 2000 is also affected, particularly accessing Peoplesoft applications. Rather than un-installing the patch, using an alternate browser is another workaround.





Keywords:
0 comment(s)
Diary Archives