Threat Level: green Handler on Duty: Kevin Liston

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Unpatched exploit gets publicity

Published: 2006-08-14
Last Updated: 2006-08-14 18:45:59 UTC
by Swa Frantzen (Version: 6)
0 comment(s)
An exploit that got missed by the patches in MS06-035 is receiving public attention on mailing lists. The exploit itself has been public since July, and got reported on by Microsoft in their blog on July 28th.

Microsoft has confirmed in that blog that this is indeed a problem that results in a crash.

We also got confirmation from Microsoft that "this is a DoS only issue that was not addressed in MS06-040, but will be addressed in a bulletin."

We are looking forward to a patch from Microsoft, but have no indication of a timeline at this point.

In the mean time, seriously consider blocking ports 135-139 and 445 if you have not done so already. It is good advise to have them restricted on all but your fileservers at all times.

Block it in your perimeter using firewalls or routers (e.g. in SOHO setups) and block them in personal firewalls to help tightening it down (think about e.g laptops outside the perimeter).

--
Swa Frantzen -- Section 66
Keywords:
0 comment(s)
Diary Archives