Due to a number of very well working Windows exploits for this weeks patch
set, and the zero-day Veritas exploit, we decided to turn the infocon to yellow.
Advice: Use the weekend to patch ALL WINDOWS SYSTEMS. It may be worthwhile to
consider accelerated deployment of the patches even to critical systems if the
weekend is slow anyway. Backup Exec should be firewalled or disabled at this point.
Note: Consider unprotected internet facing machines infected at this point if they do not have this weeks patches applied. Patch and handle them with extra care.
Windows and Backup Exec exploits are out
In case you're waiting to see whether it's worth updating either
Windows or Veritas' Backup Exec, now's the time to do so. Live exploits
are out for both.
Specifically, MS05-039 appears to have 3 live exploits out for
it already, and Backup Exec has at least one exploit out.
We've said it already, but it's worth repeating - get those
patches in soon...
Which exploits are really out?
We've gotten a number of questions from readers about the
exploits we've mentioned over the past few days in the diary. Some of
them are publicly known and easily Google-able. Others are ones that
we've found out about from trusted sources that have asked us to not
share the exploit itself.
Because our goal is to provide timely alerts to the security
community, we generally don't provide the exploit code itself. If it
truly is publicly visible, you'll find it in a few minutes without our
help. And if the exploit is still generally private, we don't want to
be the conduit that accelerates attacks - people with lots of hat colors
read this diary. *smile*
Thanks for understanding.
NIST has provided
security documents: Creating a Patch and Vulnerability Management
Program, Secure DNS Deployment Guide, Guide to Malware Incident
Prevention and Handling, Guide to Single-Organization IT Exercises,
Guide to Computer and Network Data Analysis: Applying Forensic
Techniques to Incident Response, and Codes for the Identification of
Federal and Federally-Assisted Organizations.
Preliminary Snort signatures for MS exploits
One reader was kind enough to forward some Snort signatures for
malware hitting the recently announced vulnerabilities. Credit for
these signatures goes to Blake Harstein at Demarc.
To not have the lines go on too long, the pcre's have been split
over multiple lines; everything from pcre: to /i"; needs to be
reassembled into one object with no spaces.
-- Handler on Duty,
Aug 13th 2005
|Thread locked Subscribe||
Aug 13th 2005
1 decade ago