PnP Worm Out
Quick update: Several reports that the PNP (MS05-039) worm was released finally. We are just analyzing the code.
We remain at infocon of yellow, but fortunately, we haven't yet seen any worms exploiting the vulnerabilities covered by last Tuesday's Microsoft bulletins. If things stay quiet through Sunday, we'll likely move back to green on Monday, but we reiterate our warning from yesterday, there are enough exploits for these vulnerabilities known to be in the wild that we believe it is only a matter of hours or at most days until they are integrated into a worm.
More thoughts on the current Veritas Backup Exec vulnerability
One of our readers (thanx, Frank) pointed out that although the bulletins concerning the Veritas Backup Exec vulnerabilities only mentioned the possibility of READING data from a vulnerable server, the nature of the NDMP protocol makes it likely that it could be exploited to WRITE data to a server as well. Several people have been working on proof of concept code today, so it probably won't be long before working exploits are in the wild for this one, too. We are hearing reports of exploit attempts in the wild. Again, see yesterday's diary for our recommendations, for blocking port 10000. Also, thanx to Juha-Matti, for pointing out that this vulnerability also exists not just in Backup Exec, but also in NetBackup for NetWare, as well. See the for further details.
Microsoft Update and Win2K3 w/o SP1
Another of our readers, Wolf, brought this issue to our attention. Some admins have chosen not to install Windows 2003 Server SP1 until issues have been worked out. This has led to a problem that the admins may not be aware of. If you use Microsoft Update and choose the Express (recommended) option, it will NOT show the July or August updates, you have to choose Custom updates in order to see them. This could be very dangerous as it may leave the admins believing their servers are current on patches when in fact they are exposed.
new gaim version
Users of the popular gaim multi-protocol instant messenger client are urged to upgrade to 1.5.0 immediately, since this version fixes 3 security bugs. See http://gaim.sourceforge.net/security/ for details.
Jim Clausing, jclausing_at_isc.sans.orgI will be teaching next: Malware Reverse-Engineering Challenge - SANS Northern VA Fall- Reston 2019
Aug 14th 2005
1 decade ago