-
February 8th, 2005, 09:52 PM
#1
February MS Security Patches Posted
Microsoft posted a bunch of new security patches today, you can find information about them at:
http://www.microsoft.com/technet/security/default.mspx
While some are worse then others, the MS05-011 looks like it has the potential to be the next vulnerability exploited by network aware worms.
-
February 8th, 2005, 10:29 PM
#2
Yeah, I just got an email about this and updated my boxes. Wonder if there is any exploite code out there yet? Guess I need to go visit Security Focus.
-
February 8th, 2005, 10:39 PM
#3
Kewl.... They should be waiting on my WUS servers in the morning.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
February 9th, 2005, 03:24 PM
#4
seven in all. Soon it may be that so many ms patches, fixes and updates are posted each month that ms will force automation in its next release of os just to save on bad press never mind licensing issues.
Trappedagainbyperfectlogic.
-
February 9th, 2005, 03:47 PM
#5
Just an FYI...
You can get the same notifications that MS Premier members do for free. I guess this is somthing they just started to offer. I find it helpful because it is a comphrensive email stating what is being released and what all the security updates encompass.
------------------------------------------------------------------------------------
Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). It provides timely notification of any minor
changes or revisions to previously released Microsoft Security
Bulletins. This new service provides notifications that are
written for IT professionals and contain technical information
about the revisions to security bulletins.
Visit http://www.microsoft.com to subscribe to this service:
- Click on Subscribe at the top of the page.
- This will direct you via Passport to the Subscription center.
- Under Newsletter Subscriptions you can sign up for the
"Microsoft Security Notification Service: Comprehensive Version".
Also, they updated an older Sec Bulletin, MS04-035 dealing with exchange. For everyone running WUS/SUS I suggest you configure it to 'Auto Approve' updated patches. Otherwise you might end up like I did yesterday on one of our SUS boxes, clicking 30+ check boxes... argh.
Civilization. The death of dreams.
-
February 9th, 2005, 03:56 PM
#6
Member
Originally posted here by Irongeek
Yeah, I just got an email about this and updated my boxes. Wonder if there is any exploite code out there yet? Guess I need to go visit Security Focus.
Yeah.. 0day public release.. it's getting crazy out there..
an MSN 6.2 exploit for the MS05-009 is
HERE
Dyn/Gnosis ~ Powerful/Knowledge
www.Dyngnosis.com
Tutorials - Site Penetration Logs - (TheCommunity)Forums - Toolss
-
February 9th, 2005, 10:14 PM
#7
Input validation vuln in Exchange exploitable via email?
MS05-012 - Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
http://www.microsoft.com/technet/sec.../MS05-012.mspx
FAQ for Input Validation Vulnerability - CAN-2005-0044:
How could an attacker exploit the vulnerability?
On Exchange Server 5.0, Exchange Server 5.5, Exchange 2000 Server, and Exchange Server 2003 any anonymous user who could deliver a specially crafted message to the affected system could try to exploit this vulnerability. User interaction is required to exploit this vulnerability on Windows 2000, Windows XP, and Windows Server 2003. For an attack to be successful by sending an e-mail message to a locally logged on user, the user must open an attachment that contains a malicious OLE object. Many different types of attached documents can contain the affected OLE Object types. All Office file types as well as many other third-party file types could contain a malicious OLE Object.
Does anyone know if this vulnerability is exploitable via simply sending an email to a mailbox on an Exchange server? Does the Exchange server application process the OLE/TNEF portion of the email or just on client?
I'm trying to figure out how vulnerable my environment is to this nasty.
-
February 9th, 2005, 10:23 PM
#8
From the description you provided it appears that the user has to be logged onto the exchange server and be reading email..... Frankly, anyone allowing anyone to use an Exchange server as a workstation, web browser or anything is terminally stupid....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
February 10th, 2005, 02:04 PM
#9
Unfortunately, it looks like Exchange may be vulnerable on its own, not just through reading the e-mail. I get this both from my company's Microsoft technical account manager, and little odd-placed threads like this one:
http://hellomate.typepad.com/exchang...oft_secur.html
-
February 10th, 2005, 02:20 PM
#10
Member
Originally posted here by Timmy77
Unfortunately, it looks like Exchange may be vulnerable on its own, not just through reading the e-mail. I get this both from my company's Microsoft technical account manager, and little odd-placed threads like this one:
http://hellomate.typepad.com/exchang...oft_secur.html
nothing in that post seems to suggest that the user-interaction is not required for infection... I can't yet see how something like that would occur.
Dyn/Gnosis ~ Powerful/Knowledge
www.Dyngnosis.com
Tutorials - Site Penetration Logs - (TheCommunity)Forums - Toolss
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|