Last Updated: 2006-09-21 21:29:15 UTC
by Johannes Ullrich (Version: 1)
The full advisory notes 3(!) arbitrary code execution issues fixed by this patch. The advisory mentions that there is no known exploit, and does not give credit to anyone for discovering the vulnerability.
I recommend applying the patch ASAP. However, you will only be able to download the full patch "as is". Patches for the individual vulnerabilities are not provided. Interestingly, OS-X update labels the patch a "wireless network reliability fix".
For more background from Brian Krebs, see his latest blog.
Last Updated: 2006-09-21 21:12:28 UTC
by Chris Carboni (Version: 1)
In yesterday's diary Jim showed Dshield data pointing to a drastic increase in probes to tcp port 2222.
Today, the data drops back down to 'normal' levels
We did recieve quite a few e-mails listing applications that use tcp 2222 by default including, Allen-Bradley SLC-505 PLCs, Direct Admin, Ethernet connected Allen Bradley Programmable Logic Controllers, and the pubcookie key server among them.
That port is also a known to be used by a couple of trojans.
We've also received a few packets, and based on what we can see, it is a syn packet that may be crafted. One of the handlers noticed some irregularities in the source port and sequence numbers.
I'll post the packets as soon as I can properly anonymize them to protect the innocent. ;)
We'll keep an eye on this over the next few days.
Last Updated: 2006-09-21 20:53:26 UTC
by Chris Carboni (Version: 3)
The site contains a modified version of the code that was originally released on Tuesday that has now been tested on:
- Windows XP SP1 + IE6 SP1
- Windows XP SP0 + IE6
- Windows 2000 SP4 + IE6 SP1
- Windows 2000 SP4 + IE6
He also mentions that exploit code for the Windows Kernel Privilege Escalation vilnerability fixed by MS06-049 has been been released.
This code is said to have been tested on:
- Windows 2000 PRO SP4 Chinese
- Windows 2000 PRO SP4 Rollup 1 Chinese
- Windows 2000 PRO SP4 English
- Windows 2000 PRO SP4 Rollup 1 English
Last Updated: 2006-09-21 16:26:38 UTC
by Patrick Nolan (Version: 1)
MS's KB "Best practices and security issues to consider when you use FolderShare" is weak, it's only useful recommendation is;
"you can effectively block outgoing traffic to FolderShare. To permanently block the FolderShare satellite from running in a particular environment, block access to the following host name on port TCP/443:
The folks at NISCC credit "Ben Rexworthy of Securinet UK and white-hats.co.uk for reporting these issues to NISCC".