From what I have seen reported there have been a few attempted attacks, all targeted. Did see one good probe comming in from a firewall misconfiguration on my part that did try to exploit it but didn't get far. Actually came in as a spoof through a developer's machine via Poland via China if the tracebacks are accurate but even that may not be all that accurate if anon'd.
Brent Eads
Employee Technology Solutions, Inc.
The contents contain privileged and/or confidential information intended for the named recipient of this email. ETSI (Employee Technology Solutions, Inc.) does not warrant that the contents of any electronically transmitted information will remain confidential. If the reader of this email is not the intended recipient you are hereby notified that any use, reproduction, disclosure or distribution of the information contained in the email in error, please reply to us immediately and delete the document.
Viruses, Malware, Phishing and other known and unknown electronic threats: It is the recipient/client's duties to perform virus scans and otherwise test the information provided before loading onto any computer system. No warranty is made that this material is free from computer virus or any other defect.
Any loss/damage incurred by using this material is not the sender's responsibility. Liability will be limited to resupplying the material.
| "Susan Bradley, CPA
aka Ebitz - SBS Rocks [MVP]" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 08/11/2006 11:20 AM
|
|
Not seeing too many reported issues 06-040 at this time.
Are seeing issues with the typical customized web apps with
http://www.microsoft.com/technet/security/Bulletin/MS06-042.mspx the IE
one.. and so far hearing reports of issues with web/Peoplesoft on
Windows 2000 and XP sp1.
As a reminder:
Windows XP SP1 and SP1a support ends on October 10, 2006:
http://support.microsoft.com/gp/lifean19
Michael Miller wrote:
> Maybe you wouldn't exactly call it a utility tool, but WSUS can
> generate reports with all kinds of info regarding the status of
> patches for all machines in the domain.
>
> It's free and has minimal hardware requirements. You can service all
> your machines via a GPO and, if you're the cautious type, wait for the
> bleeding edge people to report back before approving certain updates
> for your client machines.
>
> -mjm
> _________________________________________________________________
>
>
>
> Alex Alborzfard wrote:
>> What about MS06-040? I've heard it's a nasty one like blaster.
>> DHS has already issued a recommendation to apply this patch.
>>
>> I remember using a utility tool that would list all applied patches on a
>> Windows box with all kind of information.
>> Anyone has ever used or knows anything about it?
>>
>> Alex
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf Of Susan Bradley,
>> CPA aka Ebitz - SBS Rocks [MVP]
>> Sent: Tuesday, August 08, 2006 1:55 PM
>> To: ActiveDir@mail.activedir.org
>> Subject: [ActiveDir] Microsoft Security Bulletin MS06-041 Vulnerability
>> in DNS Resolution Could Allow Remote Code Execution
>>
>> One of 12 today...but since it's DNS related
>>
>> Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution
>> Could Allow Remote Code Execution (920683):
>> http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx
>>
>> For an attack to be successful the attacker would either have to be on a
>>
>> subnet between the host and the DNS server or force the target host
>> to make a DNS request to receive a specially crafted record response
>> from an attacking server.
>>
>> (and Brett...just a FYI... in my twig forest... any attacker that
>> ends up on a subnet between a host and my DNS server [aka the Kitchen
>> sink service server] ... that attacker is dead meat and has a 2x4
>> aimed his way... one advantage of being little)
>>
>> Your patch folks may be calling up you AD guys for testing passes.
>>
>> Workarounds:
>>
>> *Block DNS related records at network gateways*
>>
>> Blocking the following DNS record types at network gateways will help
>> protect the affected system from attempts to exploit this vulnerability.
>>
>> *
>>
>> ATMA
>>
>> *
>>
>> TXT
>>
>> *
>>
>> X25
>>
>> *
>>
>> HINFO
>>
>> *
>>
>> ISDN DNS
>>
>>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx
>
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
If you are a SBSer and you don't subscribe to the SBS Blog... man ... I will hunt you down...
http://blogs.technet.com/sbs
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
Message scanned by TrendMicro
Message scanned by TrendMicro |
