, 2005 8:42 PM
Subject: RE: [Declude.Virus] MS05-16 Exploit
Putting in 2 new
drives was the easy part.
Recreating 43
websites in IIS because the backup drive on the backup server departed for parts
unknown the week before and proceeded with the tape drive (Onstream) finally
giving out a month
Since I am pressed for time and am presently unable to completely digest
what the vulnerability is and how to stop it, how can we configure our
Declude installs to protect/find/stop these messages?
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
This is the one that Andy pointed out:
Microsoft Windows Shell Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/13132/discussion/
Microsoft Windows is prone to a vulnerability that may allow remote
attackers to execute code through the Windows Shell. The cause of the
Good point. What version of Declude introduced the 'BANCSLID ON'
feature?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Tuesday, May 31, 2005 2:21 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] MS05-16 Exploit
Title: Message
Declude Virus will *not* detect abuse of MS05-16 with the Declude CLSID
vulnerability detector.
They
are entirely different animals, which happen to have CLSID at their
heart.
The
only way to attack MS05-16 abuse with Declude Virus is with a) keep your virus
scanner up to
Title: Message
Hi Andy,
Colbeck, Andrew wrote:
Declude Virus will *not* detect abuse of MS05-16
with the Declude CLSID vulnerability detector.
They are entirely different animals, which
happen to have CLSID at their heart.
You are sure up to date with this stuff!
Title: Message
Perhaps a new feature in Declude that can be implemented during an
outbreak(before the slow AV guys create defs)which reverses the logic of
the BAN module,making it an ALLOW module.
For
instance, ban all extensions except those specifically allowed-this
creates its own
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Tuesday, May 31, 2005
2:42 PM
To: Declude.Virus@declude.com
Subject: RE: [Declude.Virus]
MS05-16 Exploit
Ok, John, get back to fixing that mirrored
drive set
a mass-mailing virus. Declude defaults to BANCSLID ON which may or may
not protect from such an attack. Some CSLID calls are entire valid and
normal for Outlook/Office generated E-mails, and I'm not totally sure
Plus the other question is does Declude look for the CSLID calls in files in