Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-08-13 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

PnP Worm out; More on the current Veritas vuln; Microsoft Update and Win 2K3 w/o SP1; new gaim version

Published: 2005-08-13
Last Updated: 2005-08-14 16:58:03 UTC
by Jim Clausing (Version: 1)
0 comment(s)

PnP Worm Out


-------

Quick update: Several reports that the PNP (MS05-039) worm was released finally. We are just analyzing the code.

-------
We remain at infocon of yellow, but fortunately, we haven't yet seen any worms exploiting the vulnerabilities covered by last Tuesday's Microsoft bulletins. If things stay quiet through Sunday, we'll likely move back to green on Monday, but we reiterate our warning from yesterday, there are enough exploits for these vulnerabilities known to be in the wild that we believe it is only a matter of hours or at most days until they are integrated into a worm.

More thoughts on the current Veritas Backup Exec vulnerability


One of our readers (thanx, Frank) pointed out that although the bulletins concerning the Veritas Backup Exec vulnerabilities only mentioned the possibility of READING data from a vulnerable server, the nature of the NDMP protocol makes it likely that it could be exploited to WRITE data to a server as well. Several people have been working on proof of concept code today, so it probably won't be long before working exploits are in the wild for this one, too. We are hearing reports of exploit attempts in the wild. Again, see yesterday's diary for our recommendations, for blocking port 10000. Also, thanx to Juha-Matti, for pointing out that this vulnerability also exists not just in Backup Exec, but also in NetBackup for NetWare, as well. See the for further details.

Microsoft Update and Win2K3 w/o SP1


Another of our readers, Wolf, brought this issue to our attention. Some admins have chosen not to install Windows 2003 Server SP1 until issues have been worked out. This has led to a problem that the admins may not be aware of. If you use Microsoft Update and choose the Express (recommended) option, it will NOT show the July or August updates, you have to choose Custom updates in order to see them. This could be very dangerous as it may leave the admins believing their servers are current on patches when in fact they are exposed.

new gaim version


Users of the popular gaim multi-protocol instant messenger client are urged to upgrade to 1.5.0 immediately, since this version fixes 3 security bugs. See
http://gaim.sourceforge.net/security/ for details.



---------------------

Jim Clausing, jclausing_at_isc.sans.org
Keywords:
0 comment(s)
Diary Archives