« Can we detect sleeper cell bots? | Main | Apple exploits instead of Apple pie on Thanksgiving »

November 13, 2007

It's Patch Tuesday again....

So I thought I'd share an example of the timely updates that our customers receive on a daily basis from our Nevis Labs service.  Subscribers obviously get a lot more information, and access to the Threat Encyclopedia that we maintain, but I've received a few requests to give a taste of the service, so thought today was a good day to do exactly that.

Vulnerabilities

MS07-061

Windows URI Handling Remote Code Execution Vulnerability

Description

Windows URI Handling Remote Code Execution Vulnerability refers to a vulnerability which exists in the way the Windows shell handles specially crafted URIs that are passed to it. An attacker could exploit this by including a specially crafted URI in an application or attachment, which could potentially allow remote code execution

This vulnerability can be exploited through a variety of applications, including Adobe PDF Reader, mIRC, Firefox, Outlook, Netscape Navigator, and others.

Impact

Windows XP Service Pack 2

Windows XP Professional x64 Edition and Service Pack 2

Windows Server 2003 Service Pack 1 and Service Pack 2

Windows Server 2003 Service Pack 1 and Service Pack 2

Windows Server 2003 x64 Edition and Service Pack 2

Windows Server 2003 with SP1 for Itanium-based Systems and SP2

Severity

Critical

Solution

On LANenforcer, update the CEI profile to the latest version

To check for CEI profile version, type “show version” on the CLI prompt of the LANenforcer.

MS07-062

DNS Spoofing Attack Vulnerability

Description

DNS Spoofing Attack Vulnerability refers to a vulnerability which exists in Windows DNS Servers. It could allow non-administrative users to send malicious responses to DNS requests, thereby spoofing or redirecting Net traffic from legitimate locations.

Impact

Microsoft Windows 2000 Server Service Pack 4

Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems

Severity

High

Solution

On LANenforcer, update the CEI profile to the latest version.

To check for CEI profile version, type “show version” on the CLI prompt of the LANenforcer.

Posted at 04:34 PM |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83452000469e200e54f95ed248834

Listed below are links to weblogs that reference It's Patch Tuesday again....:

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.