Date: 11 February 2010
Click here for printable version
Well, Wednesday served up a good spread of patching for Microsoft
admins with 13 vulnerabilities corrected, including five critical.
Pay particular attention to
Windows TCP/IP v6
and Windows SMB Client
as these both have significant remote code execution and
administrator compromise flaws.
Note that reports have emerged about the
MS10-015 patch to
correct an elevation of privileges issue in
Windows kernel may
cause a blue screen of death on Windows XP computers.
A quirky flaw in the handling of
8.3 filename pseudonyms was
reported to affect a number of Windows-based Web Servers, allowing
attackers to bypass intrusion detection systems, security filters and
and file restrictions, potentially exposing sensitive data.
There is a remote root compromise in
Cisco's IronPort Encryption Applicance
which can be exploited by unauthorised attackers.
In late January the AusCERT co-ordination centre team participated
in an incident-response exercise as one of 16 CERT teams across
Asia Pacific. The exercise is run annually to test the response
capability of a team and their skills combating cyber crime. This
was an enjoyable and challenging drill that had us mitigating phishing
attacks, DDoS attacks and pulling apart malware to document its threat
value (among other scenarios).
Have a great weekend.