Australia's Leading Computer Emergency Response Team

Week in Review
Date: 11 February 2010
Original URL: https://auscert.org.au/render.html?cid=7066&it=12391

Greetings all,

Well, Wednesday served up a good spread of patching for Microsoft admins with 13 vulnerabilities corrected, including five critical. Pay particular attention to Windows TCP/IP v6 and Windows SMB Client as these both have significant remote code execution and administrator compromise flaws.

Note that reports have emerged about the MS10-015 patch to correct an elevation of privileges issue in Windows kernel may cause a blue screen of death on Windows XP computers.

A quirky flaw in the handling of 8.3 filename pseudonyms was reported to affect a number of Windows-based Web Servers, allowing attackers to bypass intrusion detection systems, security filters and and file restrictions, potentially exposing sensitive data.

There is a remote root compromise in Cisco's IronPort Encryption Applicance which can be exploited by unauthorised attackers.

In late January the AusCERT co-ordination centre team participated in an incident-response exercise as one of 16 CERT teams across Asia Pacific. The exercise is run annually to test the response capability of a team and their skills combating cyber crime. This was an enjoyable and challenging drill that had us mitigating phishing attacks, DDoS attacks and pulling apart malware to document its threat value (among other scenarios).

Have a great weekend.

Patrick