On a related note, the major AV companies have released updated
definitions that include heuristic detection to catch the latest
vulnerability
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.61.html
the complete list is here, under FAQ's
http://www.microsoft.com/technet/security/advisory/917077.mspx
I wouldn't place all my eggs in one basket, but it's one more hoop an
exploit would have to jump thru.
On 3/29/2006 11:12 AM, Sean Frye wrote:
> Does this mean that there are machines on campus that have been
> compromised specifically by this new attack vector? If so, how is that
> detected, and can other admins on campus use that detection mechanism on
> the networks they oversee? Thanks in advance.
>
> -Sean
>
> Allison Henry wrote:
>
>> A vulnerability has been discovered in Microsoft Internet Explorer,
>> which can be exploited by malicious people to compromise a user's
>> system. A computer running a vulnerable version of Internet Explorer
>> (5.01 SP4 or any version 6) can be exploited when the user visits a
>> malicious website containing the exploit code. Such websites are
>> currently out on the Internet and SNS has seen computers on the UC
>> Berkeley network that have been exploited. Currently there is no patch
>> for this vulnerability.
>>
>> To avoid becoming compromised, SNS advises using extra caution when
>> visiting websites. Avoid websites from untrusted parties and use extreme
>> caution when following web links in email -- make sure you trust the URL
>> and "cut-and-paste" rather than clicking on the link. For extra
>> protection, you can set your Internet Explorer security zone settings to
>> "High" or disable Active Scripting (read the Microsft advisory for more
>> information on how to do this).
>>
>> Read the Microsoft Advisory for more information:
>> http://www.microsoft.com/technet/security/advisory/917077.mspx
>>
>> Please pass this information along to campus users and others who may be
>> affected by this vulnerability.
>>
>>
>
>
> ------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> For information about Micronet, including subscribing to
> or unsubscribing from its mailing list and finding out
> about upcoming meetings, please visit the Micronet Web site:
> <http://micronet.berkeley.edu/>.
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Wed Mar 29 11:39:46 2006
This archive was generated by hypermail 2.1.8 : Wed Mar 29 2006 - 11:39:47 PST