funsec mailing list archives
Re: Microsoft to rush out emergency Windows patch today
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Fri, 24 Oct 2008 09:34:07 +0300 (EEST)
Absolutely. MS08-067 raised the SANS ISC InfoCon to Yellow http://isc.sans.org/infocon.html and that doesn't happen every month. When you look into payload of Win32/Gimmiv.A Trojan the motivation behind the exploitation is very clear. This vulnerability has been reportedly the weapon of targeted attack during two or three weeks. Juha-Matti Larry Seltzer [larry () larryseltzer com] kirjoitti:
Oh clearly it's a real threat. It's just not the threat it would have been a few years ago. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com -----Original Message----- From: Paul Ferguson [mailto:fergdawgster () gmail com] Sent: Thursday, October 23, 2008 9:43 PM To: Larry Seltzer Cc: Juha-Matti Laurio; funsec () linuxbox org Subject: Re: [funsec] Microsoft to rush out emergency Windows patch today -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Oct 23, 2008 at 6:33 PM, Paul Ferguson <fergdawgster () gmail com> wrote:On Thu, Oct 23, 2008 at 6:29 PM, Larry Seltzer<larry () larryseltzer com>wrote:Default? And what might those rulesets be, pray tell?http://support.microsoft.com/default.aspx?scid=fh;ln;xpsp2swhw and a hundred other URLs at Microsoft.com: "By default, Windows Firewall is enabled and blocks unsolicited connections to your computer." That's the default configuration after you install SP2 (or SP3 orVista)or when you buy a computer from an OEM with them pre-installed.We'll see, I guess. :-) - - fergBTW, I guess that if it weren't a _real_ threat, Microsoft would have just included it in the normal monthly Patch Tuesday release. Savvy? - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFJASgwq1pz9mNUZTMRAmGKAJwP4Y2dO7CSJQuU7Ls4ci61uAWXYACfTE6D 6LtPLIPj9DuXy/PCK6WVfS0= =ggsj -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Microsoft to rush out emergency Windows patch today, (continued)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Paul Ferguson (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Larry Seltzer (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Jack McCarthy (Oct 23)
- Re: Microsoft to rush out emergency Windows patch today Erik Harrison (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Valdis . Kletnieks (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Erik Harrison (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Dragos Ruiu (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Dragos Ruiu (Oct 29)
- Re: Microsoft to rush out emergency Windows patch today Gadi Evron (Oct 30)