Snort mailing list archives
Re: Microsoft .lnk vulnerability
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 22 Jul 2010 09:11:11 -0400
There was a rule published on July 13: 16665 Joel On Jul 22, 2010, at 9:01 AM, John York wrote:
Hi I've been watching the VRT blog and the lists to see if there are any rules or comments on the current 0day for MS .lnk files (CVE-2010-2568, http://www.microsoft.com/technet/security/advisory/2286198.mspx). I realize that an internal infection from fileshares would be difficult to detect if your IDS is at the perimeter, but it would be helpful in the event that a user has managed to map a drive to the outside. I've seen a signature that looks for .lnk files coming from web servers, but that's going to miss a lot and FP a lot. Hopefully the current blog/pr war isn't distracting everyone... Thanks John ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Microsoft .lnk vulnerability John York (Jul 22)
- Re: Microsoft .lnk vulnerability Joel Esler (Jul 22)
- Re: Microsoft .lnk vulnerability Joel Esler (Jul 22)