Security Basics mailing list archives
Re: Detecting new Windows .jpeg exploit
From: Miles Stevenson <miles () mstevenson org>
Date: Wed, 15 Sep 2004 21:27:35 -0400
<snip>
What I'd like to know is how we can scan a fairly large network for vulnerable machines. Microsoft provided a tool to detect if your own computer needs to be patched, but running this on potentially thousands of systems isn't really an option. Is there any way known at this time to detect if a computer is vulnerable?
</snip> Unfortunately, the number of applications that rely on these image-handling libraries make this a pretty tricky one to deal with. My recommendation is to try and make sure all of your systems have XP SP2 installed first. From there, you are going to have to identify the other applications and patch as necessary. This is going to take some time. So pay special attention to what is coming in through your mail servers, FTP transfers, and HTTP sessions for the users you are supporting. As controlling end-user surfing habits is not feasible for most sites, HTTP filtering probably isn't going to be a valid option. Just keep as much junk out of your mail server as possible. You may even want to consider switching users from IE to another browser, but since you can't get rid of IE, I wouldn't trust that. Patch patch patch. I'd be willing to bet that we are going to see a new worm variant exploiting this within the next month or two at the latest (we are possibly days away?). This is just too sweet an injection vector to be ignored by the blackhats. -- Miles Stevenson miles () mstevenson org PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63
Attachment:
_bin
Description:
Current thread:
- Detecting new Windows .jpeg exploit Bowes, Ronald (EST) (Sep 15)
- Re: Detecting new Windows .jpeg exploit Miles Stevenson (Sep 16)
- <Possible follow-ups>
- Re: Detecting new Windows .jpeg exploit H Carvey (Sep 16)
- RE: Detecting new Windows .jpeg exploit Bowes, Ronald (EST) (Sep 16)
- RE: Detecting new Windows .jpeg exploit Roger A. Grimes (Sep 16)
- RE: Detecting new Windows .jpeg exploit Kenton Smith (Sep 18)