Immunity in the "news"

["Gavin, Michael" <mgavin () forrester com>]

Happy Birthday Dave!

(Now where did I leave that deck of punch cards...)

> From Citadel's "Two Minute Warning" (which has raised its "Internet
Threat Regulator" status from "low/normal" to "medium/elevated" today,
perhaps due in part to this? ;-) ):


The Vulnerability Report:

Exchange Exploit Out
 
A security company with vulnerability expertise has released a
denial-of-service exploit against Microsoft Exchange's calendar, the
same feature patched earlier this week that has analysts worried about a
worm, Symantec said Thursday. 

Immunity Security, which markets the CANVAS exploit tool, has added the
capability to launch a denial-of-service attack against Exchange,
Microsoft's mail server software. 

"This closely follows the initial release of the fuzzer targeting the
same service," Symantec said. On Wednesday, Immunity unveiled a
stress-test tool, a "fuzzer," that hammered on one of the two calendar
functions mentioned in Microsoft's MS06-019 security bulletin. 

Symantec isn't sure if the Immunity exploit targets the same
vulnerability that Microsoft patched, or is an attack against a new
zero-day bug. 

Because Immunity only releases its exploits to users of the CANVAS
framework, Symantec said it was "unlikely" that it would leak to hackers
in the near future. 

In the past, however, Immunity's development of an exploit has been
followed by independent work by hackers. In October 2005, for instance,
Immunity released an exploit for a bug patched the previous day by
Microsoft; by the end of November, others had come up with their own
attacks. 

Symantec recommended that companies not only patch the vulnerability
fixed in MS06-019, but also apply the workarounds outlined in the
bulletin in case the Immunity exploit is aimed an unpatched problem.