Microsoft patches
Many of you would have seen the advance notification from Microsoft regarding the patches to be released on Black Tuesday. There will be 17 bulletins 2 critical, 14 important and one moderate. Keep an eye on the diary for the day as we'll be doing our usual table with in this case likely some "adjustments" on the criticality from our perspective. In the list are some remote code executions, elevation of privileges an a couple of denial of service attacks for good measure. the advanced notification is here http://www.microsoft.com/technet/security/Bulletin/MS10-dec.mspx . The details of what will be released may still change of course. How these patches affect corporations will be interesting as many companies have change freezes in place this time of the year, including the application of patches. so it is likely that the window of opportunity to attack these vulnerabilities is longer than usual. So if you are not going to patch make sure that you have a look at them anyway, determine if you are vulnerable, and maybe what you can do to detect them.
Those of you running office 2008 on a Mac would have noticed that a patch is being pushed out with next weeks date on it. This was the patch that wasn't ready last month when 2011 was patched. AS for next week's date? Likely it was released a little bit earlier than planned, maybe to avoid black Tuesday.
Mark H
New Internet Storm Center Director
To all of our readers, supporters, and volunteers I'd like to thank everybody for your help and support over the past seven years while I've been the Director of the SANS Internet Storm Center. I became the Director in September 2003, right after the infamous Blaster worm had train-wrecked many networks and made life difficult for thousands of system administrators and users. I had no idea how successful the SANS ISC was going to become, but it has matured way beyond what I thought we could do back then.
Like many of our volunteer handlers who have moved along due to career changes and life events, I've reached the point where I need to step down from the role of Director and turn the leadership over to a face many of you are familiar with - Johannes Ullrich. Johannes has been our CTO since the beginning and is the perfect person to lead the organization to new levels of success. I'll still be part of the community, but due to increasing work requirements and this pesky PhD I've been working on for the past few years I won't be able to keep devoting the proper amount of time needed to run this great group.
If you are at the SANS Cyber Defense Initiative (CDI) event in Washington, DC please join us at 6:30 pm tonight for the official hand-over and to meet several of our volunteer handlers.
I look forward to continuing my support to SANS and the community, and I offer my best wishes for success to Johannes and the handler team.
Marcus H. Sachs
Director, SANS Internet Storm Center
EXIM MTA vulnerability
We have had several reports regarding a potential issue in the EXIM Mail Transfer Agent (MTA). Thanks John, Greg, Brad & Edward. The issue relates to a privilege escalation and through a specially crafted email. You can read the information here http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html#exim-dev
Haven't had a chance to install EXIM and test it myself. If you have let us know. In the mean time you may wish to consider running it in unprivileged mode (probably good practice under any circumstances anyway). Instructions on how to do that can be found here http://www.exim.org/exim-html-
Mark H
Comments