Alert: RE: New attack vectors and a vulnerability dissection of MS03-007

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 03/21/03

  • Next message: Christopher Hill: "Q329170 (MS02-070), Q327984 and slow logoffs" 
    Date:         Fri, 21 Mar 2003 12:45:54 -0500
From: Russ <Russ.Cooper@RC.ON.CA>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I just want to let you all know that after a discussion with David
    and Mark Litchfield this morning, I pulled all of the content of my
    NTDLL Attack FAQ and replaced it with a simply statement warning
    everyone that there is no protection other than applying the MS03-007
    patch. Our (TruSecure's) assessment is that there will be attacks
    based on the new methods NGSSoftware have uncovered within the next
    30 days, and they will likely be varied.

    IIS is not the only vector, and simply adding the DisableWebDAV
    registry key does nothing to prevent the additional attack vectors
    they've uncovered.

    Patch immediately!

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0

    iQA/AwUBPntPvM+Ua7J6A+woEQKTtwCeMwQyStCIiRRRwMKOtEUdIMMV9hsAn11p
    A070xdOLURHQJ1Hq52CP4Fj3
    =JQV/
    -----END PGP SIGNATURE-----

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    TICSA - Anniversary Special - Limited Time

    Become TICSA certified for just $221.25 US when you register before 3/31/03
    with PROMO "TS0103" at www.2test.com. NO membership fees, certification
    good for 2 years. Price for international delivery just $296.25 US, with
    this offer. Offer cannot be combined with any other special and expires
    3/31/03. Visit www.trusecure.com/ticsa for full details.

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

  • Next message: Christopher Hill: "Q329170 (MS02-070), Q327984 and slow logoffs"