Johannes Ullrich
Johannes Ullrich
Johannes Ullrich is the founder of DShield. DShield is now part of the SANS Internet Storm Center which he leads since it was created from Incidents.org and DShield back in 2001. In 2005, he was named one of the 50 most powerful people in Networking by Network World Magazine. He is the dean of research, and an instructor for the SANS Institute...
based company convinced customers danger days early explorer given imminent internet issue microsoft patch patches prior production public release released require stated suspect within
We do suspect that Microsoft will still release an early patch given the imminent danger to its customers from this flaw. As stated by the company about two years ago, patches can be released within two days if needed. Based on prior public commitments, we do suspect that Microsoft will issue the patch early once they are convinced that customers require the use of Internet Explorer in production environments.
The story here is if you are hit, you do have other vulnerabilities than this problem.
dangerous exploit issue
The Snort issue is more dangerous because the exploit is really simple.
cooperate functions less patches problems software sort various
These are the sort of problems that we typically see when patches don't cooperate well with various third-party software and some of the less used functions of Windows,
applying recommend temporary
At this point, we do not recommend applying these temporary patches.
appear apple distinct larger offer patches testing
At this point, Apple does not appear to offer the patches in distinct packages, which will make testing in larger environments tricky.
attempts aware blocks carefully checked exploit official patch percent sure tested worth
We carefully checked this patch and are 100 percent sure that it is not malicious. The patch is, of course, not as carefully tested as an official patch. But we feel it is worth the risk. We know it blocks all exploit attempts we are aware of.
ask connect control network tries
will connect to a control server to ask for instructions. It scans network neighborhoods and tries to infect them, as well.
connected laptop
Typically, the infective vector is a laptop connected to unsecured networks,
code endorse source validate
I don't think we will endorse this patch. There is no source code available, so we are not able to validate the patch.
damage good patch quickly roll testing
More often than not, a patch will actually do more damage than good if you roll it out too quickly without testing it first.
felt guess necessary release serious
My guess is that it's just serious enough that they really felt it was necessary to release it early.
allow bad compromise crash excel file hackers program trying word
What hackers are trying to find is, if they can make a bad Excel file or a bad Word file, does the program crash and allow them to compromise the system.
allow blocking display files normally programs windows
This should allow Windows programs to display WMF files normally while still blocking the exploit.