SANS Log Management 2006 ... |
Update on zero day Word v... »
Zero information on zero day vulnerability in Word
Fri, 19 May 2006 15:30:04 GMT
A couple hours ago, my Google sidebar lit up with new postings about the new vulnerability in Word, discovered by Symantec, that apparently opens a back door.
I am frustrated at the total lack of detail on this so far and no other recommendation than to be careful about Word attachments - even blocking them at the email gateway.
How long does it take to produce a signature update or give more information about how bad the vulnerability is?
The reports I’ve seen say it opens a back door but what kind of back door? Does it open a port for incoming connections or does it actively check a rogue site for zombie commands? Are you protected if you have Windows Firewall?
So far the best information I’ve seen is at http://isc.sans.org/diary.php?compare=1&storyid=1345.
If you have thoughts or information on this let me know. I’ll make sure you receive credit.
Understanding the Difference between “Account Logon” and “Logon/Logoff” Events in the Windows Security Log
Automating Review and Response to Security Events
Virtualization Security: What Are the Real World Risks?
SolarWinds Log & Event Manager Includes My Favorite Feature in a SIEM…
powered by Bloget™