Cisco Talos Blog

September 14, 2009 14:28

Vulnerability Report September 2009

This month's report covers three of the Microsoft Tuesday advisories, a remote code execution vulnerability in SMBv2, a vulnerability in the IIS FTP module and information on Dojocon

September 9, 2009 12:54

Rule release for today - September 9, 2009

A quick release for an update to SID 15930 to address the possibility of remote code execution for the Microsoft Windows SMBv2 processing vulnerability. Information is available on snort.org here

September 8, 2009 14:09

Microsoft Tuesday Coverage for September 2009

Microsoft Security Advisory (MS09-045): The Microsoft JScript scripting engine contains a programming error that may allow a remote attacker to execute code on an affected host. Microsoft Security Advisory (MS09-046): The Microsoft DHTML Editing Component ActiveX control contain

September 2, 2009 13:47

Microsoft IIS FTP Vulnerability - bad detection

Yesterday, we wrote about the Microsoft IIS FTP stack overflow. (here) Since then, we've seen some folks try to come up with detection for attacks targeting this vulnerability. Here's some things to think about when detecting this attack: 1. We saw some rules that d

September 1, 2009 15:25

Rule release for today - September 1, 2009

Microsoft IIS FTP Buffer Overflow: The Microsoft FTP module for Internet Information Services (IIS) contains a programming error that may allow a remote attacker to execute code on an affected system. The problem occurs in the processing of specially crafted directory names which

September 1, 2009 10:44

Microsoft IIS FTP Vulnerability

We saw some exploit code posted to milw0rm yesterday that relates to a vulnerability in the Microsoft IIS FTP module. Basically, it exploits a vulnerability where the server doesn't correctly parse directory names. The attacks makes use of the FTP NLST command which will caus

August 25, 2009 16:32

Rule release for today - August 25 2009

A maintenance release this one, a few new rules and some performance enhancements. Also, make sure you are using the dcerpc2 preprocessor now since these rule releases no longer include any of the flowbit rules that used to be needed for some DCERPC related vulnerabilities. As a

August 18, 2009 14:23

Rule release for today - August 18 2009

As a result of ongoing research, the Sourcefire VRT has added multiple rules to the web-client, web-misc and sql rule sets to provide coverage for emerging threats from these technologies. Snort link here: http://www.snort.org/vrt/advisories/2009/08/18/vrt-rules-2009-08-18.html

August 17, 2009 18:08

Vulnerability Report August 2009

This month's report covers three of the Microsoft Tuesday advisories, Snort 2.8.5 RC, Byakugan, DHCLIENT and BIND 9.