[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntbugtraq
Subject:    Alert: RE: New attack vectors and a vulnerability dissection of
From:       Russ <Russ.Cooper () RC ! ON ! CA>
Date:       2003-03-21 17:45:54
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just want to let you all know that after a discussion with David
and Mark Litchfield this morning, I pulled all of the content of my
NTDLL Attack FAQ and replaced it with a simply statement warning
everyone that there is no protection other than applying the MS03-007
patch. Our (TruSecure's) assessment is that there will be attacks
based on the new methods NGSSoftware have uncovered within the next
30 days, and they will likely be varied.

IIS is not the only vector, and simply adding the DisableWebDAV
registry key does nothing to prevent the additional attack vectors
they've uncovered.

Patch immediately!

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPntPvM+Ua7J6A+woEQKTtwCeMwQyStCIiRRRwMKOtEUdIMMV9hsAn11p
A070xdOLURHQJ1Hq52CP4Fj3
=JQV/
-----END PGP SIGNATURE-----

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
TICSA - Anniversary Special - Limited Time

Become TICSA certified for just $221.25 US when you register before 3/31/03
with PROMO "TS0103" at www.2test.com.  NO membership fees, certification
good for 2 years. Price for international delivery just $296.25 US, with
this offer.  Offer cannot be combined with any other special and expires
3/31/03. Visit www.trusecure.com/ticsa for full details.

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

[prev in list] [next in list] [prev in thread] [next in thread]