[prev in list] [next in list] [prev in thread] [next in thread]
List: patchmanagement
Subject: latest-on-ms08-067
From: Susan Bradley <sbradcpa () pacbell ! net>
Date: 2008-11-07 7:35:58
Message-ID: 4913EFDE.4080401 () pacbell ! net
[Download RAW message or body]
http://blogs.technet.com/msrc/archive/2008/11/05/latest-on-ms08-067.aspx
Hi, this is Christopher Budd. We’ve been getting some questions from
customers this week asking if we’ve seen any changes in the threat
environment around MS08-067
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>. We
do have some information that we can share so I wanted to pass that along.
Most importantly, we continue to see strong deployments of MS08-067
<http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx>.
We’re glad that customers have moved as quickly as they have to
download, test and deploy the update. That said, we continue to urge
customers who haven’t yet deployed the update to do so.
We have seen some new pieces of malware attempting to exploit this
vulnerability this week. And while so far, none of these attacks are the
broad, fast-moving, self-replicating attacks people usually think of
when they hear the word “worm,” they do underscore the importance of
deploying this update if you haven’t already.
My colleagues over in the Microsoft Malware Protection Center (MMPC)
<http://blogs.technet.com/mmpc/default.aspx> have provided write ups on
the new pieces of malware we’ve seen this week and have included
signatures to help protect against these.
· Trojan:Win32/Wecorl.A
<http://www.microsoft.com/security/portal/Entry.aspx?Name=Trojan%3aWin32%2fWecorl.A>
· Trojan:Win32/Wecorl.B
<http://www.microsoft.com/security/portal/Entry.aspx?Name=Trojan%3aWin32%2fWecorl.B>
· Trojan:Win32/Clort.A
<http://www.microsoft.com/security/portal/Entry.aspx?Name=Trojan:Win32/Clort.A>
· Trojan:Win32/Clort.A!exploit
<http://www.microsoft.com/security/portal/Entry.aspx?Name=Trojan:Win32/Clort.A%21exploit>
· Trojan:Win32/Clort.A.dr
<http://www.microsoft.com/security/portal/Entry.aspx?Name=Trojan:Win32/Clort.A.dr>
· TrojanDownloader:Win32/VB.CQ
<http://www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader:Win32/VB.CQ>
· TrojanDownloader:Win32/VB.CJ
<http://www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader:Win32/VB.CJ>
Again, none of these are broad, fast-moving, self-replicating attacks.
They’re similar to the original attacks
<http://blogs.technet.com/mmpc/archive/2008/10/23/get-protected-now.aspx>
we detected, in that they focus on loading malware onto vulnerable
system. They’re also similar in that the overall scope of these attacks
is very limited. The largest of these attacks are those associated with
Clort family and we’ve seen well below fifty attacks worldwide.
Overall the threat environment remains similar to what it was last
Monday when we released Microsoft Security Advisory 958963
<http://blogs.technet.com/msrc/archive/2008/10/27/microsoft-security-advisory-958963.aspx>.
The publically available exploit code has resulted in limited malware
attacks seeking to exploit the vulnerability. This is in-line with what
Mike said
<http://blogs.technet.com/msrc/archive/2008/10/27/microsoft-security-advisory-958963.aspx>
we should expect last week. We expect we’ll continue to see new pieces
of malware over the coming days and weeks, and our colleagues over in
the MMPC <http://blogs.technet.com/mmpc/default.aspx> will continue to
add write-ups and signatures for them.
We’ll continue to watch and update you of any important new developments.
Thanks
Christopher
---
When posting or replying to messages on this list, please send all
emails in plain text format. HTML formatted messages will not be accepted.
PatchManagement.org is hosted by Shavlik Technologies
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic