Microsoft rates this patch as critical for most Windows platforms running DNS services.
Remote exploits are possible, including remote code execution. Attackers exploiting this issue could obtain Local System context and privileges.
We are currently aware that reverse engineering of the patch has begun by researchers and exploit development is under way in the underground pertaining to this issue. A working exploit is likely to be made available soon, if it is not already in play, as you read this.
Many organizations we talk to still vastly underestimate the capability of the threat. They still think of the attackers and the hackers as folks who are trying to use canned exploits or use the latest version of metasploits to pop a bunch of boxes — that’s just frankly not true. “Paul” is proficient in eight different coding languages. [He’s skilled and learning.] That needs to become the mindset of the defender. – Brent Huston, CEO and Security Evangelist, MicroSolved, Inc.
What would you do if you met an attacker online? Give him a piece of your mind? Or dig a little deeper to find out what motivates him and how he operates? In this special interview, Brent Huston discusses a recent incident where he had such an opportunity. In this fascinating conversation, Brent described how he met Paul and his attitude toward meeting another “up and coming” hacker. Take a listen! Discussion questions include:
How Brent tracked Paul down
What was Paul’s attitude toward Brent and his questions
A little about Paul and his skills
What does Paul use his compromised systems for?
What lessons can organizations draw from this encounter?
Interview Participants:
Brent Huston, CEO, Founder, and Security Evangelist
Mary Rose Maguire, Marketing Communication Specialist and moderator
Click the embedded player to listen. Or click this link to access downloads. Stay safe!
Quicktime versions 7.2 and 7.3 are vulnerable to a stack based overflow. This vulnerability is causedby a boundary error when processing RTSP (Real Time Streaming Protocol) replies. This can be exploited by sending a specially crafted RTSP reply with a long “Content-Type” header. Exploitation requires that a user visits a malicious URL or open a malicious QTL file.Working exploit code is available to the public. There is no update available at this time, so users should beware suspicious links or Quicktime files (qtl).