Thursday, August 10, 2006

Patching, patching ... Hurry up!

Or be safe, if you have a good AV/IPS solution in place...
Well it certainly didn't take long for some to start making available (and its public available) exploits against the vulnerabilities described in MS06-040, MS06-042 and MS06-046, which where only released yesterday. Those of you're still testing patches, you'd better hurry up and get some of these fixed before you get hit. Just as a reminder:
Filtering ports 135-139 and 445 helps against MS06-040; as do private VLANs (preventing client-client communication in the switch). None of those will help your fileserver, so patching is critical. Since there are still unpatched vulnerabilities in this software, filtering still remains crucial. If you cannot apply MS06-042: stop using MSIE now, use an alternate browser.
Switching away to a browser not doing ActiveX (almost any will do) should help protect you against MS06-046 attacks as well. But the best solution is to patch and do the above, layered defences.
eEye released even a free scanner for detection of MS06-040.... People if you got a good AV/IPS solution in place you don't need this. I could even say if you need to use that free scanner, it means that there is something wrong with your security solution!
(Retina MS06-040 NetApi32 scanner )