case western reserve university



Microsoft Vulnerability du Jour

September 20, 2006

On September 19, 2006, Microsoft acknowledged that previously undocumented operating system vulnerability was discovered in the Vector Markup Language implementation, and that public release of exploit code has been confirmed. The Microsoft Advisory and the CVE Reference provide technical details.

Microsoft may not release a security update until Oct 10, so Case users are advised to keep their antivirus signatures updated, and follow the four workaorunds suggested in the Microsoft Advisory.

Additionally, users should consider using Firefox as a default browser.

Jesper's Blog indicates how OU administrators can take action in GPOs to prevent managed windows hosts from being compromised.

Unlike the attacks of the MS06-040 Server Service vulnerability which could be exploited remotely via the network, this vulnerability depends upon user interaction.

Posted by Thomas Siu at 03:23 PM

Powered by
Movable Type

Site Last Updated: Friday December 17, 2004 at 17:55:51