FYI...
- http://www.microsoft.com/technet/sec...ry/935964.mspx
• April 19, 2007: Advisory updated: To provide information on Windows Live OneCare malware detection capability and to clarify that the registry key workaround provides protection to all attempts to exploit this vulnerability. Advisory also updated to provide additional data regarding exploitability through port 139*.
* "Block TCP and UDP port 445 and 139 as well as affected ports greater than 1024 by using IPsec on the affected systems"
---------
Identified Malware:
Silveras.A - http://www.microsoft.com/security/en...in32/Siveras.A
Silveras.B - http://www.microsoft.com/security/en...in32/Siveras.B
Silveras.C - http://www.microsoft.com/security/en...in32/Siveras.C
Silveras.D - http://www.microsoft.com/security/en...in32/Siveras.D
> http://atlas.arbor.net/service/tcp/139
-------------------------------------------------
- http://asert.arbornetworks.com/2007/...-dns-exploits/
April 17, 2007 ~ "The latest turn in the Nirbot saga is that they’ve gone and incorporated the MS Windows DNS RPC interface exploit into their bot. We started seeing this in ATLAS starting Sunday evening GMT and it appears that this flood of MS DNS RPC exploits was seeded into an existing botnet. It appears that one of the public exploits was rolled into the bot over the weekend..."
-------------------------------------------------
New KB article to help deploy DNS remote RPC block workaround throughout enterprise
- http://preview.tinyurl.com/2a65ba
April 20, 2007 7:06 PM ~ "...You can find the KB at
http://support.microsoft.com/kb/936263 ..."
Last Review: April 21, 2007
Revision: 1.0
.