Вот решил завести топик. Не знаю уж все ли следят за этим. Буду постить сюда о наиболее примечательных дырах, открывающих ваши системы для хакеров. Сегодня
(1) CRITICAL: IE/IIS Microsoft Data Access Components (MDAC) Buffer
Overflow
Affected Products:
MDAC 2.1, 2.5, 2.6 (virtually all versions of Windows except XP) IIS
servers allowing remote access to vulnerable MDAC services Internet
Explorer 5.01, 5.5, 6.0 (except for Windows XP)
Description:
MDAC is a technology present in nearly all Windows installations.
Vulnerable versions contain a buffer overflow that can be remotely
exploited to execute arbitrary code in two different ways. First,
an attacker can compromise an IIS server by sending a malicious HTTP
request. Second, a hostile web server can compromise a web client
running Internet Explorer by sending a malicious HTTP response.
Successful exploitation of IIS provides attackers with SYSTEM
privileges by default. Web clients are compromised at the privilege
level of the user running Internet Explorer.
Risk: Remote Compromise.
Remote SYSTEM-level compromise of IIS servers, or remote compromise
of web client machines running Internet Explorer.
Deployment: Huge.
The vulnerable software is present in nearly all versions of Windows.
Ease of Exploitation: Unknown.
Foundstone's advisory provides some technical detail about how to
trigger the heap overflow on IIS servers. Fewer details are available
concerning how to exploit an IE client. Note that an attacker must
entice an IE victim to visit a hostile webserver.
Status: Vendor confirmed, patches available.
References:
Foundstone Advisory:
Microsoft Advisory and KnowledgeBase Article:
Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution (Q329414)
//
www.microsoft.com
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q329414 Council Site Actions:
All council sites reported action taken. They identified vulnerable
Internet-facing servers and have either already patched them or
have scheduled the patch to take place as soon as possible. One site
reported a large number of vulnerable Internet-facing system which
they have no access to. They are prepared to take these systems
offline if patches are not available and/or the appropriate support
groups cannot be identified.
All council sites plan to patch internally facing machines during
the next regular patch cycle.
**************************************************************