Wednesday, August 9

MS 06-040

Been reading alot about MS06-040. Apparently this is going around the internet as being 'THE' thing. THE next vulnerability. Now, I've also seen alot of people trying to run around writing Snort signatures for it.

Be honest with you.. these signatures are not written by normal humans... :) The VRT team is 'Above the Rim' when it comes to netbios rules. Netbios rules are like, easily the most difficult rules written, and perhaps the hardest to understand. I teach rule classes all the time, and let me tell you, when I put a netbios rule up on the screen, after i get done teaching pcre, and byte_test, byte_jump.. students still don't understand it. So, if you have a Sourcefire rules subscription for VRT rules, go grab these guys. If you don't, well you'll have to wait 5 days. But these rules are exactly the reason that you should buy a subscription. This is why one is needed.

So, let me just say... today, we published rules for these guys. Check out the vulnerability notice we put out today here Also here:

No comments: