Just wanted to make sure everyone saw the update to MS07-046. Version 1.1 of the security bulletin was released today which offers a registry key modification in order to mitigate this vulnerability. eEye Research first released information regarding this registry key mitigation in this month's VERSA newsletter (http://www.eeye.com/html/resources/newsletters/versa/VE20070822.html) and Vulnerability Expert Forum (http://www.eeye.com/html/resources/vef/index.html). We suggest you give the newsletter a read and subscribe for future issues and VEF's to get some good insight into the state of computer security.
Administrators should be paying close attention to this patch, and Considering that a proof-of-concept exploit for this vulnerability has been released (http://www.milw0rm.com/exploits/4337), they should be on even higher alert, Windows administrators should see the described registry workaround as a potential mitigation for this vulnerability, but should definitely weigh all of the potential issues caused by the registry key modification as described in the MS07-046 bulletin.
As always, if you have any questions regarding this blog entry or anything related to information security, don't hesitate to contact us directly at skunkworks@eeye.com.
Comments