[Dshield] RE: Swen Vs. ISA, Outlook & Norton
GuyBarnum at Armscole.com
Wed Sep 24 14:07:59 GMT 2003
Both of the patch versions at the mentioned link are for IE 5.x. Out of curiousity I tried them both to see what would happen and I get a windows popup box with the message: "This update does not need to be installed on this system".
Apparently the same vulnerability exists in IE 6.x that existed in 5.x. Excerpt from the 5.x version patch Microsoft web page: as discussed in ... Knowledge Base article Q308411, customers who upgrade to IE 6 on Windows 95, 98, 98SE or ME must select either Typical Install (this is the default) or Full Install in order to eliminate the vulnerability.
So any custom install of IE6 still has the old vulnerability left over from IE5?
This just found on microsoft technet main page: http://www.microsoft.com/technet/security/virus/alerts/swen.asp
FYI: the first link under the 'PREVENTION' heading refer back to that old IE5.x patch which won't do you any good, unless your still using a version of IE from the stone ages. Scroll a good long ways down that technet page and you should eventually find links to the latest outlook or office patches.
gbarnum at armscole.com
From: Bob Fronk [mailto:bfronk at davishelliot.com]
Sent: Tuesday, September 23, 2003 4:30 PM
To: General DShield Discussion List
Subject: RE: [Dshield] Swen Vs. ISA, Outlook & Norton
Swen will try to execute itself.
Excerpt from Symantec web site on Swen:
W32.Swen.A at mm is similar to W32.Gibe.B at mm in function, and is written in
This worm exploits a vulnerability in Microsoft Outlook and Outlook
Express in an attempt to execute itself when you open or even preview
the message. Information and a patch for the vulnerability can be found
bfronk at davishelliot.com
More information about the list