[Dshield] RE: Swen Vs. ISA, Outlook & Norton

Guy Barnum GuyBarnum at Armscole.com
Wed Sep 24 14:07:59 GMT 2003


Both of the patch versions at the mentioned link are for IE 5.x.  Out of curiousity I tried them both to see what would happen and I get a windows popup box with the message: "This update does not need to be installed on this system".

Apparently the same vulnerability exists in IE 6.x that existed in 5.x.  Excerpt from the 5.x version patch Microsoft web page: as discussed in ... Knowledge Base article Q308411, customers who upgrade to IE 6 on Windows 95, 98, 98SE or ME must select either Typical Install (this is the default) or Full Install in order to eliminate the vulnerability.

So any custom install of IE6 still has the old vulnerability left over from IE5?

This just found on microsoft technet main page: http://www.microsoft.com/technet/security/virus/alerts/swen.asp

FYI: the first link under the 'PREVENTION' heading refer back to that old IE5.x patch which won't do you any good, unless your still using a version of IE from the stone ages.  Scroll a good long ways down that technet page and you should eventually find links to the latest outlook or office patches.

Guy 
gbarnum at armscole.com

-----Original Message-----
From: Bob Fronk [mailto:bfronk at davishelliot.com]
Sent: Tuesday, September 23, 2003 4:30 PM
To: General DShield Discussion List
Subject: RE: [Dshield] Swen Vs. ISA, Outlook & Norton


Swen will try to execute itself.

Excerpt from Symantec web site on Swen:

W32.Swen.A at mm is similar to W32.Gibe.B at mm in function, and is written in
C++.

This worm exploits a vulnerability in Microsoft Outlook and Outlook
Express in an attempt to execute itself when you open or even preview
the message. Information and a patch for the vulnerability can be found
at: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp



Bob Fronk
bfronk at davishelliot.com
 




More information about the list mailing list