[Dshield] RE: Swen Vs. ISA, Outlook & Norton

Bob Fronk bfronk at davishelliot.com
Wed Sep 24 14:36:14 GMT 2003


Make sure you have the latest OUTLOOK service packs and security
updates.

http://office.microsoft.com/officeupdate/default.aspx


Bob Fronk
bfronk at davishelliot.com
 
 

> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf
> Of Guy Barnum
> Sent: Wednesday, September 24, 2003 10:08 AM
> To: General DShield Discussion List
> Subject: [Dshield] RE: Swen Vs. ISA, Outlook & Norton
> 
> Both of the patch versions at the mentioned link are for IE 5.x.  Out
of
> curiousity I tried them both to see what would happen and I get a
windows
> popup box with the message: "This update does not need to be installed
on
> this system".
> 
> Apparently the same vulnerability exists in IE 6.x that existed in
5.x.
> Excerpt from the 5.x version patch Microsoft web page: as discussed in
...
> Knowledge Base article Q308411, customers who upgrade to IE 6 on
Windows
> 95, 98, 98SE or ME must select either Typical Install (this is the
> default) or Full Install in order to eliminate the vulnerability.
> 
> So any custom install of IE6 still has the old vulnerability left over
> from IE5?
> 
> This just found on microsoft technet main page:
> http://www.microsoft.com/technet/security/virus/alerts/swen.asp
> 
> FYI: the first link under the 'PREVENTION' heading refer back to that
old
> IE5.x patch which won't do you any good, unless your still using a
version
> of IE from the stone ages.  Scroll a good long ways down that technet
page
> and you should eventually find links to the latest outlook or office
> patches.
> 
> Guy
> gbarnum at armscole.com
> 
> -----Original Message-----
> From: Bob Fronk [mailto:bfronk at davishelliot.com]
> Sent: Tuesday, September 23, 2003 4:30 PM
> To: General DShield Discussion List
> Subject: RE: [Dshield] Swen Vs. ISA, Outlook & Norton
> 
> 
> Swen will try to execute itself.
> 
> Excerpt from Symantec web site on Swen:
> 
> W32.Swen.A at mm is similar to W32.Gibe.B at mm in function, and is written
in
> C++.
> 
> This worm exploits a vulnerability in Microsoft Outlook and Outlook
> Express in an attempt to execute itself when you open or even preview
> the message. Information and a patch for the vulnerability can be
found
> at: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
> 
> 
> 
> Bob Fronk
> bfronk at davishelliot.com
> 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list