[Dshield] RE: Swen Vs. ISA, Outlook & Norton

Bob Fronk bfronk at davishelliot.com
Wed Sep 24 14:36:14 GMT 2003

Make sure you have the latest OUTLOOK service packs and security


Bob Fronk
bfronk at davishelliot.com

> -----Original Message-----
> From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
> Of Guy Barnum
> Sent: Wednesday, September 24, 2003 10:08 AM
> To: General DShield Discussion List
> Subject: [Dshield] RE: Swen Vs. ISA, Outlook & Norton
> Both of the patch versions at the mentioned link are for IE 5.x.  Out
> curiousity I tried them both to see what would happen and I get a
> popup box with the message: "This update does not need to be installed
> this system".
> Apparently the same vulnerability exists in IE 6.x that existed in
> Excerpt from the 5.x version patch Microsoft web page: as discussed in
> Knowledge Base article Q308411, customers who upgrade to IE 6 on
> 95, 98, 98SE or ME must select either Typical Install (this is the
> default) or Full Install in order to eliminate the vulnerability.
> So any custom install of IE6 still has the old vulnerability left over
> from IE5?
> This just found on microsoft technet main page:
> http://www.microsoft.com/technet/security/virus/alerts/swen.asp
> FYI: the first link under the 'PREVENTION' heading refer back to that
> IE5.x patch which won't do you any good, unless your still using a
> of IE from the stone ages.  Scroll a good long ways down that technet
> and you should eventually find links to the latest outlook or office
> patches.
> Guy
> gbarnum at armscole.com
> -----Original Message-----
> From: Bob Fronk [mailto:bfronk at davishelliot.com]
> Sent: Tuesday, September 23, 2003 4:30 PM
> To: General DShield Discussion List
> Subject: RE: [Dshield] Swen Vs. ISA, Outlook & Norton
> Swen will try to execute itself.
> Excerpt from Symantec web site on Swen:
> W32.Swen.A at mm is similar to W32.Gibe.B at mm in function, and is written
> C++.
> This worm exploits a vulnerability in Microsoft Outlook and Outlook
> Express in an attempt to execute itself when you open or even preview
> the message. Information and a patch for the vulnerability can be
> at: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
> Bob Fronk
> bfronk at davishelliot.com
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list