[Dshield] 0-day exploit: Microsoft Internet Explorer "Msdds.d ll"Remote Code Exe cution Exploit

Stephane Grobety security at admin.fulgan.com
Thu Aug 18 15:44:47 GMT 2005


I'm trying to take a positive view here: what is the path that could
actually help sysadmins out there protect their network ?

Releasing exploit code only has two effects: it makes it much easier
for the bad guys to produce maleware exploiting the flaw and it put
pressure on the company/group that must provide a patch. The first one
is extremely bad as this is the main reason why the patching window is
becoming so small (most of the worms we see seems directly derived
from sample exploit code) and the second effect is only a good thing
if there is a need for that pressure: to force a company that doesn't
want to patch for PR reason to actually get a solution ready.

Releasing technical details of the attack is more useful: it can be
used to create IPS filters, firewall rules and workaround for the
problem before the patch is out. At the very worse, it can help
analyze compromised systems and understand what happened.

I'd love to hear your opinion on the subject.

Good luck,
Stephane

-- 
Best regards,
 Stephane                            mailto:security at admin.fulgan.com



More information about the list mailing list