I appreciate seeing such alerts on the NOG list, and I believe it is sufficiently on-topic and relevant to this lists ToR. Keith Davidson Paul McKitrick wrote:

Good Morning,

CCIP did not initially post this alert to the NZNOG list yesterday as it was felt that members might not deem this type of posting appropriate for the NZNOG list. However there have been a number of requests from NZNOG members requesting for this to be posted here, who had received it from yesterday CCIP's mailing lists.

CCIP would be interested in feedback about the applicability of CCIP's Alerts on the NZNOG list. Currently CCIP's threshold for issuing these types of alerts is when there is active exploitation of a new or unpatched vulnerability in the wild.

Regards, Paul.

-- Paul McKitrick Head of Stakeholder Engagement Centre for Critical Infrastructure Protection D: (+64) 4 498 7645 P: (+64) 4 498 7654 F: (+64) 4 498 7655 E: paul.mckitrick(a)ccip.govt.nz W: www.ccip.govt.nz

--- This e-mail contains official New Zealand Government information, which is intended for the use of addressees only. If you have received this e-mail in error, please notify the sender immediately and delete. You should not further disseminate, distribute or copy this e-mail in any way. ---

-------- Original Message -------- Subject: CCIP ALERT: Microsoft unpatched vulnerability is being actively exploited in the wild Date: Tue, 07 Jul 2009 13:38:28 +1200 From: CCIP Info To: CCIP CC: incidents(a)ccip.govt.nz

Good Afternoon,

For those of you who are not already aware, CCIP would like to bring your attention the the Microsoft Security Advisory 972890 that was released today: http://www.microsoft.com/technet/security/advisory/972890.mspx

Microsoft have announced a vulnerability in Microsoft Video ActiveX Control that allows remote code execution. This is reported to affect versions of Windows XP and Window Server 2003.

CCIP is bringing this to your attention as this vulnerability has been reported as being actively exploited in the wild.

MITIGATION

Administrators are advised to take the following mitigation steps immediately.

There is currently no patch to correct this issue. However you can set the kill-bit to mitigate this vulnerability.

Microsoft have provided a way to automatically implement the workaround by following the instructions under "Fix It For Me" in the following Knowledge Base article: http://support.microsoft.com/kb/972890

Alternatively the following quoted text can be included in a .REG file and imported into your registry.

---BEGIN QUOTE--- Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}] "Compatibility Flags"=dword:00000400 ---END QUOTE---

Please note that in addition to the class identifier listed in the above example there is a full list of class identifiers in the Suggested Actions-->Workarounds section of the Microsoft Advisory: http://www.microsoft.com/technet/security/advisory/972890.mspx

It is recommended that all of them are implemented.

There is also a writeup on Microsoft's Security Response Centre Blog: http://blogs.technet.com/msrc/archive/2009/07/06/microsoft-security-advisory...

Regards, The CCIP Team

--- This e-mail contains official New Zealand Government information, which is intended for the use of addressees only. If you have received this e-mail in error, please notify the sender immediately and delete. You should not further disseminate, distribute or copy this e-mail in any way. ---

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog