When Partial Disclosure Hurts
Less than 24 hours after iDefense released information onto multiple security mailing lists about discovered vulnerabilities in Trend Micro's ServerProtect software it appears that there is significant attention being focussed on finding systems that have yet to be patched.
According to the information being gathered by the ISC, it seems that heavy traffic on TCP port 5168 is related to attempts to find unpatched systems, with at least some systems appearing to be compromised. Administrators and network security staff that are recording strange activity on the above port have been requested by the ISC to provide them with full packet traces to aid in the analysis of just what is probing the systems (though a later article will show another means to recover what identifies an actual probe / attack).
Trend Micro have made available necessary patches, which concerned administrators can use to help protect their systems against unwanted attacks.
This all comes at the same time as exploit code has been released for some of the vulnerabilities patched in Microsoft's August Security Patch Release (MS07-042 attack code most recently spotted), and exploit code made available for vulnerabilities in msql and win32std support in PHP.
23 August 2007
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.
Subscribe to our feed.