Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

.JPG vulnerability alert recommendations

Date:09.24.2004

Threat Type: Information Alert

Recently Microsoft® released the following vulnerability alert:http://www.microsoft.com/security/bulletins/200409_jpeg.mspx

This is a very serious vulnerability and multiple proof-of-concept exploits and source code are available on the Internet. As with any security issue, the topic of functionality loss versus security gain must come into consideration.

Below are suggested actions that may mitigate the risk of this vulnerability.

General:

  • Install patches for applicable OS and applications
  • Block file-types on your mail server (.jpg, .jpeg, .gif)
  • Disable the preview pane in Microsoft® Outlook and other email clients that render HTML
  • Run latest antivirus signatures to scan all file-types
  • Avoid giving users local administrative privileges

    • Websense® Technology Specific:

    • Block the following web categories that have been the most common for hosting malicious code
      • Adult Material (all)
      • Illegal / Questionable
      • Gambling
      • Tasteless
      • Malicious Websites
      • Spyware
      • Phishing and Fraud based websites
      • Freeware and Software Downloads
      • Message boards and clubs
      • Peer-to-peer and File sharing
      • Web-based email
      • Hacking
      • Proxy Avoidance
      • URL Translation Sites
      • Web Hosting
    • Block all Peer-to-peer traffic with Network Agent
    • Block all IRC traffic with Network Agent (this is based on packet signature not port)
    • Block all Instant Messaging Attachments with Websense® IM Attachment
    • Blocking the following application categories with Websense® Client Policy Manager™:
      • Malicious Software
      • Spyware and Keyloggers
      • Hacking
      • Gambling
      • Adult
    • Configure Client Policy Manager in lockdown mode so only authorized applications can launch.
    • Configure Client Policy Manager in network lockdown mode so only authorized applications can access the network with allowed ports.
    • Utilize Websense® Real-time analyzer and Explorer tools, monitoring for abnormal amounts of network traffic and application launches


©2010 Websense, Inc. All Rights Reserved.