You might not have seen exploits yet because: But when you will see the exploits, it will be too late. So act now and be prepared for the coming storm." />

SANS: WMF patches and workarounds explained


Feel free to use the presentations below to explain why you need to use the unofficial patch or how it works on a high level.

To help you answer the "kill" questions:

You might not have seen exploits yet because:


  • You are lucky so far: estimates are that up to now 10% of our readers have seen them.

  • The bad guys haven't released their worst (yet), but we know they have the tools and means to create it and we expect them to do so well enough before the official patches are released next week.

  • The detection might be insufficient or might be failing, so you would not know it. (esp. if the attack was subtle enough in a first phase, it can be very hard to detect as it's designed to be very hard to detect by anti-virus and IDS/IPS systems)

  • We were told of McAfee reporting a 6% infection rate at their customers on New Year's Eve already.


But when you will see the exploits, it will be too late. So act now and be prepared for the coming storm. SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

Linked by shanmuga Thursday, 5th January 2006 3:47AM