Thursday, February 16, 2006

MS06-005 prevention

Yesterday the security bulletin: MS06-005
Today the exploit: WMP BMP Handling Buffer Overflow Exploit

Off course the first solution is the patch. But if you did not yet have the time to test/deploy the patch you can use the following rules to protect your network.

1. Go to the 'Body Content Types' of your HTTP-Proxy and add '%0x424D%*' as a pattern match with the 'Rule action' set to Deny, Alarm and Log.
2. Go to the 'URL Path' function of your HTTP-Proxy and add '*.bmp' as a pattern match with the 'Rule action' set to Deny, Alarm and Log.

0 Comments:

Post a Comment

<< Home