Friday 2 March 2007

Drop Everything and Patch Symantec Mail Security for SMTP

Running Symantec Mail Security for SMTP? Stop what you're doing and download the patch (patch 176 at the time or writing).

Seems like a craftily-crafted incoming message can cause a buffer overrun. This may lead to code execution. [Update: Symantec now confirms that they see no chance of arbitrary code execution, merely denial of service.]

Currently being exploited. The code in question tries to infiltrate a Microsoft SQL Server, presumably in order to steal passwords. Another good reason to segment your servers so that they each have a single role; perhaps using virtualization.

Of course, a patch for this bug has been available for eight months, but that doesn't seem to have stopped exploits causing some trouble over at Turner Broadcasting System.

So run: don't walk. More at US-CERT.