Zed
Rogue Chimp
Here we go:
Internet Security Systems Security Alert for BlackICE Defender
February 4, 2002
Synopsis:
ISS is aware and is immediately addressing a serious vulnerability in BlackICE Defender running on Windows 2000 and Windows XP that can cause the machine to reboot or crash.
Description:
The current version of BlackICE Defender (2.9.caq and 2.9.cap) running on a Windows 2000 machine can be remotely crashed using a ping flood attack. This has been tested and confirmed by ISS using the Divine Intervention 2 & 3 utility.
Affected Versions:
Microsoft Windows 2000 Professional, Server, Advanced Server and Datacenter Server
Microsoft Windows XP
Recommendations:
ISS is working on a patch to release to fix this issue immediately, and ISS urges all administrators to apply this workaround until the patch is released.
Set the BlackICE Defender firewall to block ICMP. You must edit the firewall.ini file and add the following:
Under the [MANUAL ICMP ACCEPT] section,
REJECT, 8:0, ICMP, 2001-10-15 20:28:53, PERPETUAL, 4000, BIGUI
Save the firewall.ini file.
This will block pings and the box will not be vulnerable to the attack.
Additional Information:
A formal response from ISS with a patch will be supplied shortly. Please contact ISS X-Force for more information.
BTW feb 14th should see the new improved 'application blocking' version of Black ICE defender. At this point the product will be worth the $40 you spend, itll work a hell of a lot better than other similiar products that are out there
Internet Security Systems Security Alert for BlackICE Defender
February 4, 2002
Synopsis:
ISS is aware and is immediately addressing a serious vulnerability in BlackICE Defender running on Windows 2000 and Windows XP that can cause the machine to reboot or crash.
Description:
The current version of BlackICE Defender (2.9.caq and 2.9.cap) running on a Windows 2000 machine can be remotely crashed using a ping flood attack. This has been tested and confirmed by ISS using the Divine Intervention 2 & 3 utility.
Affected Versions:
Microsoft Windows 2000 Professional, Server, Advanced Server and Datacenter Server
Microsoft Windows XP
Recommendations:
ISS is working on a patch to release to fix this issue immediately, and ISS urges all administrators to apply this workaround until the patch is released.
Set the BlackICE Defender firewall to block ICMP. You must edit the firewall.ini file and add the following:
Under the [MANUAL ICMP ACCEPT] section,
REJECT, 8:0, ICMP, 2001-10-15 20:28:53, PERPETUAL, 4000, BIGUI
Save the firewall.ini file.
This will block pings and the box will not be vulnerable to the attack.
Additional Information:
A formal response from ISS with a patch will be supplied shortly. Please contact ISS X-Force for more information.
BTW feb 14th should see the new improved 'application blocking' version of Black ICE defender. At this point the product will be worth the $40 you spend, itll work a hell of a lot better than other similiar products that are out there