Blocking Windows Task Scheduler .job attachment exploit
Kevin Miller
Kevin_Miller at CI.JUNEAU.AK.US
Thu Jul 15 20:48:39 IST 2004
MS04-022 - This is a vulnerability in task scheduler. All someone has to
do is send a .job file as an attachment to the user.
I've added the following to filename.rules.conf, to keep users from
receiving scheduled tasks from external people:
deny \.job$ Possible Windows Task Scheduler attack Windows Task
Scheduler jobs are dangerous in email
If there's wisdom in that for other folks, maybe it could be added to
filename.rules.conf in future releases. If it's a really dumb idea,
hopefully someone will let me know! <g>
...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Administrator, Mail
Administrator
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list