|
Posted by Roger Abell on July 29, 2005, 10:13 am
If you were Registered and logged in, you could reply and use other advanced thread options
You probably should gather more info from your IPS and then
block that origin IP in your firewall. At least, you should if you
trust the signatures in use in your IPS. There were some exploits
based on graphics processing overflow and some based on
embedding in what are passed as bmp. The ones I am thinking
of have had patches released - not sure if there are actively used
unpatched variant out today.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
> I'm getting the following alert from my firewall's IPS:
>
> WEB-CLIENT Internet Explorer BMP Processing Overflow.
> I spoke to the user and told them to stop going to what ever site they
are,
> but I keep getting the alert. should I be worried about this person's
> workstation? My IPS is blocking the threat, but the 100 alerts I'm getting
a
> day are starting to bother me.
>
> Thanks.
>
>
| 
XML site map