Several attacks that use the exploits are under way. For example, one attack comes disguised as a BBC News story snippet. When a person clicks the link to read the rest of the story, the exploit is triggered. Ken Pfeil sent me a link to another site hosting an exploit. The exploit includes some shell code, but I didn't completely reverse-engineer the exploit, so I'm not entirely sure what all it does. If you want to take a look, visit 126.96.36.199 on port 80 with a telnet client and enter the command "GET /" to dump out the exploit code.
Ken also pointed out that some software, such as Microsoft SharePoint Server, can be configured to load files based on content instead of file extension. This means that an exploit can be packaged inside something as seemingly harmless as a .txt file to get past your defenses and will then be run by the software. This software capability undoubtedly adds to the danger level of the new exploits and other exploits.
I recently came across an interesting set of desktop firewall test results--at the Firewall Leak Tester Web site. The 2006 results show which desktop firewalls perform best in terms of outbound application filtering and the prevention of information leakage. Coming in dead last out of 16 desktop firewalls is Windows Firewall, which ships as part of Windows XP Service Pack 2 (SP2). This isn't too surprising given that Windows Firewall doesn't do outbound blocking.
So which firewalls are the best? When it comes to outbound application filtering, no other firewall beats Jetico Personal Firewall. Kaspersky Lab's firewall is the strongest in terms of preventing information leakage, with Jetico coming in a close second place. Overall, Jetico appears to make the strongest desktop firewall available, beating out other well-known firewalls such as those from Sunbelt Software (Kerio), ZoneLabs (ZoneAlarm Pro and ZoneAlarm Free), and Symantec (Norton). As a bonus, Jetico Personal Firewall is free.
Check out the results at the URL below.