20141022 - Microsoft Releases Advisory for Unpatched Windows Vulnerability

Microsoft has released a security advisory to provide recommended mitigations for an unpatched vulnerability, (CVE-2014-6352) which affects all Microsoft Windows releases except Windows Server 2003. This vulnerability could allow an attacker to take control of an affected system if a user opens a specially crafted Microsoft Office file.

ETRN recommends users and administrators review the Microsoft Security Advisory and apply the recommended workarounds.

As this time we believe that our virus scanners are catching e-mails that are attempting to take advantage of this vulnerability. But, we have noticed that very few virus scanners are currently detecting these files. Please see: https://www.virustotal.com/en/file/3ffad81edbf822bd76de918e867a1a76a4c74... for more information.

We welcome any feedback. Thank you for being a ETRN customer. Please contact us if you have any questions.

We Answer Your Questions: FAQ

Q: What is the maximum e-mail attachment size?

A: The ETRN.com e-mail servers do not limit the size of individual e-mail attachments. The ETRN.com e-mail servers do impose a 400 MB maximum total message size limit. Individual customers can choose a smaller message size limit. We can also customize the handling of "over-sized" e-mails. Please contact us to discuss your specific needs. A couple of important facts:

1. Attachments are typically encoded in what is called Base64[1]. As a result, the actual length of MIME-compliant Base64-encoded binary data is usually about 137% of the original file size.

2. E-mails often contain both plain text and HTML components. This also increases the overall size of the e-mail.