I see ISC has posted about a vulnerability just disclosed in Trillian. The vulnerability is a little exotic but does have a scary side to it. First, it involves the use of the Trillian IRC client. Thankfully, I don’t know many non-geeks who use IRC and none that use Trillian as their IRC client (I would hope!). The scary part is it is trivial to determine if someone’s IRC client is Trillian and the vulnerability is triggered by merely hovering over a link posted in chat. Yikes! I expect milworm or even Metasploit to have an exploit available soon enough.
One big question for this is: Do you know what apps your users are running? Are some of them running Trillian? And if so, who is then responsible for upgrading to more secure versions of their apps? (Then again, maybe they don’t need IRC at work anyway, so just block the ports at the firewall and hope they’re not on laptops at home being rooted?) More fuel if you don’t have a handle on corporate policy for unauthorized software.