MS Patches For *Another* Critical RPC problem

Candle Power Forums

Help Support Candle Power:

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
City & State/Province
Seattle, WA area
Microsoft have another critical vulnerability in the Windows NT/2000/XP/2003 line of OSes, allowing a remote attacker to run arbitrary code.

In other words, this probably carries about the same risk as the well-documented RPC hole exploited by MSBlaster and Nachi.

A Knowledgebase article is also available.

Given the experience of the RPC exploit, this probably gives administrators a couple of weeks to patch all the systems in their organisations.

Again.

Shucks, we haven't even finished patching the last RPC flaw yet.

You might want to keep your laptop's batteries charged; this NewsForge article suggests that the Blaster worm may have played a role in the August 14th blackout affecting the eastern U.S. Those with multiple machines to patch might want to visit Microsoft's Software Update Services (whitepaper), a tool for "managing and distributing critical Windows patches.

Enjoy!
T_sig6.gif
fan.gif
 
Tomas -

Thanks again for some really good information.

I gathered that SUS was free. Am I correct about this? I wanted to be sure before I recommended it. It sounds perfect for us as the issue of someone spending half their time doing this manually was not acceptable.
 
I really dunno, Icebreak - I don't do Windows ...

I can put out info when I happen to notice it, but unless it deals with something *I* can use on my machines, I don't persue digging out more info.

T_sig6.gif

"There is not enough man power in the entire US government to secure Windows for proper use by federal agencies" - NSA report
 
Understood.

It looks like it is. I'll dig it out tomorrow.

Thanks for showing me where to dig and providing a fine shovel. I'll dig my own hole. Hey, I'm not sure I like that remark. /ubbthreads/images/graemlins/smile.gif

Well, off I go to Uncle Bill's house...concern on brows, Windex in hand.

Thanks again, Tomas.
 
We pushed the process real fast and will be patching as many of our servers as we can this weekend.
I just finished converting my 10 years worth of outlook calendar over to Korganizer and have only booted Xp a couple times to export more data, I'm almost completely running redhat now.
 
As an Amazon Associate we earn from qualifying purchases. Product prices and availability are accurate as of the date/time indicated and are subject to change.
I'm wondering if any of you have this problem.

Every week or two I get an email which appears to be from Microsoft, but in fact is not from Microsoft, and it generally has an attachment. The subject line leads you to believe that the attachment is a Windows update.

And today, when I opened my Outlook Express, I was shocked to see that there were about 20 of these bogus "Microsoft" emails that came in overnight. When I click on Properties to see where they came from, they were from all different addresses.

Any idea how to make them stop?
 
Thanks Joe,

I checked out your link. Those are definitely the type of emails that I am receiving. I ran the program that looks for, and fixes infections of W32.Dumaru@mm. It did not find any evidence of an infection, so that's great news.

I guess next I'll set up a filter that looks for Microsoft in the From: field, and automatically delete it.

Thanks much for your suggestions.
 
Glad to be of assistance. Keep checking the thread, this board contains the most diverse group of intelligence I've ever seen on a board, so someone else may have a better alternative.

Take it easy,
Joe
 
I've been getting a bunch of those pseudo-Microsoft e-mails, too, and I have no Microsoft software and Microsoft does not know I exist, essentially.

Obviously worms/viruses/whatever. At least for me it is very simple to figure out they don't belong should any slip through my filters (two have). Even if it was REAL e-mail from Microsoft I'd dump it in the bit-bucket for recycling.

T_sig6.gif
 
I've gotten about eight of those emails today. I'm on a Mac running OS10.2

Although I do have MS Office and IE. So just to be safe I just downloaded and installed Apple's Safari internet browser and will abandon IE.

GregR
 
Well, looks like "Swen" has arrived.

Washington Post Article.

Here's a bit better writeup of what Swen is doing:

technewsworld.com

It has only infected about 1.5 million MS Windows computer worldwide thus far, so it is not considered a "major" problem.

(What does it take to be major? 10 million, 100 million?)

I like the touch of it feeding info to a counter at a website so we can see how well it's doing. This one's a class act compared to most ... /ubbthreads/images/graemlins/smile.gif

T_sig6.gif
 
Opera Browser (free from www.opera.com) for browsing and yahoo for e-mail keeps a computer safe.


Linux/Unix makes the computer even safer [:)]

You mentioned e-mail from Micro$oft. I'd just trash it anyway even if there was no virus, bucause unless your friends with Bill, there is not much reason for them to talk with you.

Brian
 
I've gotten several of these emails "from" Microsoft; one even included an attached executable...I simply shitcanned them all and let somebody else worry about it.

I run Win XP Home on this computer, and run patches once a week. Always something that needs "fixing".
That "auto update" thing comes up about weekly.
/ubbthreads/images/graemlins/eek.gif /ubbthreads/images/graemlins/icon15.gif :toliet: /ubbthreads/images/graemlins/icon15.gif /ubbthreads/images/graemlins/eek.gif

(Edit) O o, I see that "Windows Update" thing in my systray...better go see what it is this time...

(Edit again) It was for a Direct X issue. Guess I'll have to reboot before the update takes hold and then come back.
 

Latest posts

Back
Top