MS Patches For *Another* Critical RPC problem

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
Microsoft have another critical vulnerability in the Windows NT/2000/XP/2003 line of OSes, allowing a remote attacker to run arbitrary code.

In other words, this probably carries about the same risk as the well-documented RPC hole exploited by MSBlaster and Nachi.

A Knowledgebase article is also available.

Given the experience of the RPC exploit, this probably gives administrators a couple of weeks to patch all the systems in their organisations.

Again.

Shucks, we haven't even finished patching the last RPC flaw yet.

You might want to keep your laptop's batteries charged; this NewsForge article suggests that the Blaster worm may have played a role in the August 14th blackout affecting the eastern U.S. Those with multiple machines to patch might want to visit Microsoft's Software Update Services (whitepaper), a tool for "managing and distributing critical Windows patches.

Enjoy!
T_sig6.gif
fan.gif
 

Icebreak

Flashlight Enthusiast
Joined
Aug 14, 2002
Messages
4,998
Location
by the river
Tomas -

Thanks again for some really good information.

I gathered that SUS was free. Am I correct about this? I wanted to be sure before I recommended it. It sounds perfect for us as the issue of someone spending half their time doing this manually was not acceptable.
 

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
I really dunno, Icebreak - I don't do Windows ...

I can put out info when I happen to notice it, but unless it deals with something *I* can use on my machines, I don't persue digging out more info.

T_sig6.gif

"There is not enough man power in the entire US government to secure Windows for proper use by federal agencies" - NSA report
 

Icebreak

Flashlight Enthusiast
Joined
Aug 14, 2002
Messages
4,998
Location
by the river
Understood.

It looks like it is. I'll dig it out tomorrow.

Thanks for showing me where to dig and providing a fine shovel. I'll dig my own hole. Hey, I'm not sure I like that remark. /ubbthreads/images/graemlins/smile.gif

Well, off I go to Uncle Bill's house...concern on brows, Windex in hand.

Thanks again, Tomas.
 

Eugene

Flashlight Enthusiast
Joined
Jun 29, 2003
Messages
1,190
We pushed the process real fast and will be patching as many of our servers as we can this weekend.
I just finished converting my 10 years worth of outlook calendar over to Korganizer and have only booted Xp a couple times to export more data, I'm almost completely running redhat now.
 

epro05

Newly Enlightened
Joined
Jun 3, 2003
Messages
82
Location
Texas
I'm wondering if any of you have this problem.

Every week or two I get an email which appears to be from Microsoft, but in fact is not from Microsoft, and it generally has an attachment. The subject line leads you to believe that the attachment is a Windows update.

And today, when I opened my Outlook Express, I was shocked to see that there were about 20 of these bogus "Microsoft" emails that came in overnight. When I click on Properties to see where they came from, they were from all different addresses.

Any idea how to make them stop?
 

epro05

Newly Enlightened
Joined
Jun 3, 2003
Messages
82
Location
Texas
Thanks Joe,

I checked out your link. Those are definitely the type of emails that I am receiving. I ran the program that looks for, and fixes infections of W32.Dumaru@mm. It did not find any evidence of an infection, so that's great news.

I guess next I'll set up a filter that looks for Microsoft in the From: field, and automatically delete it.

Thanks much for your suggestions.
 

was_jlh

Enlightened
Joined
Oct 15, 2002
Messages
751
Glad to be of assistance. Keep checking the thread, this board contains the most diverse group of intelligence I've ever seen on a board, so someone else may have a better alternative.

Take it easy,
Joe
 

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
I've been getting a bunch of those pseudo-Microsoft e-mails, too, and I have no Microsoft software and Microsoft does not know I exist, essentially.

Obviously worms/viruses/whatever. At least for me it is very simple to figure out they don't belong should any slip through my filters (two have). Even if it was REAL e-mail from Microsoft I'd dump it in the bit-bucket for recycling.

T_sig6.gif
 

Double_A

Flashlight Enthusiast
Joined
Jul 15, 2003
Messages
2,042
I've gotten about eight of those emails today. I'm on a Mac running OS10.2

Although I do have MS Office and IE. So just to be safe I just downloaded and installed Apple's Safari internet browser and will abandon IE.

GregR
 

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
Well, looks like "Swen" has arrived.

Washington Post Article.

Here's a bit better writeup of what Swen is doing:

technewsworld.com

It has only infected about 1.5 million MS Windows computer worldwide thus far, so it is not considered a "major" problem.

(What does it take to be major? 10 million, 100 million?)

I like the touch of it feeding info to a counter at a website so we can see how well it's doing. This one's a class act compared to most ... /ubbthreads/images/graemlins/smile.gif

T_sig6.gif
 

darkwater

Newly Enlightened
Joined
Aug 19, 2003
Messages
53
Location
The South
Opera Browser (free from www.opera.com) for browsing and yahoo for e-mail keeps a computer safe.


Linux/Unix makes the computer even safer [:)]

You mentioned e-mail from Micro$oft. I'd just trash it anyway even if there was no virus, bucause unless your friends with Bill, there is not much reason for them to talk with you.

Brian
 

The_LED_Museum

*Retired*
Joined
Aug 12, 2000
Messages
19,414
Location
Federal Way WA. USA
I've gotten several of these emails "from" Microsoft; one even included an attached executable...I simply shitcanned them all and let somebody else worry about it.

I run Win XP Home on this computer, and run patches once a week. Always something that needs "fixing".
That "auto update" thing comes up about weekly.
/ubbthreads/images/graemlins/eek.gif /ubbthreads/images/graemlins/icon15.gif :toliet: /ubbthreads/images/graemlins/icon15.gif /ubbthreads/images/graemlins/eek.gif

(Edit) O o, I see that "Windows Update" thing in my systray...better go see what it is this time...

(Edit again) It was for a Direct X issue. Guess I'll have to reboot before the update takes hold and then come back.
 
Top