Warning for thoes that use windows

[Anubis]

suggest you get this if you need it

here
http://www.msnbc.com/news/946460.asp

remedy:
http://www.microsoft.com/security/security_bulletins/ms03-026.asp

 

[notfred]

Like the government has EVER been right about predicting any kind of attack.

 

[Transition]

Originally posted by: Anubis
suggest you get this if you need it

here
http://www.msnbc.com/news/946460.asp

remedy:
http://www.microsoft.com/security/s...ns/ms03-026.asp

Sweet Remedy.. Sorry, there is no Microsoft.com web page matching your request

 

[ElFenix]

fooking DMCA... they can't say what the damned hole is so i can determine whether it affects me or not in the damn article, and of course MS is no help

Sorry, there is no Microsoft.com web page matching your request. It is possible you typed the address incorrectly, or that the page no longer exists. As an option, you may visit any of the pages below for information about Microsoft services and products.

 

[Shawn]

Originally posted by: Transition

Originally posted by: Anubis
suggest you get this if you need it

here
http://www.msnbc.com/news/946460.asp

remedy:
http://www.microsoft.com/security/s...ns/ms03-026.asp

Sweet Remedy.. Sorry, there is no Microsoft.com web page matching your request

hahahahaha

 

[Anubis]

I fixed teh link it works now

 

[fs5]

serious threat? is the download offered in a file format w/o installing windows updater?

 

[LordRaiden]

Buhahahahaha! I'd have to use windows before this even affects me.

 

[Cerb]

Originally posted by: LordRaiden
Buhahahahaha! I'd have to use windows before this even affects me.

...and if you used windows, you'd also have to care. On top of that, I doubt too many people will bother trying to get by a firewall...too many dumb users on broadband w/o one .

 

[Vic]

Jeez... how much is a NAT router nowadays? $50 bucks retail? $10 bucks if you're RossMAN?

Anyone on broadband without one is a fool... 'nuff said.

 

[conjur]

Originally posted by: Transition

Originally posted by: Anubis
suggest you get this if you need it

here
http://www.msnbc.com/news/946460.asp

remedy:
http://www.microsoft.com/security/s...ns/ms03-026.asp

Sweet Remedy.. Sorry, there is no Microsoft.com web page matching your request

2nd link has the ellipses inline instead of the rest of the real URL.

 

[DaiShan]

If this is the rpc exploit I very much recommend that you apply the security patch. It seems not so many people have done this yet, as last night with a 56k I got 10 hits in as many minutes running scans. The exploit couldn't be easier, the code is all over the internet, and you get twice the hits you would get with a netbios scanner. This is a really nasty bug that can be taken care of with the microsoft patch, it affects almost all versions of Windows iirc.

 

[Kilrsat]

http://www.cert.org/advisories/CA-2003-19.html

That advisory is already out of date. That's a link to the new one.

Its very nasty, the latest RPC exploit sets up a priviledged command shell for the attacker to use at their will. Thus creating an army of zombies for future use.

This isn't something to laugh at. In the past 24 hours one of the departments here (University of Wisconsin) has denied over 16,000 requests to port 135 with a good chunk of them coming from the University of Washington, University of Nebraska, and UCLA.

That's a single small-ish (relatively) department on a very large campus with 16,000 hits. Things could get fun in the next few days.

 

[poopaskoopa]

Originally posted by: fivespeed5
serious threat? is the download offered in a file format w/o installing windows updater?

Why no love for the Windows Update? Anyway, you should be able to get to the fixes for each NT-derivative OSes from this page.

 

[Jhill]

I have windows update and it automatically downloads patches from time to time, is there any way I can run it now to be sure I have all the updates?

 

[poopaskoopa]

Originally posted by: Jhill
I have windows update and it automatically downloads patches from time to time, is there any way I can run it now to be sure I have all the updates?

You should be ok(for this exploit) if you have the hotfix for KB#823980. Look in add/remove programs.

 

[MegaloManiaK]

Originally posted by: ElFenix
fooking DMCA... they can't say what the damned hole is so i can determine whether it affects me or not in the damn article, and of course MS is no help

Sorry, there is no Microsoft.com web page matching your request. It is possible you typed the address incorrectly, or that the page no longer exists. As an option, you may visit any of the pages below for information about Microsoft services and products.

edit 0: Hire software engineer with 2.0 GPA to program your new GUI called windows 95 who creates exploitable bug that will be inherited down until a good use for it comes about.

1. Create tracking software
2. Leak info about a flaw that strangly effects EVERY windows to date and yet hasn't been exploited till today.
3. Let people install tracking software.
4. Sell name list to RIAA and MPAA for $
5. Buy hookers with big $

 

[ghostman]

I don't really understand what's happening with this exploit. Basically, I started receiving complaints about people being unable to login to their webmail. When I was checking it out, netware login was ridiculously slow. Even local machine login was unbelieveably slow (the icons would take forever to appear). People would be unable to copy/paste anything, Windows update wouldn't work and programs would crap out with the error "Generic Host Process for Win32 Services." I check the university computer notices and find there is an attack on our network. It seems like we were getting the DOS version of the RPC attack. I grabbed the patch, ran around to every lab machine and everybody who was in their office. The patch did wonders and all the problems were gone from the machines I could reach.

But now I read about backdoors and such. How do I know if our machines have been compromised? I should note that all I have is admin privileges on the local workstations. I have no way to monitor anything on a higher level.

 

[slycat]

jeez..135, 139, 445 should be closed wan side anyways.

 

[glugglug]

This attack is basically the same as SQL Slammer. Except it uses a buffer overflow in DCOM on netbios/samba ports rather than a buffer overflow in SQL Server on port 1434.

Anyone with half a brain would never have a SQL server open to the internet like that, but look at my sig.....
Having netbios/samba ports open to the internet with a Windows machine is also incredibly stupid for reasons other than this attack, but I'd wager the majority of home Windows users currently have such a configuration.

If turning on Windows messenger service causes you to receive stupid popups without any browser running, then you are open to this attack unless patched (or better yet) you go and get a firewall in place. If you have a firewall that you don't leave completely open, you should be immune to both this and those stupid messenger popups from the internet, although someone could theoretically fire off the attack on your LAN, particularly someone attaching a laptop that was previously in hibernate mode.