MS Worm Vulnerability

[Cowboy X]

Here is a patch for a very serious security hole in several MS OSes . The vulnerability and how it is done was recently fully published on hacker ( cracker to be precise ) websites . Thus it won't be long now before some 'enterprising' fellows decide to write worms based on this info .


http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

As I type this I'm downloading mine . I'd advise all to get it , though at the same time I hope that this is not one of their buggy patches .

 

[KraziKid]

Here is a patch for a very serious security hole in several MS OSes . The vulnerability and how it is done was recently fully published on hacker ( cracker to be precise ) websites . Thus it won't be long now before some 'enterprising' fellows decide to write worms based on this info .


http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp

As I type this I'm downloading mine . I'd advise all to get it , though at the same time I hope that this is not one of their buggy patches .

First of all, this is a repost. Second of all, there has been a patch for this since July 16th (KB article 823980 was posted July 16, 2003, when I updated all of my machines). This problem has been known since the security group you mentioned as crackers effectively held Microsoft hostage. They told Microsoft they knew of a fatal flaw, and if there was no patch by such and such date, that they would release the information to the world. It surprises me that no one will care about a patch until a bug (Nimbda, Code Red, SQL Slammer), or a warning (the one given out by the department of homeland security) has been put into effect. I always update my machines. I regularly go to windowsupdate, as all system admins should. Did you know that there was a patch that fixed what SQL Slammer exploited months in advance? My rant is over. Moral of the story, go to windowsupdate on a regular basis, and update those fricken computers.

 

[Cowboy X]

I go to Windows update quite regularly actually , when SP1 came out I had very little to upgrade at all . I only saw mention of this worm vulnerability a week ago in a few news posts and this is the first time I realised that there is patch , so I posted it .

The other thing is that these Windows update often lags and several patches don't reach that site immediately even though they are in some knowledge base article somewhere . Another thing the site says : " Originally posted: July 16, 2003

Revised: July 21, 2003 " So if anything check and make sure that the patch hasn't been updated since you put it on . In fact now I have to check because there is a possibility that I have it installed alredy

 

[Cowboy X]

Actually I just checked and found that I have it installed already . goes to show I need to read a bit more when I am in Windows Update .

 

[Oni]

Better safe than sorry

 

[Cowboy X]

I agree Oni .

KraziKid , one more thing I didn't say that the people who first identified the problem were crackers , but that this has been posted on such sites . There are many eager eyes , ears and typing fingers who have looked at and studied this vulnerability which makes it in my mind very dangerous .

Is the action of the site that released the info first justified , that's another story in itself .

 

[Cowboy X]

Thanks to MS-Blaster , this thread and the email I sent to several of my friends now shows it's importance .

I know 6 people personally who succumbed to the virus . Three of them I informed in an email to watch out . I think we all need to pay more attention and keep our firewalls up , OSes patched and virus programs up to date .