Huge Microsoft Vulnerability

[inactionman]

I assume that most of you have already heard, but probably the biggest microsoft security hole so far was reported late last night, and it affects basically all versions of windows based on NT (NT/2000/XP/2003), and it took them six months to fix it!

Here's the details:

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-007.asp

My advice is download the patch ASAP, although if you're blocking Netbios over IP (tcp & udp ports 137-139), you should be ok in the short term, however it's probably only a matter of time before some 'enterprising' idiot turns this into a worm for spammers that makes Nimda look like a damp squib!

I know we're already having major fun where I work, luckily I don't have anything to do with the technical side anymore!

 

[TdC]

thanks. we were just talking about this thing this morning.

 

[Jonty]

Hello

The patch is also available via WindowsUpdate (IE only) for those users whose OS supports it.

I guess this is another embarassment for Microsoft and their security initiatives In their defence, the vast majority of these flaws are discovered both by themselves and by dedicated security organisations, not by hackers per se. Still, the bad press mustn't be something they relish.

Kind Regards

 

[TdC]

(IE only) for those users whose OS supports it.

lol indeed

You must be running a Microsoft Windows operating system in order to use Windows Update.

 

[Jonty]

hehe, TdC I quite like WindowsUpdate, really, one of Microsoft's better ideas. The problem is getting people to use it, since I know a lot of people who I presume have never even touched it.

Apparent version five which is now in beta testing will improve matters by letting users know which patches they really need, rather than using the basic critical/non-critical divide. Still, getting users to use it is another matter

Kind Regards

 

[inactionman]

The fact that XP automatically downloads & applies updates is useful, and should eventually get around the user problems, depending on how much you trust microsoft of course!

Take it from me, education is always the problem with computer security. People do things with computers that they would never do with their house or their car! Sometimes it depresses me so much that I really think it would be for the best if you had to get a license to connect to the internet!

 

[Whipped]

The release of the patch on Windows Update will be the test of our brand new spiffy SUS server. Let's see if the boss actually set it up right when someone creates a worm to exploit this hole