Huge Microsoft Vulnerability

inactionman

Can't get enough of FH
Joined
Dec 23, 2003
Messages
1,864
I assume that most of you have already heard, but probably the biggest microsoft security hole so far was reported late last night, and it affects basically all versions of windows based on NT (NT/2000/XP/2003), and it took them six months to fix it!

Here's the details:

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-007.asp

My advice is download the patch ASAP, although if you're blocking Netbios over IP (tcp & udp ports 137-139), you should be ok in the short term, however it's probably only a matter of time before some 'enterprising' idiot turns this into a worm for spammers that makes Nimda look like a damp squib! :(

I know we're already having major fun where I work, luckily I don't have anything to do with the technical side anymore! :D
 

TdC

Trem's hunky sex love muffin
Joined
Dec 20, 2003
Messages
30,801
thanks. we were just talking about this thing this morning.
 

Jonty

Fledgling Freddie
Joined
Dec 22, 2003
Messages
1,411
Hello

The patch is also available via WindowsUpdate (IE only) for those users whose OS supports it.

I guess this is another embarassment for Microsoft and their security initiatives :( In their defence, the vast majority of these flaws are discovered both by themselves and by dedicated security organisations, not by hackers per se. Still, the bad press mustn't be something they relish.

Kind Regards
 

Jonty

Fledgling Freddie
Joined
Dec 22, 2003
Messages
1,411
hehe, TdC :) I quite like WindowsUpdate, really, one of Microsoft's better ideas. The problem is getting people to use it, since I know a lot of people who I presume have never even touched it.

Apparent version five which is now in beta testing will improve matters by letting users know which patches they really need, rather than using the basic critical/non-critical divide. Still, getting users to use it is another matter ;)

Kind Regards
 

inactionman

Can't get enough of FH
Joined
Dec 23, 2003
Messages
1,864
The fact that XP automatically downloads & applies updates is useful, and should eventually get around the user problems, depending on how much you trust microsoft of course!

Take it from me, education is always the problem with computer security. People do things with computers that they would never do with their house or their car! Sometimes it depresses me so much that I really think it would be for the best if you had to get a license to connect to the internet!
 

Whipped

Part of the furniture
Joined
Dec 22, 2003
Messages
2,155
The release of the patch on Windows Update will be the test of our brand new spiffy SUS server. Let's see if the boss actually set it up right when someone creates a worm to exploit this hole ;)
 

Users who are viewing this thread

Top Bottom