Jump to content


Please install MS03-039 patch NOW! (824146)


  • Please log in to reply
62 replies to this topic

#1 Guest_ThunderRiver_*

Guest_ThunderRiver_*
  • Guests

Posted 02 August 2003 - 01:01 AM

Quote from Bink.nuReminder: over a week ago MS released a critical patch for a security issue in RPC, All NT based Windows editions are affected Windows NT4, Windows 2000, Windows XP and Windows Server 2003.If a worm is developed to use this exploit CodeRED and Slammer will look like child play. Please apply the patch ASAP, don't wait till after the weekend, codes to develop a worm are already posted in hacker forums.NOW -> http://www.microsoft...in/MS03-026.aspCodeRED and Slammer did not do much damage on the local system, it was concentrating on spreading itself via network. This time a malicious hacker could decide to wipe the system after it has infected 10 machines. With this exploit it can gain access with system privileges, which is the highest privilege on a Windows system. The "If it ain't broke, don't fix it" days are over in a connected world, OK the system might be running fine, but it is broke, a door is wide open.....

#2 OFFLINE   havnblast

havnblast

    Discussion Deity

  • Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,878 posts

Posted 02 August 2003 - 01:17 AM

Yes this also goes along with This Topic about the Feds warning of the possible attack.

#3 OFFLINE   greengeek

greengeek

    Forum Fiend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 1,864 posts

Posted 02 August 2003 - 02:17 AM

:) My first ever MS patch, hope this isn't another false alarm!

#4 Guest_ThunderRiver_*

Guest_ThunderRiver_*
  • Guests

Posted 02 August 2003 - 02:30 AM

It is not false alarm.. it is for real. I have seen codes posted in public that actually take advantage of the exploit.

#5 OFFLINE   nlinecomputers

nlinecomputers

    Discussion Deity

  • No Longer a Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,932 posts

Posted 02 August 2003 - 08:36 AM

Hopefully enough people will patch there systems that it will end up being a false alarm.I've been seeing reports of attacks already attempted making use of it.  The script kiddies are just getting warmed up.  Expect a virus or worm based on this soon.
Nathan Williams, N-Line Computers

How to kill a programmer:  Give him a shampoo bottle.  Lather, Rinse, Repeat.

#6 OFFLINE   Rons

Rons

    Forum Fiend

  • Forum MVP
  • 1,753 posts

Posted 02 August 2003 - 12:24 PM

Thanks ThunderRiver - info. is appreciated.  :)

#7 OFFLINE   SonicDragon

SonicDragon

    Discussion Deity

  • Forum MVP
  • 4,188 posts

Posted 02 August 2003 - 02:01 PM

LOL, the folks at DefCon must be having lots of fun with this one ;)!I haven't been into windows for a while now, but next time i start it up, i will definatly patch it. Thanks B)

#8 OFFLINE   siebkens

siebkens

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 860 posts

Posted 08 August 2003 - 03:12 PM

I have my Windows XP up to date - no critical updates necessary.  Do I need to install the patches beyond the MS critical updates?Thanks!

#9 OFFLINE   volunteer

volunteer

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 347 posts

Posted 08 August 2003 - 06:40 PM

siebkens, on Aug 8 2003, 02:12 PM, said:

I have my Windows XP up to date - no critical updates necessary.  Do I need to install the patches beyond the MS critical updates?Thanks!
siebkens, I had the same question.  I followed the link all the way and it is 823980 which I already had from the automatic updates.  Go to add/remove programs and it should be listed.Ken

#10 OFFLINE   siebkens

siebkens

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 860 posts

Posted 08 August 2003 - 07:04 PM

Thanks Volunteer!  I do have it installed already on my XP machine.  So if I download all critical updates for an MS OS (including 98 & ME), does this mean that the system is patched?

#11 OFFLINE   volunteer

volunteer

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 347 posts

Posted 09 August 2003 - 10:01 AM

siebkens, on Aug 8 2003, 06:04 PM, said:

So if I download all critical updates for an MS OS (including 98 & ME), does this mean that the system is patched?
It's my understanding that when you run the MS update function in each OS, all available updates will be listed.  I always update the critical ones and wait until I find out more about the others before I do them. Ken

#12 OFFLINE   Gus K

Gus K

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 605 posts

Posted 11 August 2003 - 09:55 PM

The amount of people reporting problems on the NTFS forum is quite large.  This is not the usual may warning but an actual attack.More info HERE, and   HERE.

#13 OFFLINE   nlinecomputers

nlinecomputers

    Discussion Deity

  • No Longer a Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,932 posts

Posted 11 August 2003 - 10:22 PM

Gus K, on Aug 11 2003, 07:55 PM, said:

The amount of people reporting problems on the NTFS forum is quite large.  This is not the usual may warning but an actual attack.More info HERE, and   HERE.
I can confirm this as well.  I've allready got 5 service calls lined up for the next couple of days that sound like the new msblast virus which uses this hole.  Patch your systems and update your antivirus programs.
Nathan Williams, N-Line Computers

How to kill a programmer:  Give him a shampoo bottle.  Lather, Rinse, Repeat.

#14 OFFLINE   Peachy

Peachy

    Anarquista De Sartorial

  • Forum Moderators
  • 5,448 posts

Posted 11 August 2003 - 10:24 PM

Hmmm,Just checked my firewall logs and there has been continuous attempts to connect to port 135 on my host from other addresses in my ISP's network. Obviously a lot of infected machines in my neighbourhood.  <_<

'freedom...is actually the reason that men live together in political organisations at all. Without it, political life as such would be meaningless. The raison d'Être of politics is freedom, and its field of experience is action'.
My Flickr Photo Blog Posted Image
del.icio.us bookmarks Posted Image


#15 OFFLINE   nlinecomputers

nlinecomputers

    Discussion Deity

  • No Longer a Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,932 posts

Posted 11 August 2003 - 11:33 PM

This kind of thing allways leaves me with a mixed feelings.  I hate viruses but on the other hand virus outbreaks mean billiable hours.  I'm getting a lot of pings as well.  Could be a long week.
Nathan Williams, N-Line Computers

How to kill a programmer:  Give him a shampoo bottle.  Lather, Rinse, Repeat.

#16 OFFLINE   bjf123

bjf123

    Thread Head

  • Members
  • PipPipPipPipPipPip
  • 571 posts

Posted 12 August 2003 - 08:26 AM

Peachy, on Aug 11 2003, 09:24 PM, said:

Hmmm,Just checked my firewall logs and there has been continuous attempts to connect to port 135 on my host from other addresses in my ISP's network. Obviously a lot of infected machines in my neighbourhood.  <_<
My ISP must be blocking or filtering port 135 scans.  I've checked my firewall log at home and at work.  I'm not seeing any probes of port 135.
Golf is a relatively simple game, played by reasonably intelligent people, stupidly.

#17 OFFLINE   Marsden11

Marsden11

    Posting Prodigy

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 2,078 posts

Posted 12 August 2003 - 01:48 PM

Apparently the IT folks at the Maryland DMV forgot to patch their systems... They turned them off earlier today and are currently offline... Morons...

#18 Guest_ThunderRiver_*

Guest_ThunderRiver_*
  • Guests

Posted 12 August 2003 - 06:33 PM

LOL, they aren't morons. They just didn't respond to the threats immediately. I have posted the warning and tried to spead the word on the patch, and people probably just don't care, thinking that it won't happen to their system. Well well, now they learned the lesson, but the sad thing is that.. they know nothing but to blame Microsoft... oh well,

#19 OFFLINE   volunteer

volunteer

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 347 posts

Posted 12 August 2003 - 06:43 PM

Peachy, on Aug 11 2003, 09:24 PM, said:

Hmmm,Just checked my firewall logs and there has been continuous attempts to connect to port 135 on my host from other addresses in my ISP's network. Obviously a lot of infected machines in my neighbourhood.  ;)
Exactly the same here.  Zone Alarm kept giving me notices every three or four minutes, there wasn't a block to check to give it access just to turn off the reminder.The source id was my ISP but the IP address was always different in the last three digits and had :XXXX (four digits) attached to the last three digits of the IP address.Ken

#20 OFFLINE   nlinecomputers

nlinecomputers

    Discussion Deity

  • No Longer a Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,932 posts

Posted 12 August 2003 - 07:09 PM

I've got about 17 service calls lined up to clean up MSBLAST infections.  I sent alot of people email about this patch before the virus showed up.  Did any of them patch there systems or call me in to patch them?  NOPE.  Are they calling now?  Yep.  What a mess.  At least I can bill them on this.  $)
Nathan Williams, N-Line Computers

How to kill a programmer:  Give him a shampoo bottle.  Lather, Rinse, Repeat.

#21 OFFLINE   greengeek

greengeek

    Forum Fiend

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 1,864 posts

Posted 12 August 2003 - 07:22 PM

;) Wish I got paid for fixing friends and relatives' computers, I did warn them about it.

#22 OFFLINE   Marsden11

Marsden11

    Posting Prodigy

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 2,078 posts

Posted 12 August 2003 - 09:04 PM

ANY IT person in charge of running ANY network where customers need access to conduct daily business, and they forgot to update systems where a patch was available one month ago... they are morons! Plain and simple. It is their job to keep systems up and running. It is their job to follow the MS Security Updates and to keep systems patched. It is their job to properly maintain systems...They failed their job descriptions!

#23 OFFLINE   Rons

Rons

    Forum Fiend

  • Forum MVP
  • 1,753 posts

Posted 12 August 2003 - 09:17 PM

nlinecomputersWhat procedure are you using to cleanup MSBlast? I saw the one outlined on the Symantec site.

#24 OFFLINE   nlinecomputers

nlinecomputers

    Discussion Deity

  • No Longer a Member
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,932 posts

Posted 12 August 2003 - 09:37 PM

Rons,I have the patch and symantec's tool on a cd.  So I unplug unit from Internet, disable system restore, bring up task manager and kill MSBLAST, run symantec fixblast tool, install patch, reboot, reconnect to internet install all other patches and update/install/replace antivirus program.Has anyone else noted that the Internet is slow?  Everyone is having problems will slow sluggish response times   as of yesterday.  It seems to be a little better tonight.  Anyone else sluggish?
Nathan Williams, N-Line Computers

How to kill a programmer:  Give him a shampoo bottle.  Lather, Rinse, Repeat.

#25 OFFLINE   Rons

Rons

    Forum Fiend

  • Forum MVP
  • 1,753 posts

Posted 12 August 2003 - 09:56 PM

nlinecomputersThank you - info. is appreciated. And since this afternoon net was slow for me but now seems ok.Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users