Jump to content

Please install MS03-039 patch NOW! (824146)


Guest ThunderRiver

Recommended Posts

Guest ThunderRiver

Quote from Bink.nuReminder: over a week ago MS released a critical patch for a security issue in RPC, All NT based Windows editions are affected Windows NT4, Windows 2000, Windows XP and Windows Server 2003.If a worm is developed to use this exploit CodeRED and Slammer will look like child play. Please apply the patch ASAP, don't wait till after the weekend, codes to develop a worm are already posted in hacker forums.NOW -> http://www.microsoft.com/technet/treeview/...in/MS03-026.aspCodeRED and Slammer did not do much damage on the local system, it was concentrating on spreading itself via network. This time a malicious hacker could decide to wipe the system after it has infected 10 machines. With this exploit it can gain access with system privileges, which is the highest privilege on a Windows system. The "If it ain't broke, don't fix it" days are over in a connected world, OK the system might be running fine, but it is broke, a door is wide open.....

Link to comment
Share on other sites

  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

  • nlinecomputers

    14

  • Rons

    12

  • epp_b

    5

  • volunteer

    4

nlinecomputers

Hopefully enough people will patch there systems that it will end up being a false alarm.I've been seeing reports of attacks already attempted making use of it. The script kiddies are just getting warmed up. Expect a virus or worm based on this soon.

Link to comment
Share on other sites

SonicDragon

LOL, the folks at DefCon must be having lots of fun with this one ;)!I haven't been into windows for a while now, but next time i start it up, i will definatly patch it. Thanks B)

Link to comment
Share on other sites

I have my Windows XP up to date - no critical updates necessary. Do I need to install the patches beyond the MS critical updates?Thanks!

Link to comment
Share on other sites

I have my Windows XP up to date - no critical updates necessary.  Do I need to install the patches beyond the MS critical updates?Thanks!
siebkens, I had the same question. I followed the link all the way and it is 823980 which I already had from the automatic updates. Go to add/remove programs and it should be listed.Ken
Link to comment
Share on other sites

Thanks Volunteer! I do have it installed already on my XP machine. So if I download all critical updates for an MS OS (including 98 & ME), does this mean that the system is patched?

Link to comment
Share on other sites

So if I download all critical updates for an MS OS (including 98 & ME), does this mean that the system is patched?
It's my understanding that when you run the MS update function in each OS, all available updates will be listed. I always update the critical ones and wait until I find out more about the others before I do them. Ken
Link to comment
Share on other sites

nlinecomputers
The amount of people reporting problems on the NTFS forum is quite large.  This is not the usual may warning but an actual attack.More info HERE, and  HERE.
I can confirm this as well. I've allready got 5 service calls lined up for the next couple of days that sound like the new msblast virus which uses this hole. Patch your systems and update your antivirus programs.
Link to comment
Share on other sites

Hmmm,Just checked my firewall logs and there has been continuous attempts to connect to port 135 on my host from other addresses in my ISP's network. Obviously a lot of infected machines in my neighbourhood. <_<

Link to comment
Share on other sites

nlinecomputers

This kind of thing allways leaves me with a mixed feelings. I hate viruses but on the other hand virus outbreaks mean billiable hours. I'm getting a lot of pings as well. Could be a long week.

Link to comment
Share on other sites

Hmmm,Just checked my firewall logs and there has been continuous attempts to connect to port 135 on my host from other addresses in my ISP's network. Obviously a lot of infected machines in my neighbourhood.  <_<
My ISP must be blocking or filtering port 135 scans. I've checked my firewall log at home and at work. I'm not seeing any probes of port 135.
Link to comment
Share on other sites

Apparently the IT folks at the Maryland DMV forgot to patch their systems... They turned them off earlier today and are currently offline... Morons...

Link to comment
Share on other sites

Guest ThunderRiver

LOL, they aren't morons. They just didn't respond to the threats immediately. I have posted the warning and tried to spead the word on the patch, and people probably just don't care, thinking that it won't happen to their system. Well well, now they learned the lesson, but the sad thing is that.. they know nothing but to blame Microsoft... oh well,

Link to comment
Share on other sites

Hmmm,Just checked my firewall logs and there has been continuous attempts to connect to port 135 on my host from other addresses in my ISP's network. Obviously a lot of infected machines in my neighbourhood.  ;)
Exactly the same here. Zone Alarm kept giving me notices every three or four minutes, there wasn't a block to check to give it access just to turn off the reminder.The source id was my ISP but the IP address was always different in the last three digits and had :XXXX (four digits) attached to the last three digits of the IP address.Ken
Link to comment
Share on other sites

nlinecomputers

I've got about 17 service calls lined up to clean up MSBLAST infections. I sent alot of people email about this patch before the virus showed up. Did any of them patch there systems or call me in to patch them? NOPE. Are they calling now? Yep. What a mess. At least I can bill them on this. $)

Link to comment
Share on other sites

ANY IT person in charge of running ANY network where customers need access to conduct daily business, and they forgot to update systems where a patch was available one month ago... they are morons! Plain and simple. It is their job to keep systems up and running. It is their job to follow the MS Security Updates and to keep systems patched. It is their job to properly maintain systems...They failed their job descriptions!

Link to comment
Share on other sites

nlinecomputers

Rons,I have the patch and symantec's tool on a cd. So I unplug unit from Internet, disable system restore, bring up task manager and kill MSBLAST, run symantec fixblast tool, install patch, reboot, reconnect to internet install all other patches and update/install/replace antivirus program.Has anyone else noted that the Internet is slow? Everyone is having problems will slow sluggish response times as of yesterday. It seems to be a little better tonight. Anyone else sluggish?

Link to comment
Share on other sites

Nope, this most definately is NOT a false alarm. I just had someone call me wondering why their computer running XP kept popping up a dialogue telling them to save their work after which it would automatically reboot the computer in one minute.I wasn't sure what this was a first. I figured that perhaps it was a Windows Update being installed, and then rebooting as they usually do.Nope...definately MSBlaster. Norton AV detected it, but couldn't repair or quarantine any infected files. I didn't want to tell her to delete them, because I didn't if it had infected any system files. Someone was definately using MSBlaster's exploitation in the RPC to mess around with her machine.I had her download the patch as well as install ZoneAlarm (she uses DSL -- and had no idea to use a firewall...YIKES!), which were a little bit a maze to do, since her internet connection seemed to be intermitent.After the patch was installed, she didn't seem to have the problem with the remote restarts, but her internet connection was still a bit funky.

Link to comment
Share on other sites

Guest ThunderRiver

Removing the W32.Blaster.WormPatch Your System with the appropriate MS03-026 PatchAfter Installation of the Patch, Reboot your system.Download and run "FIXBLAST".exe to remove the MSBLAST.exe file, terminate the process and remove added registry keys by the worm.Reboot your pc one last time.Visit WindowsUpdate.com more often and keep your system updated.Result:Your System will no longer shutdown after 60secs, please follow the steps above to remove the worm off your computer and return your system to UPDATED safe status.If your having problems installing the patch within the 60 sec, when you see the window pop up telling you 60 sec, Go to Start, Run and type in shutdown -a. This will cancel the shutdown attempt. Download: Windows XP Patch | Windows 2000 Patch | Windows 2003 Server PatchThis vulnerability only affects NT based system (including both 32 bit and 64 bit), not Winodws 95/98/MeDownload: FixBlast - W32.Blaster.Worm Removal ToolView: Symantec Security Response - W32.Blaster.Worm Removal Tool

Link to comment
Share on other sites

Guest ThunderRiver

Quote from Bink.nu

Worm hits over 100,000 Windows computersThe worm that hit the internet yesterday infected over 100,000 windows computers, luckily you visit my site daily and you patched your system weeks ago. Others were not so lucky. So still spread the word to patch, the Blaster worm is a rather kind worm, another worm might be on the way making use of same open door and do more nasty stuff.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...