Microsoft Bracing for Worm Attack 256
10010010 writes "A network worm attack targeting a critical Microsoft Windows vulnerability appears inevitable. The flaw is easy to exploit, as evidenced by the quick release of an exploit module for HD Moore's Metasploit Framework. Within hours of the Patch Day release Tuesday, two pen testing companies (Immunity and Core) created and released 'reliable exploits' for the flaw, which was deemed wormable on all Windows versions, including Windows XP SP2 and Windows Server 2003 SP1."
So, an Exploit For a Patch? (Score:5, Insightful)
I'm confused and I'd like to know if my building's Window's administrator needs to be put on suicide watch. He was up all night last night. From what it sounds like, he spent all that time trying to increase the security of our machines when he was really just altering the application so that the virus that came out 24 hours later would be able to attack the machines
Re:So, an Exploit For a Patch? (Score:5, Funny)
Re:So, an Exploit For a Patch? (Score:3, Interesting)
I have it installed on my Mom's computer and she loves it! Instantly detected her new digital camera my brother got her, her scanner, her pr
Re:So, an Exploit For a Patch? (Score:4, Funny)
that's the real pisser though isn't it... everybody else can use the "my computer's playing up" excuse when they're late with some work... us Linux users can't
Re:So, an Exploit For a Patch? (Score:5, Funny)
Re:So, an Exploit For a Patch? (Score:5, Informative)
Yes, it's worms exploiting the MS06-040 vulnerability that they're worried about.
As long as you're properly firewalled from the rest of the world it can't get in but you should still get everything patched in case the worm gets inside your firewall e.g. as a trojan.
Re:So, an Exploit For a Patch? (Score:5, Interesting)
Tom
Re:So, an Exploit For a Patch? (Score:3, Funny)
Re:So, an Exploit For a Patch? (Score:3, Informative)
I was trying to morph it into "browsing the net without anything in between".
Tom
[ I still hate Jon Callas ]
Re:So, an Exploit For a Patch? (Score:3, Informative)
Re:So, an Exploit For a Patch? (Score:4, Funny)
So what are pants in the UK?
Next you'll tell me that a fanny has a different meaning there too...
Re:So, an Exploit For a Patch? (Score:4, Funny)
Trousers.
Funny story, my wife is Canadian and some time ago while in Florida on holiday (read: vacation). She asked if we could stop as a shopping centre (read: mall) to look for some 'Cacky Pants'. To her, this phrase describes those lightweight, cotton, military styled 'trousers'.
To me, it describes, "Soiled underwear". There was a short moment of total confusion while we unravelled that one.
Living with someone from the opposite side of the atlantic really puts meaning to the phrase, "Two nations divided by a common language"
Re:So, an Exploit For a Patch? (Score:3, Funny)
Re:So, an Exploit For a Patch? (Score:2)
Re:So, an Exploit For a Patch? (Score:2)
Tom
Re:So, an Exploit For a Patch? (Score:2)
Re:So, an Exploit For a Patch? (Score:2)
Re:So, an Exploit For a Patch? (Score:2)
In the US "lifts" are called "elevators", "flats" are called "apartments", and "kidney pie" is called "ptomaine".
Re:So, an Exploit For a Patch? (Score:5, Informative)
Re:So, an Exploit For a Patch? (Score:3, Informative)
So are they saying that Microsoft is preparing for fall out from a new exploit that utilizes hastily written code from the latest series of patches? Is that what the pen companies reverse engineered?
Wrong conclusion I think. More likely the reverse engineering is comparing the patched and unpatched code and actually working out what the exploit is, then writing the code to use it. (this is why the behaviour of the Rails team holding back details of their exploit is rather weird; especially when the sourc
Re:So, an Exploit For a Patch? (Score:5, Insightful)
TFA is confusing because it makes it appear as though the latest MS updates *cause* this vulnerability, while in actual fact they *fix* it.
Re:So, an Exploit For a Patch? (Score:5, Funny)
Further, we should probably ban anyone that has dirt on their shoes, because I hear worms like dirt.
Saftey first people. It may be an inconvenience, but it's all about your saftey, and the saftey of democracy across the world. We will prevail over the security-exploiters.
Re:So, an Exploit For a Patch? (Score:3, Funny)
Re:So, an Exploit For a Patch? (Score:5, Funny)
Re:So, an Exploit For a Patch? (Score:5, Funny)
Re:So, an Exploit For a Patch? (Score:3, Insightful)
patch your worm, worm your patch (Score:2, Funny)
KB666123456 - Patch, Worm, Worm and Patch
KB666456789 - Patch, Worm, Worm, Worm, Worm and Patch
KB666666666* - Worm, Worm, Worm, Worm, Worm, Patch, Worm and Worm
* May not contain patch
Not really that serious (Score:5, Insightful)
Re:Not really that serious (Score:5, Insightful)
How easy it is to bring an infected laptop and plug it in behind the firewall? Our salesmen travel all over the world, plug into untold number of hotel intranets and wi-fi cafes. They leave these two ports open when plugged into company intranet. Do they always remember to close these ports when they work in an untrustable network connection? Chances of infection are great. Chances of them bringing the infection behind the firewall into the corporate network is great. I would not hastily dismiss it nonchalantly.
Re:Not really that serious (Score:2)
Re:Not really that serious (Score:5, Funny)
Re:Not really that serious (Score:3, Interesting)
Re:Not really that serious (Score:3, Insightful)
Re:Not really that serious (Score:5, Interesting)
Re:Not really that serious (Score:2)
Re:Not really that serious (Score:4, Informative)
One of the emerging areas in enterprise security is so-called "endpoint" security solutions, that will verify whether a user plugging into a corporate network has
1) approved virus software with updated definitions.
2) an approved firewall
3) Any software updates that the techies have deemed required.
If you don't, you get shunted off to a quarantined part of the network with instructions on how to obtain the software to make you compliant.
On the one hand, it sounds like a pain to set up and annoying for the users (and as it usually requires dhcp enforcement can be bypassed by someone who knows the network), and we didn't run in it at our own company, but on the other hand I bet that if they required it at the university I went to the virus problem there would have been much more controlled.
Re:Not really that serious (Score:3, Interesting)
Re:Not really that serious (Score:2)
Now, of course, I don't use Windows, and consequently have no viruses. (It helps that my computer is in storage, too.)
Re:Not really that serious (Score:2)
How easy it is to bring an infected laptop and plug it in behind the firewall?
It is pretty easy and even when it isn't there are plenty of droppers and trojans and multi-vector worms that can get past your firewall. Security at the network edge is all well and good, but if you're still vulnerable to this type of attack you might want to look into some internal hardening. The latest generation of IDS-like devices can really make a difference. They tell you something is spreading in your network, machines
Re:Not really that serious (Score:2)
In short, any laptop, by definition, is always outside the firewall.
If they really need to print or email or mount shares, then they should be using whatever sort of technology (VPN, IMAP/SSL, etc) to do that outside the network. Or walk to a workstation.
Re:Not really that serious (Score:2)
Re:Not really that serious (Score:5, Funny)
Can somebody please tell me what the hell a port is?
Re:Not really that serious (Score:2)
Re:Not really that serious (Score:2)
Re:Not really that serious (Score:2)
What's a port? (Score:3, Funny)
Can somebody please tell me what the hell a port is?
A port is where software pirates come to collect their booty. In this case your pron. They sail in by using special software to "surf the web" and come into your port. Once in your port they have to fight with swords in order to capture the port (just like in the game Pirates by Sid Myers... it looks just like that.)
Once they are in your port you're screwed, all the walls in the world wont stop them.
Re:Not really that serious (Score:4, Informative)
Every.layer.Every.step.Every.machine.Must.be.secu
It is, unfortunately, the only way.
Re:Not really that serious (Score:2)
William Shatner is a sysadmin?
maybe not so STUPID (Score:4, Insightful)
It's been a while (Score:5, Insightful)
This should remind Windows users about complacency.
Re:It's been a while (Score:2)
It is like saying I will just walk across the country because I heard of a person who died on an airplane.
Shouldn't you wait... (Score:2)
There are a lot of things in place today which weren't in place back with Blaster that allow IT depts to respond to these events... beyond just patching I mean.
Pen Testing? (Score:5, Funny)
OK, maybe I'm just missing an acronym/typo somewhere, but "pen testing?" Will the worms come through my Mont Blanc?
Re:Pen Testing? (Score:5, Funny)
Re:Penetration Testing? (Score:5, Funny)
Or, in your case, you would request full pen videos when you go to video rental store.
Re:Penetration Testing? (Score:2)
Re:Penetration Testing? (Score:3, Funny)
Well, it's better than calling it "digital penetration".
Yes, that involves something entirely different... wink, wink, nudge, nudge, say no more!
Pen Testing explained (Score:4, Funny)
Re:Pen Testing? - Penetration Testing (Score:2)
The Cyber Gnome, Denouncer of Computer Myths (Score:4, Funny)
Let's mobilize (Score:5, Funny)
<blockquote>A spokesperson for Microsoft said it is difficult to predict the motives and actions of attackers but insisted the company is "watching round-the-clock" and actively encouraging customers to download the update immediately.
"We will mobilize if something does happen," the spokesperson said.
</blockquote>
They'll mobilize? Mobilize? As in "get the heck out of here"? Or are they calling the [GI]Joes?
Re:Let's mobilize (Score:2, Funny)
Re:Let's mobilize (Score:5, Funny)
I think you mean:
Take off all Vista! For great profit!
There should probably be a 'We get worm! Main firewall turn on!' in there somewhere too.
The Patch (Score:3, Informative)
*every* version? (Score:2)
Of course, these family members are also firewalled, so I'm not particularly frightened.
Not quite (Score:5, Informative)
HD Moore posted a followup to the Daily Dave mailing list admitting defeat on those two platforms:
Time to eat my words. The wcscpy() destination pointer trick doesn't seem
doable on XP SP2 or 2003 SP1. I don't believe you can exploit this bug
for more than a DoS on 2003 SP2/XP SP1. If you have information to the
contrary, please share.
All other Windows platforms remain easily exploitable, though.
Re:Not quite (Score:5, Funny)
Well, that's a relief. I was worried that millions of PCs and servers might still be out there running Windows 2000 and NT, and might help propagate some sort of worm. As long as all computers are magically running the currently-supported versions of Windows, I guess we're OK.
Re:Not quite (Score:2)
Um...nothing. I'm not sure where other parts of this thread have gone, but I think the main point is that it's important for everyone to apply the patch, because a working exploit exists for most of the platforms that people use, and it can be used to create a worm. Anything beyond that is religion, and it's pointless to get caught up in that.
Re:Not quite (Score:2)
Re:Not quite (Score:2)
Right back atcha
Re:Not quite (Score:2, Funny)
New Microsoft Windows mascot suggestion. (Score:5, Funny)
ALL Windows versions? (Score:2)
Re:ALL Windows versions? (Score:2, Funny)
Re:ALL Windows versions? (Score:2)
Re:ALL Windows versions? (Score:2)
he who controls the OS.. (Score:2, Funny)
Looking for fame and fortune (Score:5, Insightful)
Re:Looking for fame and fortune (Score:4, Insightful)
Nope, they do it to make money from selling the superb CANVAS product to penetration testers and other security professionals. They couldn't give a rat's ass what some random fucko on Slashdot thinks of it. Sorry to be the bearer of bad news... ;p
Any comment from DHS? (Score:2, Insightful)
Re:Any comment from DHS? (Score:3, Informative)
MS06-040? (Score:2)
However, the vulnerability I was looking at was MS06-041 (remote buffer overflow in DNS client) [microsoft.com], not MS06-040 (remote buffer overflow in server) [microsoft.com] which I figured most people would have firewalled/disabled anyway.
I mean, DNS client? The best the "mitigation" section of the advisory can say is that an attacker would have to make your machin
Re:MS06-040? (Score:2)
Microsoft Bracing for (Giant) Worm Attack (Score:4, Funny)
Emperor Shaddam Gates IV admitted today that the high rock formations that ring the city of Arredmond might not be able to repel a full-on attack by the Frehax0rz and their giant worms. Story at 11.
Re:Microsoft Bracing for (Giant) Worm Attack (Score:2)
Oh, if only we dared...
This would not have happened... (Score:2)
Homeland Security.... this seems to ring a bell (Score:2)
Yep, they were telling us that something like this was about to happen.
Re:Homeland Security.... this seems to ring a bell (Score:2)
Geez, you probably believe all those news stories about that "foiled terror attack", too. That's obviously a conspiracy created by the folks who make those little travel bottles of shampoo to increase their sales once you get to your destina
makes me long for Windows 98SE (Score:2)
This makes me long for the good old days, with Windows 98SE, where most ports were closed and exploits mostly came in through Outlook and IE.
Running Thunderbird and Firefox would solve the Outlook and IE exploits today.
The DHS was on top of this. (Score:2, Funny)
This signature was going to be a lot nicer but I had to cut a lot of features in order to get this post out without any further delays.
Win 98/ME not affected (Score:3, Interesting)
Re:The power of Homeland Security compels you! (Score:5, Funny)
Re:The power of Homeland Security compels you! (Score:2)
I have a red shield and X in my systray so I'm safe. I think it's a warning symbol for anyone trying to hack my box, like a medieaval coat of arms or something saying my computer is stronger than them.
To be specific, that would be Gules, a saltire couped argent.
Ummm... (Score:5, Insightful)
But if he's too fucking cheap to get an OEM copy or something and too fucking stupid to bypass the WGA, he should be prepared to have his ass handed to him when this shit hits.
I'd recommend him going to ubuntu.com, though.
Re:How will this effect unpatched pirated versions (Score:5, Funny)
Pirate loading windows. (Score:5, Funny)
Re:OH PLEASE GOD, Let me help out on this one (Score:2, Funny)
The Posts Mod YOU! (Score:2)
Try #hackers on irc.fbi.gov
At the very least...
Have mod points, but I refuse to mod a post (+Funny, in this case -- not Insightful) that includes the punchline but doesn't quote the context -- that still sits at Score: 0. How would it make any sense to someone who's surfing at, say, level 2?
Re:File Servers (Score:5, Funny)
Re:File Servers (Score:2)
That's a much better *hope*. Otherwise, I hope your administrator has his resume up to date.