Text 11859, 96 rader
Skriven 2005-10-16 09:16:04 av Jeff Guerdat (1:106/2000.0)
     Kommentar till en text av Charles Scaglione
Ärende: XP updates
==================
On 10-15-05, Charles Scaglione said to All:

CS>Downloaded and installed eight security updates for XP today from MS.
CS>If you don't have auto updates turned on, you might want to visit the
CS>MS update site and get them.  Some of the updates are extensive and
CS>rather large.

And at least one of them is truly critical.  The expectation is that we'll see
exploits very soon.

From Brian Livingston's newsletter:

Something wormy this way comes

Our team of Windows experts predicts that a serious worm attack will blaze
across the Internet soon. This is due to a security hole that Microsoft
announced on Oct. 11.

The remedy is a patch called MS05-051. It's one of 8 the Redmond company
released on its regular Patch Tuesday schedule. All of these patches may be
significant to you. But it's particularly important that Windows XP users
upgrade to Service Pack 2 (if you already haven't) and that users of Windows
2000, XP, and other versions install MS05-051 to protect against the oncoming
malware.

This hole is so easy to exploit that those in the know are moving quickly.
Third-party security-software updates have already been released by McAfee and
Internet Security Systems, and other vendors will soon bring out their own
updates, if they haven't already.

To make matters worse, a hacked .avi media file can also silently infect
Windows users who play it, even users of XP SP2 and Windows Server 2003.
MS05-050 fixes this.

...

Only five days 'til the worm turns

That's the same week Zotob (and its friends) came out. You remember those
worms, right? They're the ones that started crashing computers at large news
agencies, including CNN, ABC, and the New York Times. Lo and behold, these
worms became big news because of that. It took a scant 5 days after Aug. 9 —
which was Patch Tuesday — to the release of Zotob.A on August 14.

The news agencies didn't start reporting on the worm in a big way until a
couple of days after that. That's because the copycat worms that came out a
few days after Zotob had bugs that caused crashes. That's right — those same
news agencies had probably been riddled with Zotob all along but didn't know
it because it was a relatively well-behaved critter. It wasn't until the
variants, which had the nasty habit of crashing things, came along that they
noticed, because then the on-air talent couldn't compute.

I hope no one reading this newsletter has to have badly written malware infect
them before they notice a problem. But I digress.

Which patch will spawn the worst worm?

It looks like everyone's favorite candidate this month is MS05-051. This patch
fixes a very similar set of vulnerabilities as MS05-039, the August 2005
bulletin that generated Zotob. One difference this time is that XP and Windows
Server 2003 don't run some of the vulnerable services by default.

This means that when the inevitable worm is released, you can expect a lot of
infected Windows 2000 machines. In theory, XP SP0 will have a large share of
problems, too. Can you really be using XP these days without at least
installing SP2?

A year ago, Kevin Mitnick (coauthor of The Art of Intrusion) and I did a study
for USA Today. We connected some unprotected XP (and other) machines to the
Internet and watched unpatched XP boxes get owned in as little as 4 minutes.

Granted, you can do hotfixes and such and maybe get by, but it's difficult to
imagine not having XP SP2 be your firm, minimal baseline. Are any readers
getting by with less than SP2 on XP? I'd be curious to hear about it.
[Editor's Note: Submit tips using our contact page.]

Please put MS05-051 on your fast track to install. But that's not the only
one. MS05-050 and MS05-052 are also rated "Critical." Note that MS05-052
affects IE, for those of you who use Microsoft's browser.

There are many spammers, phishers, spyware authors, and other general scum who
are dying to have a working exploit for the critical holes. They badly want
you for your identity and your financial information and to run their botnets
on your CPU. They're often willing to pay other black hats cold cash in
exchange for their exploits to be quietly installed on your PCs.

The coming days will show us just how easy these holes will be for the bad
guys to take advantage of. For now, assume that's it's very practical, and
don't wait to prepare yourself.


___
*Durango b211 * DurangoMail for Windows NT/9x

--- Maximus/2 3.01
 * Origin: COMM Port OS/2 juge.com 204.89.247.1 (281) 980-9671 (1:106/2000)