PATCH now!

[igodit]

I assume you all patch all your systems on your network right away (after testing) because you all learned about blaster, slammer, CodeRed, Nimda...

You've learned that a firewall is'nt enough, so you'll sleep well when I tell you that two exploits for the latest Windows flaw may develop in a worm soon.

Luckily your patch managment is in place and protects you from the next blaster...

Nice feeling that your company's network won't help spread the next worm, right?

Computer code that exploits a critical new software vulnerability in the Windows XP and Windows 2000 operating systems is circulating on the Internet, according to security experts.

Two examples of "exploit" code for a buffer overrun in the Windows Workstation Service were posted to security-related Internet discussion groups on Friday and Saturday. Both exploits have been tested and work, according to Dan Ingevaldson, director of X-Force at Internet Security Systems.

The Workstation Service vulnerability was disclosed by Microsoft in Security Bulletin MS03-049, which was released on November 11.

The service is turned "on" by default in Windows 2000 and Windows XP systems and allows computers on a network to connect to file servers and network printers, Microsoft said.

Both the CERT Coordination Center at Carnegie Mellon University and ISS issued advisories last week regarding the Workstation Service vulnerability, warning that it was easy to exploit and well suited to use by self-spreading Internet worms.

PATCH NOW!

[Arch_Angel]

This doesn't affect home users right? Only computers connected on a network?

[kknight]

Hey Arch_Angel..The internet is a network too. So if you are browsing you are liable to be affected by this flaw too. Patch patch patch.

[Arch_Angel]

Sorry, but I needed to ask. I don't install all patches Microsoft ships out. I check to make sure if the vunerability affects me first, before installing. Because some of the patches are known to break or slow down your computer. So I'm not installing any patch that will fix some vuneralibity that's not directed at me (personal computer/home user)

After reading more on the vunerability at the link igodit posted, I see I don't need to install this patch:

If users have blocked inbound UDP ports 138, 139, 445 and TCP ports 138, 139, 445 by using a firewall an attacker would be prevented from sending messages to the Workstation service. Most firewalls, including Internet Connection Firewall in Windows XP, block these ports by default.

Workarounds

• Block UDP ports 138, 139, 445 and TCP ports 138, 139, 445 at your firewall.
  
  These ports are used to accept a Remote Procedure Call (RPC) connection at a remote computer. Blocking them at the firewall will help prevent systems behind that firewall from being attacked by attempts to exploit this vulnerability.
  
• Use a personal firewall such as Internet Connection Firewall, which is included with Windows XP.
  
  If you use the Internet Connection Firewall feature in Windows XP to help protect your Internet connection, Internet Connection Firewall blocks inbound traffic from the Internet or from the intranet by default.

So I am protected without needing to install this update. Persons and system admins who are connected to a network are at more of a risk than the average home user.

[krishna]

If you Block UDP ports 138, 139, 445 and TCP ports 138, 139, 445 at your firewall, you may loose some functionalility. even if it is later-on. Blocking ports is a way to buy time - fix the vulnerabilities by patching, it will save you a lot of headache later.

BTW, It is advisable that home users apply all Critical security patches that microsoft release. remember, there are modules in the kernel that have dependencies on other modules. If you do not patch a vulnerability because you do not think that you are using that functionality (Like RPC, Workstation etc...), you'd be suprised to know what applications you may have installed that actually use these services.

A good rule of Thumb - apply all Critical security patches released by the OS vendor (this does not apply to microsoft alone!)

[Arch_Angel]

Sorry I don't go by that rule of thumb. Not since reports of patches slowing down your computer is out there. :-\

Maybe home users who don't know how thier computer works or are new to the computer world can download all patches that are released and install them. But not all vunerabilities affect home users. If you understand what the vunerability does and how it works, then you would know if you needed to install this patch or not.

But I prefer to review every patch and read up on what it does and should supposedly fix. If I see I don't need the patch, I won't download and install it. It's simple as that.

My firewall blocks those ports by default. If a program wanted to access these ports, my firewall would alert me and ask me if it should allow the program to access the port to connect to the internet.

[ramesh]

Tech TV Episode: How Hackers Write Viruses