Attack Code Found For Recent Windows Bug 184
CWmike writes "Just a day after downplaying the vulnerability that caused it to issue an out-of-cycle patch last week, Microsoft warned customers late yesterday that exploit code had gone public and was being used in additional attacks. 'We've identified the public availability of exploit code that now shows code execution for the vulnerability addressed by MS08-067,' said Mike Reavey, operations manager of Microsoft's Security Response Center, in a post to the MSRC blog. 'This exploit code has been shown to result in remote code execution on Windows Server 2003, Windows XP, and Windows 2000.'"
Hmmm... (Score:2, Funny)
Re: (Score:2, Insightful)
Locks up every 5 seconds? What do you mean? What kind of computer are you using? Have you submitted a bug report?
Re:Hmmm... (Score:5, Insightful)
Re: (Score:2, Insightful)
I also worked as Unix sysadmin for several years (but no longer... I love to sleep all night long) and from my experience:
1) Most "big datacenters" have several key servers that are really unstable despite being Unix(tm), mostly because of evil combinations of HW/Applications/OS (patches and more patches from Oracle, NUMA configurations, etc)... as happens with any Linux.
2) Most servers in datacenters are 99% idle, except when silly programmers try to execute infinite pooling loops or that sort of things. T
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:2)
Well, you probably don't use a Debian based distro too much. To get a stable reasonably secure (known bugs out, most common DoS attacks out) and fast for the most common situations, you simply "aptitude install apache2".
If you have a less common situation, you may want a different apache2 package, there are some other ones that differ on the configurations. Now, when you have a completely unusual situation, then you'll need to mess with apache configuration or maybe even compilation, but don't assume that a
Re:Hmmm... (Score:4, Interesting)
I've run Ubuntu on a Dell Inspiron 9400 laptop for over a year without a single lockup.
Now, I also run VirtualBox and Windows XP under that. *That* has locked up several times. So if that's what you mean, I agree.
Re: (Score:2, Interesting)
Wikipedia seems to think that its a good idea. :P
Re:Hmmm... (Score:5, Funny)
Well, to be fair, their discussion took place on Wiki pages, so it was either Ubuntu 8.04 or HAHAHHAYOUSUCKCOCKS.
Re:Hmmm... (Score:5, Funny)
Well, to be fair, their discussion took place on Wiki pages, so it was either Ubuntu 8.04 or HAHAHHAYOUSUCKCOCKS.
Yeah, I can see that some 13 year old vandal might think that it was funny to replace "Red Hat Enterprise Linux 5.2" with something silly like, er... "Ubuntu 8.04" ;-)
BTW, HAHAHHAYOUSUCKCOCKS 2.06 is a fine server distro and I won't hear a word against it.
Re: (Score:2)
Sorry about that.
Re:Hmmm... (Score:4, Funny)
Who the fuck runs windows on a server? Context man, context!
There, fixed it for you.
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
That plus the wireless network card drops randomly. The message in dmesg is that it can't find the AP so it assumes it is gone. Restarting the networking fixes it.
Re:Hmmm... (Score:5, Insightful)
But it does make a damn fine server. The software is reasonably up to date, the administration is dead-simple, and I'm already familiar with it from my desktops.
I've got other things to concentrate on besides server administration -- like coding my project management and billing system, or working for my clients so I have something to bill them for. Ubuntu makes that easy for me.
I've recently vetted Slackware, Debian (stable), and Ubuntu Server 7.04, and settled on the latter because it strikes the balance I need between stability and up to date software. You may legitimately disagree with my choice, but I have my reasons and I'm sure you have yours. Most Linuxes make great servers, so it's really choosing your favorite incarnation of "awesome."
Re:Hmmm... (Score:4, Funny)
Damnit! Stop doing that. Your job on Slashdot is to perpetuate the holy OS wars. If you start to lose an argument based in 'nuh uh, yeah huh' then immediately question the person's choice of vi verses emacs.
Never EVER admit that something may come down to personal preference unless you are willing to follow it up by blatantly trashing said person's personal preference by calling them 'dumb' or 'retarded'. Finally, if you are totally and completely losing the argument, link to final irrefutable proof: like this [goatse.cx]
Re: (Score:2)
The only dumb or retarded thing I've seen in this thread is someone threatening to go to BSD because I chose Ubuntu Server. I guess it affects their life in some cosmic butterfly way.
Seriously though, I'm a little sick of the infighting. I don't bitch about using Red Hat, even though it's not typically my first choice. I'm just happy as hell to be using Linux.
Besides, most orgs I've been in (big ones) start off with something like RHEL, but then customize it so heavily that it's barely recognizable anyway.
Re:Real Programmers use Emacs (Score:2, Funny)
If you start to lose an argument based in 'nuh uh, yeah huh' then immediately question the person's choice of > VI> verses [small]emacs[/small].
vi is [[13~^[[15~^[[15~^[[19~^[[18~^ a muk[^[[29~^[[34~^[[26~^[[32~^ch better editor than this emacs. I know I^[[14~'ll get flamed for this but the truth has to be said. ^[[D^[[D^[[D^[[D ^[[D^[^[[D^[[D^[[B^ exit ^X^C quit :x :wq dang it :w:w:w :x ^C^C^Z^D
Re: (Score:2)
But it does make a damn fine server. The software is reasonably up to date, the administration is dead-simple, and I'm already familiar with it from my desktops.
Where I work, we're not a computer company. We are a media company. We tend to employ engineers on their ability to do video and audio. This is slowly changing, however if we employ any engineers with linux experience, it's likely to be Ubuntu. Proper unix people should be able to adapt, otherwise they aren't linux people, they're [redhat|suse|solaris|whatever] people, and I'm not interested.
I've recently vetted Slackware, Debian (stable), and Ubuntu Server 7.04, and settled on the latter
7.04 went end of life 10 days ago. I assume you mean 8.04?
Most Linuxes make great servers, so it's really choosing your favorite incarnation of "awesome."
They all run the same code, it's the administration that's
Re: (Score:2)
You're right - 8.04. My bad. It'd be nice if I could edit my post, but...
Re: (Score:2)
Ubuntu Server 7.04
You do realise that release stopped getting security updates 10 days ago right?
Re: (Score:2, Insightful)
"XXXX has ruined Linux" is what they said when RedHat was king of the distros, when SuSE YAST made setting up a Linux box a snap, when Mandrake was getting popular and folks will continue to do so.
If you feel it is time to install FreeBSD or OpenSolaris, go ahead. No one is stopping you, and there is no need to cry to the rest of us about your ruined Linux.
Re: (Score:2, Insightful)
Re: (Score:2)
No - as I mentioned to another comment above, I misspoke. It's 8.04.
Re: (Score:3, Insightful)
Yeah, blame it on closed source.
You probably need to get some counseling on your fetish for open source when you with absolutely no evidence of restricted drivers even being present on said system starts blaming them.
Hotpatching (Score:5, Insightful)
For those interested, there was a really cool hack [nynaeve.net] of hotpatching the files and services that are affected by this exploit. The Microsoft patch isn't designed to be hotpatched, instead requiring a reboot to replace the needed files. However, by using a binary diff and DLL injection you can apply the patch on the fly without rebooting.
I wish Microsoft would put more effort into making the official patches not require a reboot. Consumer operating systems are one thing, but rebooting Windows servers gets annoying really fast.
Re:Hotpatching (Score:5, Insightful)
However, by using a binary diff and DLL injection you can apply the patch on the fly without rebooting.
Is that something you would want to do on a production server?
And if you were MS, is that something you would want to support?
Re:Hotpatching (Score:4, Interesting)
>And if you were MS, is that something you would want to support?
If you were MS, and wanted to brag about 5 Nines uptime, wouldn't you design the patch so you didn't have to reboot production servers once a month?
Glad I spent all weekend patching, now that the exploit has escaped.
Re:Hotpatching (Score:5, Interesting)
If you were MS, and wanted to brag about 5 Nines uptime, wouldn't you design the patch so you didn't have to reboot production servers once a month?
5 nines is ~5.3 minutes downtime per year
You don't acheive that with a single Linux box either, unless you simply aren't keeping it up to date, even if you manage to avoid 'rebooting it' you are still going to have serious trouble reliably preventing 'unavailability of services' from reaching 5.3 minutes over a year.
It takes either a mainframe or a cluster to reach 5 9's with any reliability. Windows doesn't run on a mainframe, and if you have cluster, a few scheduled reboots now and then don't result in any downtime, since you don't have to bring the entire cluster down.
So your argument really doesn't apply.
Re: (Score:3, Interesting)
No, I've managed to have a single Linux box reach 99.999%. It's mostly a matter of not updating the kernel; everything else can be upgraded monthly with ~15 seconds downtime, for an average of ~3 minutes annually.
Re:Hotpatching (Score:5, Insightful)
No, I've managed to have a single Linux box reach 99.999%
"Managed to have"? You are talking about 5 9's as something that you can reach. People who demand 5 9's consider that the minimum they will accept. They don't want systems that can reach 5 9's they want systems guaranteed not to be less than 5 9's. That's a HUGE difference.
So if we sign an SLA, how certain should I be that you can deliver 5 9's? ... From one box? Not very.
That fact that you might 'manage it' simply isn't good enough. What happens when a piece of hardware fails? or if an update doesn't go smoothly? With a single box you have no contingency and 5 minutes to resolve any problems and perform any updates that might be needed for the entire year.
My point stands: anyone serious about delivering 5 9's simply isn't using a single box, because you simply can't depend on it. MAYBE you'll get 5 9's out of it, but getting 5 9's from a single box is like winning a prize from a scratch and win. Its not exactly a miracle, but its hardly something you can rely on.
Hell, even promising 4 9's from a single box is taking on some heavy risk. It's not hard to envision an unexpected hour of downtime on a box over the course of a year.
Re: (Score:2)
If someone is promising a high quality SLA, they almost never will be using one box for their offerings. They will be using two or more machines connected via redundant disk controllers to a common SAN or disk array, and all the boxes will be connected to each other via heartbeat monitors.
The good thing, both VMWare and Hyper-V in Windows Server 2008 help make this task a bit easier, by allowing for a virtual machine to be hosted on a cluster, so if the primary machine fails, the others can take over witho
Re: (Score:2)
Oh, I see. Hey everyone, I'm selling 30 9s of availability such that outages aren't included in the calculation. I can offer it from even Windows ME.
Re: (Score:2)
Saying the software is no better or worse because the package as a whole is no better or worse is a pointless argument. The weakest link in that set is the infrastructure (depending on how the SLA defines it) followed by the hardware.
Which is why you have redundant infrastructure and redundant hardware. Pretty much by definition you can't achieve 5 9's on a single box, because the box itself can't achieve 5 9's. (A mainframe doesn't count as a single box here, because its got all the redundancy built in.)
So
Re:Hotpatching (Score:5, Funny)
Yeah, it doesn't actually do much. Just lets me win willy-waving matches.
Re:Hotpatching (Score:5, Funny)
Oh yeah? Well, uh, nyah.
You made that post 51 minutes after he did.
:-)
So close, but forever in his shadow
Re: (Score:2)
Oh yeah? Well, uh, nyah.
You made that post 51 minutes after he did. So close, but forever in his shadow :-)
Re: (Score:2)
5 nines is ~5.3 minutes downtime per year
You don't acheive that with a single Linux box either
Wow--5.3 minutes per year? Shit--that's like 8 reboots on my linux box...
Even though they release kernel updates for my distro about once per month, most of them involve being a local user to exploit some strange privilege in some strange area of the kernel that I don't use--and I don't have local user accounts except for root and a few services like maybe mail, dns, and/or possibly apache. So once you take out all the updates that aren't remotely exploitable, I end up with about 3 reboots per year--an
Re: (Score:2)
You have no idea what 5 9's are all about if you think that one box can handle it.
Re: (Score:2)
You have no idea what 5 9's are all about if you think that one box can handle it.
Yeah, I do know what 5 9's are all about.
You could do it with one box--but you'd have to be damn lucky.
The point I was trying to make is that I have a handful of linux boxes at various client sites doing things like intranets, spam filtering, IM servers, etc...most of them have 5 9's of uptime BY ACCIDENT. It's not like I'm promising the clients 5 9's of uptime or anything--I just maintain the box and it gets it. Sure, one of these days a drive will fail, and my response time will be 30 minutes or so,
I guess all my *ux boxes don't apply (Score:2)
The majority of them, that is, you know, the ones with 400+ days of uptime.
If you rely on a single system for 5 9s (Score:2, Insightful)
You are an idiot. 5 9s gives you just 5 minutes per year of downtime. You think if something fails in a system, you can get it back up in 5 minutes? Hell no. You want reliability like that, you do it with redundant systems. Well, in that case the individual units can certainly go down. Perfectly valid strategy. You patch them whenever you feel like, making sure that only one is down at a time and that it comes back up to full operational status before you do the next one.
A single system, well you are just r
Re: (Score:2)
Actually, yes. The company I work for has spent a fair amount of resources to enable safe patching of running binaries. When you're aiming for 99.999% uptime and better, rebooting to apply a patch is suboptimal.
Re: (Score:2)
Your company sucks.
If taking a single node down is going to unacceptably increase your risk, then you are in the realms of "trying for 5 nines", and not "guaranteeing 5 nines".
The risk of corrupting process state is going to be a hell of a lot worse than a reboot, and the cost another node is going to be less than a "fair amount of resources".
Re:Hotpatching (Score:4, Informative)
Come on, it's dead simple and it's safe. Just install a page fault handler and mark all the pages of the DLL as being unavailable, examine the current thread state of all processes and mark them if they are currently executing in the unavaiable pages, and if so simply return success from the page fault handler until the thread leaves the locked region (essentially single step through the DLL until it finally returns to the caller). If a thread was not originally executing in the protected pages and enters it, just stall it. Once all threads are stalled or not accessing the locked pages, patch the DLL and mark the pages available and uninstall the page fault handler.
What could possibly go wrong? Only if the data structures that the DLL uses internally are modified will this be difficult, in which case the patched DLL will just have to convert its own data during the patch time. If changes to user data structures are required, then the patched DLL would have to burn some space in each new data structure to identify it as a patched version and treat it appropriately, while detecting the old data structures reliably. That might be a little harder than the general case, but not impossible.
Is getting 0wned something you would want to happen on a production server that can't have downtime?
Re: (Score:3, Informative)
Just switch to Linux servers instead. :)
The ability to not require rebooting for years comes as standard.
Downtime due to upgrades is limited to how fast you can restart the app.
You can swap the files while its still running, then just restart it.
Re: (Score:2)
Re: (Score:2)
Thats trickier, but its *FAR* better than having to reboot because IE has a little security flaw.
Re: (Score:2)
Other Tech: Nope. I thought you did it. Now I can't get to the internet.
Me: Son of a bitch... Automatic Updates again... it needs a power-off and then cold start to work.
*15 minutes later*
Me: Where the hell are the backup tapes?
Other Tech: I have no fucking clue. What the hell did you do?
Me: I learned to never trust automatic updates. That said, I have a resume` to refresh.
Other Tech: But nothing is working still.
Me: Your problem now.
*2 minutes later*
Me: I can't ev
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Upgrade your software. Seriously, if you're a business, you shouldn't be using Home versions of the software.
A) It wasn't business, I was doing it for a friend because I was the only mildly technically inclined person she knew, B) it wasn't my laptop (otherwise it would be running Ubuntu) and I wasn't really given much of a choice to use a different laptop but then again I didn't think that Windows would randomly restart (haven't been an admin of a Windows box for ~3 years, done some work for work on an XP box but wasn't admin and do a bit of VM with XP every now and then)
The HOME versions of XP and Vista (XP Home, Vista Home Basic, Vista Home Premium) do this automatically. Supposedly there's a way around it with some registry hacking, but I've never bothered. You get around 5 minutes from when the dialog pops up to hit the "Reboot later" button, which just silences it for another 5 minutes.
And who thought this to be a good idea
Re: (Score:2)
There is not a mechanism for this to happen in windows unless you (or your sa's) specifically configured it to do so.
So this wasnt MS doing anything to you ... this is you setting something to happen and forgetting that you did so, or your SA's setting it to happen.
Re: (Score:2)
Actually, in production critical environments, they go through a staging process where they try a patch on a test box or two, then put the patch (even if its an out of band emergency fix) on a WSUS server that the production boxes update from.
This is very important. I've seen 0.01 revisions for firmware for a hardware issue which are just relatively small fixes to install make terabytes of data inaccessible until the machine was backed off and restored... and a production machine being down for 7 hours usu
That's it! I'm switching to a Linux Desktop (Score:5, Funny)
Slashdot's unbiased coverage of an exploit for a patch that was released last week has finally convinced me to stop using MS products. I'm also beginning to think this MS might be evil as well.
Re: (Score:2, Informative)
LOL! Yea... especially considering that doing some SIMPLE things like these:
1.) Stopping "File & Print Sharing", via your local connection, removing it as a Client/Protocol there (if you're not on a Lan Manager based OR Active Directory IP based LAN/WAN, or home network? Who cares! It's slowing you down just broadcasting extra packets anyhow OR listening for them too, wasting IO + resources) & the SYSTEM ICON in Control Panel (as to options &/or quick tasks to perform for that) make it a snap to
Clarification (Score:5, Informative)
But not everyone has installed the update. (Score:5, Insightful)
This is added incentive to complete YOUR testing of this patch ASAP.
Remember, only incompetent admins apply patches without testing them.
In our environment, the patch would have been put into testing the day after it was released (no sense getting caught by a brown paper bag bug) and then into production NEXT Sunday.
With a known exploit out there, we'd be getting more people to test the test systems TODAY. With the goal of putting the patch into production TOMORROW evening.
Comment removed (Score:5, Insightful)
Re: (Score:3, Insightful)
So, do you think I'm an incompetent admin given what I have to work with?
Sure. You don't have a test network to at least smoke patches on or you would've said something. What happens when your SBS box barfs? how long is recovery and when's the last time you tried it?
Comment removed (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
I hate being the cynic, but both times I've been burned have been on small, specialized apps that aren't going to be blink across the mind's eye of Microsoft's testing matrix. The likelihood of any or all of his clients sharing it are presumably small (unless he wrote it himself).
Smoke testing on a general scale like that is not likely to give a great return beyond the Microsoft testing.
Re: (Score:2)
virtualization (Score:2)
Stuff like vmware server is free. Download it and install it.
Create a windows guest with the required virtual hardware.
Install the cheapest licensed Windows SBS on it.
Make copies for testing different software configurations and scenarios.
The courts in my country are unlikely to smack me down as long as I don't run them all at the same time, but your countr
Re: (Score:2)
Would be strange that you can't afford the USD600+ (inclusive of the 2 x 500GB drives for storing all those vmware images), if you're doing this as a business. Maybe you should bill those companies a bit more.
I don't know about the grandparent, but I'd rather take that money home. If a company wants a patching/testing infrastructure, they can pay for it instead of me having to cut my already slim profit-margins.
To be blunt, no small business wants to pay double for their SBS install--because that's what it would take to get a real server and a test server--or a real server and a VM. (Need more memory and space in the real server for the VM.)
Many clients are fine with leaving it up to MS to get the patches
Singin' The Zero-Day Blues (Score:2)
Remember, only incompetent admins apply patches without testing them.
In our environment, the patch would have been put into testing the day after it was released (no sense getting caught by a brown paper bag bug) and then into production NEXT Sunday.
Your strategy fails to deal with certain 0-day scenarios. Not that competent admin would actually run critical services on Windows.
Re: (Score:2)
Agreed, sometimes there are no perfect options, and strategies which fail to deal with actual real-world scenarios can't be considered comprehensive.
This is where a real sysadmin shines.. he can isolate the problem and hack up a solution within minutes and apply it without regard for testing.
The degree to which this is unwise is inversely proportional to the skill of your sysadmin.
Re: (Score:2)
Re: (Score:2)
Remember, only incompetent admins apply patches without testing them.
Okay, I'll bite on playing devil's advocate here - so what's your test proc?
This is an patch developed and distributed by the OS manufacturer. I don't know what files are being touched by the fix, but how are your folks testing against those files, all apps which touch those files in execution, and what constitutes a successful test?
I agree with what you're saying in principle, but in practise it is very difficult to truly test OS vendor patches comprehensively. How do you ensure that every piece of funct
Re: (Score:2)
Seems like an honest question, so I'll give you an honest answer. :-)
Most companies that bother with an 'IT department,' rather than That One Guy, will have standardized desktops by role. That is to say, you take a computer, you put it on the network, you authorize it into your management system (be it Microsoft SMS, Novell Zenworks, whatever) and wait. Or you whip out your image CD for that role, plop it in the drive, reboot, and walk away.
In any event, a standard load for that role is plopped onto the P
the droning *gong* of microsoft cracks (Score:4, Interesting)
This is like a droning gong.
*Gong* Bring out your dead *Gong* Windows is insecure *Gong* Bring out your dead *Gong*
It seems to me there is a fatigue that sets in regarding unpleasant information. How many times does one have to hear a thing, especially an unpleasant thing they don't want to hear, before that person stop listening to it? This happens to me at least. We see this (as a parallel) in politics all the time, when we're told this guy or that person broke the law. Its like a background din you have to tune out to get through the day.
It's made worse because there is no solution.
For the user of windows, there is nothing they can do about the fundamental insecurity that leads to repeated, consistent, and regular security updates like this. The only option is to change OS, which if you're the average computer user, that is not an option without significant expense. It's unpleasant to hear that crackers are breaking into computers and turning them into zombie swarms of attacking botnets. Hear the same bad thing enough times, eventually people stop listening.
I was fortunate: my windows laptop was stolen in 2004 and I made the switch, and now use Mac and Linux now exclusively. Not that Mac is any panacea - I still can't stand Finder, I think it is awful, and curse it every time I need to move a few files to some other folder on another drive (usually I just use "mv"). BUT at least I'm not forced to start ignoring serious security threats that I can't prevent or address effectively. (I don't consider a long series of "After the crack" patches effectively addressing the problem)
Re: (Score:2)
Re: (Score:2)
I'm not Microsoft lover, but (Score:5, Insightful)
I'll give them credit for patching this quickly. This could have been Yet Another Windows Worm (TM) that brings all legitimate network traffic to a halt. And us Slashdotters have been after them for years for taking too long to patch things, so it would be completely hypocritical to get pissed at them for doing what we'd want them to do.
I'll hate them for having the exploit possible in the first place, I'll hate them for requiring reboots, I'll hate them for forcing crappy software down our throats, but every once in a while they do something right.
Re: (Score:2)
How the fuck does this keep happening? I can understand a remote exploit here and there. But seriously. How dumb/slow/lack of testing do you have to be to put these in the wild. Last bug that made Slashdot affected everything back through like 98 or something. I know "MS sux" is the big joke around here, but seriously.
If it's because Windows is the Most used OS in the world, why don't we hear about Apache remote exploits? With Apple and Linux taking market share with College kids and the Server market why a
Re: (Score:2)
Windows is huge compared to a typical Linux server setup -- Server 2003 takes up 20 times as much disk space as Ubuntu's server offering, and on the desktop, it's still a factor of three or four. On one hand, a lot of that is going to be help files, images, GUIs, and so forth; on the other, there's just going to be a lot more executable code that might be running.
This isn't an excuse for Windows to have exploits, but it's probably a large portion of the cause.
Re: (Score:2, Insightful)
It would, but for their intentional denial of updates to "illegitimate" installations.
Re: (Score:3, Informative)
You've always been able to automatically update even cracked copies of Windows automatically, you just can't do it via update.microsoft.com.
I'm not sure where you've got your information from.
Re: (Score:2)
Re: (Score:2)
Yeah, the trouble is they made windows genuine advantage notifications a "critical" update and worse if you are in semi-automatic mode, decline it and tell it not to show it again it will reappear when they do a new version of it.
So those who want to avoid getting it rammed in thier face that they are running "pirate" windows can't use fully automatic updates and if they use semi-automatic updates they have to check for wga in the list every time.
Re: (Score:2)
And as such I would expect most people selling machines with pirate copies of windows/using pirate copies to do reinstalls for people to leave automatic updates completely disabled.
Microsoft didn't downplay this (Score:5, Informative)
Instead they issued an out-of-cycle patch and they gave it a very high severity rating in their bulletins. None of us are Microsoft lovers. But you don't have to lie to us just to be able to pat us on the back. It's disgusting, please stop it.
Re: (Score:3, Informative)
Please mod parent up.
Microsoft even contacted partners to make sure they were applying the patch as soon as possible.
I don't know where the author got the downplaying from...
Cut & Paste (Score:2)
.
How does this translate into downplaying the threat?
October 23, 2008 (IDG News Service) Microsoft Corp. fixed a critical bug in its Windows operating system Thursday, saying that it is being exploited by online criminals and could eventually be used in a widespread "worm" attack.
Micro
Metasploit (Score:5, Informative)
Be warned; this is already on metasploit. The intrepid can find this for themselves...
Testing it to see if it actually works though.
Re: (Score:2)
The intrepid can find this for themselves...
Well, unless this thing runs in WINE so I doubt those who are intrepid can find it for themselves...
(For those who are clueless and won't get the joke, Intrepid Ibex is the codename for Ubuntu 8.10)
Re: (Score:2)
Link to exploit... (Score:2)
-metric
Vista rulez... (Score:2, Interesting)
Seriously, this is only really gonna be a problem to someone connecting on dialup and it's gonna take so fucking long to send the information that the person running the exploit is most likely to have died from old age before they get anything worth a toss.
Re: (Score:2)
I see a bigger issue in buisness networks. Many places rely heavilly on windows file and print sharing so blocking it complely is not an option and iirc the basic browse/name resoloution system tends to get upset if you try and do any kind of firewalling.
One infected machine behind the firewall could easilly reak havok.
Downplaying the vulnerability ? (Score:4, Insightful)
I'm sorry... downplayed?
Is there any admin in the world that didn't get the message that this was kinda sorta urgent?
This was the first time in four (?) years that Microsoft went out-of-cycle on their patches. That alone got attention, and would hardly be considered "downplayed".
Every stinkin' newsletter I got last week all mentioned it. Vendors mentioned it. Slashdot mentioned it a dozen times. And Microsoft sent out many many bullitens.
What would it take to satisfy the submitter's requirements for sufficient attention? CDs mailed out via FedEx Next Day to every registered owner of Windows?
Perhaps the real downplaying is what Slashdot tends to do whenever a Linux-releated bug is found.
What's all the fuss? (Score:2)
I saw all the fuss last week about this, so I went ahead and read the MS release. My reaction: "meh". Yes, we're running windows. About 100 desktops and 13 servers. No, we don't patch everything at the drop of a hat.
This patch will be rolled out here in 2-3 months, along with a bunch of other MS patches. Do we test everything thoroughly? No, that would be far too much time and effort. We wait a few months so that everybody else can do the bulk of the testing for us, then internally we simply roll pat
Re:Another out-of-cycle patch is coming, right? (Score:5, Informative)
No, this is the same exploit we talked about before.
If you patched on the 23rd, you should be fine.
Re: (Score:3, Informative)
Re: (Score:2)
you probably shouldn't click that unless you trust the owner/controller of milw0rm.com to not infect whichever system you have. </warning >
darkpixel@hoth:~/tmp$ uname -a
...hmm...
.
./MS08-067.c: OK
./srvsvc.h: OK
./srvsvc_c.c: OK
./mem.h: OK
./srvsvc.idl: OK
./MS08-067.exe: OK
./srvsvc_s.c: OK
Linux hoth 2.6.27-7-generic #1 SMP Fri Oct 24 06:42:44 UTC 2008 i686 GNU/Linux
I feel pretty safe...
*time passes*
*time passes*
darkpixel@hoth:~/tmp$ wget -c http://milw0rm.com/sploits/2008-MS08-067.rar [milw0rm.com]
*snip*
MS08-067.rar' saved [12506/12506]
darkpixel@hoth:~/tmp$ unrar e 2008-MS08-067.rar
*snip*
darkpixel@hoth:~/tmp$ clamscan
----------- SCA
Re: (Score:2)
As Windows 2000 is affected by this vulnerability, I'm wondering if NT4 is as well. There's a still a sprinkle of NT4 servers about hidden in the back of server rooms. Will this be the push to finally replace them?
Hell no. If you still have an NT4 server around, the only thing that will get it replaced is to drive a silver stake through the hard drive and dump it off the nearest bridge.
Re: (Score:2)
1: upgrade to a new version of windows (IIRC microsofts lifecycle policy says there will be at least two years between the release of windows 7 and the end of security updates for XP)
2: switch to another OS
3: stick with XP and work to reduce your exposure by other means
3a: use a software firewall to severely restrict what if any machines can connect to file and print sharing on your machine
3b: don't serve files or printers off windows client machines, give that job to a dedicated box running a supported ver