Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Serius windows bug. All NT versions affected (2k, 2k3)

  1. July 17th, 2003, 07:50 PM #11
    tonybradley
    tonybradley is offline
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    mohaughn- was that an accident or did you just feel it was worth repeating?

    I agree that blocking at the firewall is not "sufficient". There were articles earlier this week about how remote users are one of the weakest links to corporate information security for the reasons you cited.

    I think that since their IS a patch for this that it may as well be tested and applied.

    However, because of MS03-010- for which there is NO patch for NT- you are still vulnerable to other flaws and should block the external ports to minimize your exposure until you can replace or upgrade NT.
    Tony Bradley, CISSP, Microsoft MVP
    Follow me on Twitter
    Blogs:
    The Edge
    Evangelyze Communications Security
    Unified Communications: Click to Talk
    Reply With Quote Reply With Quote
  2. July 17th, 2003, 08:10 PM #12
    mohaughn
    mohaughn is offline
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    That was a mistake.. I have no idea why it posted my comment twice.. it has been corrected...

    I also have just received word from some of my counterparts in our security group that there is rumor going around that a worm that exploits this vulnerability may already be propagating, or soon will be... Of course this may just be a security group creating some FUD to make sure the patch gets deployed.. but these guys normally come into information before it makes headlines.

    I am normally really against using a patch that was just released, but in the case of this one.. I think everyone should make sure to apply the patch...
    Reply With Quote Reply With Quote
  3. July 17th, 2003, 08:52 PM #13
    bballad
    bballad is offline
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Mohaughn - Very good point, security in depth should alwyas be implamented.

    Some options on the home users would be to
    1. make a personal firewall (or better yet a dsitributed firewall like the F-Secure one is) manditory on all VPN machines.
    2. This is more expensive but we issue any one ho is working via VPN a laptop that (via busness rules) can only be used for Telecomuting to work. These Laptops are the only things we allow on the VPN
    Who is more trustworthy then all of the gurus or Buddha’s?
    Reply With Quote Reply With Quote
  4. July 21st, 2003, 03:01 PM #14
    warl0ck7
    warl0ck7 is offline
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    Everyones correct
    RPC sucks and still all the patched versions of Windows 2000 and XP are vulnerable.
    PSSSS...., an exploit causes a buffer overflow and shows the famous read error, this could be exploited remotely to bind a shell to a port so beware, only if you know what i am saying.

    best is to seal the port 139 or configure your firewall to drop certain (hmm..) packets.
    http://i12.photobucket.com/albums/a2...l0ck9/Sig5.gif
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules