Microsoft Out-of-Band Security Bulletin - Page 3
Page 3 of 3 FirstFirst 123
Results 21 to 30 of 30

Thread: Microsoft Out-of-Band Security Bulletin

  1. #21
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    That's interesting regarding the NICs... I've read other reports of people stating that DHCP wasn't working for them on their wireless after installing the patch. I wonder if it's s trend..

    As for how the servers get exploited... malware doesn't have to use a single attack vector.

    A workstation may have the MS08-067 patch, but that doesn't mean it can't be infected by a worm that takes advantage of MS08-067 to spread. For example, a unpatched browser vuln could be used to drop the malware on the system, and it can then target unpatched systems on your network.

    Maybe not a great amount of risk, but it's something to consider.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #22
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Red face

    Quote Originally Posted by HTRegz View Post
    t34b4g5: Neg posted that on the third post.

    Yeah just spotted that now. Up late and not concentrating properly

    deleted my post as neg's seems to have a lil more info then mine

  3. #23
    There's a fairly low-key but worrying bit of malware exploiting this at the moment: http://voices.washingtonpost.com/sec...exploitin.html

    Don't been fooled into thinking that a worm exploiting MS08-067 will be just like the ones we saw a few years ago - there are several different ways that a client could get infected with a dropper that will then go off to scan and exploit a network normally protected by a firewall. You could simply add the dropper as a module to a typical drive-by download attack, for example.

    POC code has been around for a few days, it clearly is possible to exploit this and the patch has been pretty comprehensively reverse engineered by researchers (and presumably also the bad guys).

    If you're running a corporate network, then you should assume that you will eventually get hit by an MS08-067 based worm despite any countermeasures that you have in place. So patch now.

  4. #24
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I am not saying I am not going to patch....I am just saying there are alot of ways to slow down the spread.

    and if the client is patched....how does it get infected??

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #25
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by morganlefay View Post
    I am not saying I am not going to patch....I am just saying there are alot of ways to slow down the spread.

    and if the client is patched....how does it get infected??

    MLF

    The patch fixes against the vulnerability being exploited on the box. That doesn't mean that another piece of malware (a dropper as Dynamoo mentioned) couldn't drop malware on your system that scans your network and exploits unpatched systems.

    You're system is protected against being attacked if you've patched, not against attacking other systems.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #26
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Yeap that is a possibility...although unlikely in this environment.

    And after monitoring newsgroups\forums and application sites .......I applied the patch to the server.

    My point was there was some time.....and the likelyhood of the threat getting past the existing barriers .... firewalls, NAT routers, AUPs etc...the threat to my network was minimal...allowing me time to research and ensure that applying the patch would not affect my network. and application.

    Security is fine as long as it does not affect functionality.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #27
    We've applied this patch to a lot of systems (3000+) with no ill-effects so far that can be attributed to it.

    The odd thing about these worms is that they can flare up again from time-to-time. We got hit by the old Code Red IIS worm two *years* after it was released, on an unpatched server. We have absolutely no idea how such an old worm managed to get onto our network, but it caused a significant amount of disruption.

  8. #28
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by dynamoo View Post
    We've applied this patch to a lot of systems (3000+) with no ill-effects so far that can be attributed to it.

    The odd thing about these worms is that they can flare up again from time-to-time. We got hit by the old Code Red IIS worm two *years* after it was released, on an unpatched server. We have absolutely no idea how such an old worm managed to get onto our network, but it caused a significant amount of disruption.
    Dragging this even more off topic... My honeypot is hit by slammer on a daily basis...
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  9. #29
    Quote Originally Posted by HTRegz View Post
    Dragging this even more off topic... My honeypot is hit by slammer on a daily basis...
    Well, not really off-topic. It goes to prove that you *think* your safe from a worm attack because it's quite old, but the little buggers are persistent.

    Luckily, there doesn't seem to be a concerted effort to exploit this one at the moment.

  10. #30
    Member Slartarama's Avatar
    Join Date
    May 2008
    Location
    Pacific Northwest
    Posts
    53
    Quote Originally Posted by morganlefay View Post
    specifically when assessing a threat...as to run around and apply patches untested to a production environment is risky to say the least and I like to see what the mitigating factors are before I patch.

    I have seen some hasty patches totally fubar a server \application....
    I hear ya. We are patching our servers tonight. We have a ton of applications that have been broken by MS Patches and they had to be thoroughly tested by the apps teams.

    Workstations are showing any problems, they have already been patched.

    Our environment has users on 24/7 -365, so it's a pain for them when we have to do this, but I like to remind people of this nasty virus outbreak we had a few years ago that brought a lot of our sites down for days.

    A few hours is always better than a few days.

Similar Threads

  1. August security hotfixes
    By mohaughn in forum Microsoft Security Discussions
    Replies: 1
    Last Post: August 9th, 2005, 08:37 PM
  2. Network Security made easy?
    By Tiger Shark in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 14th, 2005, 08:47 PM
  3. October MS updates
    By mohaughn in forum Microsoft Security Discussions
    Replies: 2
    Last Post: October 13th, 2004, 05:31 AM
  4. Securing Windows 2000 and IIS
    By spools.exe in forum Microsoft Security Discussions
    Replies: 0
    Last Post: September 15th, 2003, 10:47 PM
  5. Lol Now I Know Why Everyone Hates Microsoft!!!
    By NUKEM6 in forum Non-Security Archives
    Replies: 10
    Last Post: January 24th, 2002, 06:21 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •