For those of you interested in why I am messing up your life so badly. Non-MyCompany staff may or may not wish to forward this to all their users as an explanation of the current situation.
This is quite long. For those who can't be bothered to read my lengthy emails the short version is "We are potentially [Insert your expletive of choice here]. This is big, it affects both your work and your home computers. Take precautions or be a part of the problem - worse yet suffer the worst the attackers want to do to you". The un-interested people may tune out and go back to their normal business.....
I _absolutely_ trust the good people at the Internet Storm Center. They are well know people in the computer security world. They are trusted worldwide by people who are far better at this stuff than me.
We are going though all these gyrations and inconvenience because what they have been saying over the last ten days mirrors what I have been thinking. They have made it quite clear today. I quote from their web site.
_____________________________________
"Are you ready to battle a large virus/worm outbreak? Please don't view
this is a prediction that there will be a large event, but let me just
say that conditions are right for a big storm (WMF issue and the return
of the Sober worm).
Regarding the WMF issue, you have probably decided to either wait for
the official Microsoft patch, or you are rolling out Ilfak's patch. But
there is still about 6-10 days of risk here for a major worldwide event...
1) There is a serious vulnerability in Microsoft operating systems.
2) An official patch will not be available from Microsoft until Jan. 10.
3) There are multiple propogation vectors: e-mail, instant messaging, web
surfing, etc.
4) Several different versions of the exploit are in the wild and are
being actively used by criminal groups. All propogation methods are
being used. As of Wednesday, Jan 4 20:15:00 UTC, our current poll
indicates that 22% of respondents (340) have seen exploit attempts
through one of the exploitation vectors.
5) Tools to generate random files to exploit the vulnerability are
publicly available. These tools may be used to evade anti-virus and
IDS/IPS signatures.
6) Anti-virus signatures and intrusion detection/prevention system
signatures may only be able to catch the first generation of exploits.
7) If an outbreak does occur, how are you going to sanitize laptops that
were infected outside of your network before allowing them to connect
to your internal network?"
_______________________________
The source of this text is at
http://isc.sans.org/ for those who would like to read more - but it is technical and basically advice for people like myself.
January 10th is a misleading date... The reality is that on January 10th Microsoft's web site will be overloaded so getting the patch will be nearly impossible. It will be, realistically, the 11th or 12th before my update servers actually have the patch. It will be the 13th/14th before your workstations have the patch - But, because of the way the system works, it will be th 14th at the earliest - most likely the 15th before I can seriously consider that machines that are in regular use are patched, (yes, I know there is a weekend in there - I'm being optimistic). But then there are those computers in back rooms and offices where the worker only comes in weekly that will remain unpatched... They will remain a threat to the network until they are patched and will most likely be a threat for the first few hours they are used before they become invulnerable. This is why I have chosen to block access now and roll out the unofficial patch - It gives you some protection and it gives me a nice warm fuzzy feeling, which I like when I am scared - trust me.... ;-)
Fix your home computers too with the link I have provided for you - you'll get the warm fuzzy feeling too....
Lastly, don't think for one second that the bad guys aren't looking carefully at the patch and the exploitable module to see where they can continue their attack.....
I love my job, happy new year, I love my job, happy new year, I love my job, happy new year..... ad infinitum.... :-0