New Microsoft Security Hole... READ NOW.
Sep 11, 2003 at 5:48 PM Thread Starter Post #1 of 24

vwap

Padawan.
Joined
Dec 4, 2002
Posts
2,919
Likes
10
Hey All!

[Windows 95/98/ME users, you can stop reading here... unless you really feel like seeing what you're missing out on without Windows NT 4.0/2000/XP...]


Anyhow, I've got yet another Microsoft advisory to let you all know about... Announced just yesterday by Microsoft, MS03-039 (a.k.a. KB824146) is the "Big Brother" to MS03-026.. The last hole through which the Blaster and LovSan worms came through. In the IT world, we suspected that that didn't patch the hole completely. We were right. MS03-039 supercedes MS03-026. This is quite possibly _even more_ destructive than the
last hole.

Patch NOW. Read CERT Advisory CA-2003-23 for other tips on combatting this (and many other) holes.

CERT Advisory CA-2003-23
Microsoft Security Bulletin MS03-039

(or, an "end-user" version that's easier to read for the less tech-savvy)

You can use Windows Update to download the updates (alternatively, use the download locations within the MS03-039 bulletin to download the patch itself). But I cannot stress it enough. PATCH NOW.
 
Sep 11, 2003 at 6:04 PM Post #2 of 24
Thanks for the latest heads-up Andy. The last attack you mentioned even got me down here in Ecuador, so I am downloading this right now to make sure I am protected ASAP.
 
Sep 11, 2003 at 6:05 PM Post #3 of 24
thanks for the post vwap! done and done
 
Sep 11, 2003 at 6:37 PM Post #4 of 24
Fine tip Vwap.
biggrin.gif
Thanks!
 
Sep 11, 2003 at 6:41 PM Post #5 of 24
Hi All...

Just to let you know that if you have the Windows Update auto installer thing set up on your computer, look in your history for update 'KB824146' installed 10 September or later... If you have this - you'll be fine... if not, as vwap said - go get it now!!

(Thanks for the heads up Andy!)
 
Sep 11, 2003 at 6:58 PM Post #6 of 24
thanks for the heads up. i'm patching now.
 
Sep 11, 2003 at 8:15 PM Post #7 of 24
Thanks Vwap for the heads up. I think I was actually being tapped into and hacked as I checked head-fi... i noticed my homepage was set to something I did not set it to, and also that when I exited Windows to reboot my system for the patch it said someone was using the command prompt and whether I should quit anyways and lose all information (which I of course immediately did).

Scary stuff. I'm beginning to wonder how safe WindowsXP really is... seems like there's all sorts of vulnerabilities. I just downloaded 4 other securtiy updates for vulnerabilities that seem pretty bad to me. I feel like I need to be more careful about what I store on my hard drives these days.

Oh, that last heads up you gave also saved my ass. I think I installed the security update maybe 3 days before the attacks began accumlating rapidly. I thought nothing of it at first, but then several of my friends began asking me "how do i get rid of this damn virus???"

And greetings from Japan! I finally made it!
 
Sep 12, 2003 at 5:32 AM Post #8 of 24
Well, glad it's helped people!

Heh.. at the very least, it'll keep some hair on your heads
wink.gif



[size=xx-small]sidenote: .. oh .. and you didn't I'd forget to come back for #500,000, did ya?
wink.gif
[/size]
 
Sep 12, 2003 at 5:42 AM Post #9 of 24
Quote:

Originally posted by Duncan
Hi All...

Just to let you know that if you have the Windows Update auto installer thing set up on your computer, look in your history for update 'KB824146' installed 10 September or later... If you have this - you'll be fine... if not, as vwap said - go get it now!!

(Thanks for the heads up Andy!)


Where do I find this history you speak of?
My computer did an update yesterday 09/10, but I would like to make sure I got this covered.

And, a thank you to vwap and Duncan from me also.

Thanks guys!
 
Sep 12, 2003 at 5:52 AM Post #10 of 24
Quote:

Originally posted by Mr.PD
Where do I find this history you speak of?
My computer did an update yesterday 09/10, but I would like to make sure I got this covered.

And, a thank you to vwap and Duncan from me also.

Thanks guys!


Mr. PD,

You can either go into the Windows Update "Installation History" [It's somewhere on the page, I think in the left navbar], or go into Add/Remove Programs in the Control Panel to see if you have the KB824146 patch installed.

Good luck,
 
Sep 12, 2003 at 6:03 AM Post #11 of 24
Quote:

Originally posted by vwap
Mr. PD,

You can either go into the Windows Update "Installation History" [It's somewhere on the page, I think in the left navbar], or go into Add/Remove Programs in the Control Panel to see if you have the KB824146 patch installed.

Good luck,


Okay, I figured out what windows update was, I am brain dead tonight.
biggrin.gif

I went and checked the installation history and I have a succesfull installation of that patch.

Thank you for your patience. I've been working on my car all day, and I can't think computer right now.
 
Sep 12, 2003 at 6:06 AM Post #12 of 24
Thanks for the heads up on the update, vwap. I just have one thing to say: MICROSOFT SUCKS! They've come out with so many security fixes in the past month it's just crazy. Maybe they should come out with a remotely secure OS for once.
 
Sep 12, 2003 at 6:16 AM Post #13 of 24
Yep. Things are crazy. I patched this afternoon.

Not that the patches mean anything to me because I'm behind a good firewall.
 
Sep 12, 2003 at 6:40 AM Post #14 of 24
Whew! I'm patched! Now, I got to check my 5 other computers.

Makes me wonder: how porous is Windows XP? They keep issuing these death knell security updates each week!
 
Sep 12, 2003 at 6:41 AM Post #15 of 24
Quote:

Originally posted by MusicLover
Thanks for the heads up on the update, vwap. I just have one thing to say: MICROSOFT SUCKS! They've come out with so many security fixes in the past month it's just crazy. Maybe they should come out with a remotely secure OS for once.


You try putting one out
wink.gif


I'm no Microsoft fanboy, that's for sure. However given the complexity and sheer size of their modern OS's - bugs such as this one are bound to come up. Take just about ANY other OS on the market, increase the userbase by 1,000 times or more (up to Windows scale) - and the amount of bugs/exploits/vulnerabilities found would make Microsoft seem like a security genius.

-dd3mon
 

Users who are viewing this thread

Back
Top