Re: Microsoft to rush out emergency Windows patch today

["Larry Seltzer" <larry () larryseltzer com>]

> > -Block TCP ports 139 and 445 at the firewall

This is critical, but note that any firewall not written by a complete
idiot will block these ports. So as a practical matter a very large
percentage of users are effectively protected by their router firewall
and/or by Windows Firewall or a 3rd party product.

If you have File and Print sharing on you are exposed, but only to
people on the local subnet who you have given rights to. So there's
still an issue, for example, with the dumb-ass roaming user who gets
infected in a hotel and brings it back to the company LAN where he
infects the Win2K3 server. 

BTW, Vista and 2008 are vulnerable, but only to authenticated users, so
the same roaming infected idiot scenario applies I guess, because he
might be authenticated locally. 

So it's serious, about as serious a bug as we've seen from Microsoft in
at least 2 or 3 years, but it's no Blaster. People are largely better
protected now in spite of themselves.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Juha-Matti Laurio
Sent: Thursday, October 23, 2008 4:57 PM
To: funsec () linuxbox org
Subject: Re: [funsec] Microsoft to rush out emergency Windows patch
today

And it is
http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx

Recommended workarounds:
-Disable the Server and Computer Browser services
-Block TCP ports 139 and 445 at the firewall

Go and patch ASAP this RPC vulnerability, folks.

Juha-Matti

Juha-Matti Laurio [juha-matti.laurio () netti fi] kirjoitti: 
> "Microsoft will rush out an emergency security patch for Windows users
on Thursday.
> The company offered few details on why it was releasing the software
update, which is rated critical for users of Windows 2000, Windows XP,
and Windows Server 2003.
> A critical flaw is worrisome, however, because it can be exploited by
online attackers to seize control of the PC.
> The update will be released at 10:00 am, Pacific time, said Microsoft
spokesman Christopher Budd in a blog posting published late Wednesday.
> The flaw is considered to be a less serious risk for users of the
Windows Vista and Server 2008 operating systems Microsoft said in an
advisory on the issue."
> --clip--
>
> More at
http://www.pcworld.com/businesscenter/article/152665/microsoft_to_rush_o
ut_emergency_windows_patch.html
> Reference:
> http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx
> (has replaced the Oct sumamry page:-( btw)
>
> Upcoming webcast:
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=10323
93978&EventCategory=4&culture=en-US&CountryCode=US
> According to PC World
> "[Mr. Dragos] Ruiu said that presenters at Microsoft's recent Blue Hat
internal security conference told him that they'd discovered some
serious Windows bugs using security testing tools and that the update
could fix one of these issues. "It might have wide reaching impact, or
might be used easily for significant malicious hijinks," he said."
>

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.