Microsoft's URGENT SECURITY UPDATE

by Patrician

Posted: 15 years ago 9 replies

OFF TOPIC

Microsoft's urgent security update: What it means | News - Security - CNET News

Earlier today, Microsoft did something unusual. The company made an exception to its normal security processes and issued an "out-of-band" urgent update.

The update applied is classified as critical for Windows XP and older versions and is considered important for Windows Vista.

After speaking with Microsoft earlier today, I strongly suggest that users understand the importance of this update and begin emergency patching procedures immediately. While exploits around this Windows vulnerability have been limited thus far, Microsoft concedes that it could be exploited by old-school Internet-based worms a la 2004 and do massive amounts of damage. In addition to patching Windows systems, I also encourage users to install the latest security signatures from endpoint and network security vendors.

Microsoft's "out-of-band" reaction speaks to the seriousness of this threat, but I can't help but be impressed with the behind-the-scenes effort that led to this action. It is noteworthy to point out a few things:

1. Microsoft security researchers discovered this vulnerability themselves with the aid of some customer data. In other words, this vulnerability was not brought to Redmond's attention by a third-party researcher, Black Hat Web site "chatter," or a series of massive malicious exploits. This is a good proof point to those who still believe that Microsoft does not take security seriously.

2. In preparation for the urgent update, Microsoft has been sharing data and patches with other endpoint and network security vendors as part of a number of security partnering programs. This means that notification from Microsoft will likely be followed by new security signatures and support by leading security vendors.

3. It is worth mentioning that the vulnerability in Windows Vista is not as pronounced as older versions of Windows. To me, this speaks to the effectiveness of the Security Development Lifecycle (SDL) process. Lessons learned from this vulnerability will be integrated into future revisions of SDL as part of a constant improvement cycle.

Some will point fingers at Microsoft and claim that this "out-of-band" security bulletin is further proof that Microsoft remains an anathema to security. I don't share this view. Complex software will always contain vulnerabilities and bugs. The trick is to fix as many as you can during the development and testing process, continue security research once software is released, and respond to problems with professionalism, industry collaboration, and haste. In my view, Microsoft is doing a good job at following this model.

KimW 15 years ago

Thanks Patrician,update installed!
- Thanks
Signature

Read A Post.
Subscribe to a Newsletter
KimWinfrey.Com
{{ DiscussionBoard.errors[196813].message }}
Patrician 15 years ago

Gawwwwwd how I love it when people listen to me! especially males. lol!

Be safe!
- Thanks
Signature

Patricia Brucoli
Plug-In Profit Site Helpdesk
{{ DiscussionBoard.errors[196839].message }}

Patrician

15 years ago

Microsoft Bug: Patch Now, Patch Fast

By Stefanie Hoffman, ChannelWeb
3:11 PM EDT Fri. Oct. 24, 2008

If there's anything that Microsoft (NSDQ:MSFT) is telling its users, it's to patch their systems, and fast.

After Microsoft released an out-of-band update for a critical Windows vulnerability that allows hackers to execute a malicious Internet worm on users' computers, security experts are strongly recommending that users apply patches immediately.

Specifically, the remote execution vulnerability allows hackers to write worm code--malicious self-propagating code that doesn't require any user interaction--by crafting a special RPC request. A successful attack would enable the hacker to take complete control of a victim's computer, and ultimately steal sensitive financial information from their victims. In addition, once a user's system is affected, the malicious code has the ability to rapidly self-propagate and infect every other unpatched computer in the network.

The flaw, which affects almost every Windows operating system, is rated "critical" for many of the earlier versions of Windows, including Windows 2000, XP and Server 2003. However, the bug was given the less severe rating of "important" for Windows Vista and Server 2008.

Security experts maintain that the exploit code has actively been used in the wild, with exploits stemming from hackers who have already reverse-engineered the patch.

"The frightening thing to me is just how quickly the bad guys were able to turn out an exploit," said Paul Henry, security and forensic analyst at Lumension Security, Scottsdale, Ariz. "I really think that speaks volumes about the necessity to deploy your patches very quickly, and very widely."

Henry said that researchers detected malicious code designed to grab user credentials before encrypting them and sending them to a New Jersey-based server. Henry said that the malware has so far affected at least 3,600 users, but said that the number would likely increase significantly over the weekend.

Meanwhile, an advisory by San Diego-based Websense also alerted users that hackers have unleashed attacks by installing the Trojan Gimmiv. The alert noted that only 25 percent to 36 percent of antivirus vendors could detect the malicious exploit code.

In a blog posting, Microsoft security researcher Michael Howard contended that that the bug, which stems from a stack-based buffer overflow vulnerability, was difficult to detect due to its complexity.

"I'll be blunt; our fuzz tests did not catch this and they should have. So we are going back to our fuzzing algorithms and libraries to update them accordingly," he wrote. "In my opinion, hand reviewing this code and successfully finding this bug would require a great deal of skill and luck."

Howard said that in the last year he had noticed that many Windows bugs, like the recently detected Internet worm, fell into the category of "onesey-twosies"--that is, complex derivatives of existing vulnerabilities.
"First the good news; I think perhaps we have removed a good number of the low-hanging security vulnerabilities from many of our products, especially the newer code," he said. "The bad news is we'll continue to have vulnerabilities because you cannot train a developer to hunt for unique bugs, and creating tools to find such bugs is also hard to do without incurring an incredible volume of false positives."

Henry added that the severity of the flaw, emphasized by the out-of-band patch, underscores the need for enterprises to consider automated patch management technologies. "The big gotcha is, unless you have automated methodology enterprise wide, you could be caught up in this because you're not going to have enough time to patch your systems."

Microsoft Bug: Patch Now, Patch Fast - Security - IT Channel News by CRN and VARBusiness

Thanks
1 reply

Signature

Patricia Brucoli
Plug-In Profit Site Helpdesk

{{ DiscussionBoard.errors[200088].message }}

Mike Wright

15 years ago

Good post Pat

Luckily, in a "mixed blessings" episode this Tuesday morning, my laptop
hard drive died in a spectacular display of Windows warning messages
almost exactly 1hr after its new bigger and better replacement came
in the post. So, have been using backup disks and Windows Update all
week. So ended up with zero outstanding critical updates when I just
checked. The other 'puters are on auto-update anyway.

Just for general information, the old hard drive caused symptoms
almost identical to Ram problems .... but Ram tested out OK. The
fault was a dying (then dead) writeback cache in the HDD electronics.
Booted up fine every time after crashing with BSOD .... then eventually
threw up a SMART HDD failure warning end of last week. Swift order
of replacement .... which arrived just in time. LOL, old disk hung in
there with "0% disk health" flashing in red in diagnostics programmes
for 3 days. Living on the edge or what

Thanks
2 replies

{{ DiscussionBoard.errors[200366].message }}

Jeremy123 15 years ago

I have no problems with my pc.
- Thanks
{{ DiscussionBoard.errors[200421].message }}

Patrician

15 years ago

What an obstacle course, Mike. It takes so long to get everything back to the rut after something like this!

RIP- Mike's HD...

Originally Posted by Mike Wright

Good post Pat

Thanks
1 reply

Signature

Patricia Brucoli
Plug-In Profit Site Helpdesk

{{ DiscussionBoard.errors[200749].message }}

Mike Wright 15 years ago

Originally Posted by Patrician

What an obstacle course, Mike. It takes so long to get everything back to the rut after something like this!

RIP- Mike's HD...

Lol Pat, for privacy, security and revenge reasons, I will be
"wiping" it with a Kewl utility suitable for all hard drives called
The 4lb Hammer. Better safe and satisfied than sorry
Out of waranty anyhow grrrrr .... bash, bash, bash
- Thanks
{{ DiscussionBoard.errors[200963].message }}

KimW 15 years ago

"Just for general information, the old hard drive caused symptoms
almost identical to Ram problems "

This can be so true and many people miss the fact. Good job pointing it out.
- Thanks
Signature

Read A Post.
Subscribe to a Newsletter
KimWinfrey.Com
{{ DiscussionBoard.errors[200427].message }}
Patrician 15 years ago

enjoy!

Beat up your PC - use your fists to smash your computer to pieces

i love this guy - he has added one of those *#(@)#)# error dialogue boxes right at the beginning to **** you off - just click a few times to get the fun part and be sure to keep smashing everything until it shatters.

muwahahaha!
- Thanks
Signature

Patricia Brucoli
Plug-In Profit Site Helpdesk
{{ DiscussionBoard.errors[201088].message }}

Microsoft's URGENT SECURITY UPDATE

Trending Topics

Google Ads, landing pages, and Clickbank links

Carry out better target audience research

YouTube gets shopping display tools and affiliate partnership updates

Membership area with multiple income streams

A Very Strange Internet Problem