That MS Critical Patch

To add to all the coverage of the extra special (and critical) MS patch released yesterday, for the benefit of my three (that many?) regular readers:

My first reading of the various links about this vulnerability and patch (see below) indicate that, although the rating is critical, and the patch should be installed immediately, there is less exposure to Vista and Server 2008 and XP SP2+ systems because their default settings enable the firewall and block ports 139 and 445. (You can check if those ports are blocked by using the ShieldsUp test at www.grc.com.)

Note that this vulnerability has the potential for the same impact as the Blaster and Sasser worms (the blocking of those ports and default firewall enable XP SP2 and Vista is one of the results of learning from the Blaster worm). That blocking will help with external attacks, but an internal attack (behind the firewall) may be possible. For instance, our organization was severely impacted by an internal attack of the Blaster worm, which caused a Denial of Service (DoS) type of attack on network traffic.

The initial takeaway is that the MS patch, and probable (already released now) upcoming AV patches will be very important for all users, even if a ShieldsUp test shows that you are blocking ports 139/445.

Corporate/network users are strongly advised to get this one installed on all external and internal systems, even if their firewalls are blocking those ports. And home users are especially urged to install the patch.

There are reports of some limited attacks using this vulnerability; I suspect the hacker community is frantically working on exploits.

A typical exploit might be to install spyware/malware on your computer to gather confidential information. It is less likely, I think, that an exploit would try to just do a DoS-type (Blaster) attack; most hackers are now targeting systems for confidential information for financial gain.

More general info here: http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx From the MS SDL (Security Development Lifecyle) blog http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx ; an explanation of “why didn’t we catch this”.

Just remember safe computing practices: install updates, don’t click on links in emails alerting you to an update, pop-up messages while surfing the ‘net that alert you to malware are bogus and should be ignored, etc.

Leave a Reply

Name and email are required. Your email address will not be published.