>>-Block TCP ports 139 and 445 at the firewall This is critical, but note that any firewall not written by a complete idiot will block these ports. So as a practical matter a very large percentage of users are effectively protected by their router firewall and/or by Windows Firewall or a 3rd party product.
If you have File and Print sharing on you are exposed, but only to people on the local subnet who you have given rights to. So there's still an issue, for example, with the dumb-ass roaming user who gets infected in a hotel and brings it back to the company LAN where he infects the Win2K3 server. BTW, Vista and 2008 are vulnerable, but only to authenticated users, so the same roaming infected idiot scenario applies I guess, because he might be authenticated locally. So it's serious, about as serious a bug as we've seen from Microsoft in at least 2 or 3 years, but it's no Blaster. People are largely better protected now in spite of themselves. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Juha-Matti Laurio Sent: Thursday, October 23, 2008 4:57 PM To: [email protected] Subject: Re: [funsec] Microsoft to rush out emergency Windows patch today And it is http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx Recommended workarounds: -Disable the Server and Computer Browser services -Block TCP ports 139 and 445 at the firewall Go and patch ASAP this RPC vulnerability, folks. Juha-Matti Juha-Matti Laurio [EMAIL PROTECTED] kirjoitti: > "Microsoft will rush out an emergency security patch for Windows users on Thursday. > > The company offered few details on why it was releasing the software update, which is rated critical for users of Windows 2000, Windows XP, and Windows Server 2003. > A critical flaw is worrisome, however, because it can be exploited by online attackers to seize control of the PC. > > The update will be released at 10:00 am, Pacific time, said Microsoft spokesman Christopher Budd in a blog posting published late Wednesday. > > The flaw is considered to be a less serious risk for users of the Windows Vista and Server 2008 operating systems Microsoft said in an advisory on the issue." > --clip-- > > More at > http://www.pcworld.com/businesscenter/article/152665/microsoft_to_rush_o ut_emergency_windows_patch.html > > Reference: > http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx > (has replaced the Oct sumamry page:-( btw) > > Upcoming webcast: > http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=10323 93978&EventCategory=4&culture=en-US&CountryCode=US > > According to PC World > "[Mr. Dragos] Ruiu said that presenters at Microsoft's recent Blue Hat internal security conference told him that they'd discovered some serious Windows bugs using security testing tools and that the update could fix one of these issues. "It might have wide reaching impact, or might be used easily for significant malicious hijinks," he said." > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
