Slashdot Mirror

← Back to Stories (view on slashdot.org)

HomeSec Warns Again About Microsoft's Insecurity

Posted by michael on from the repatch-and-sin-no-more dept.

cbrandtbuffalo writes "The Department of Homeland Security has posted this advisory about an impending attack on MS systems. This RPC attack has already been seen in some localized systems, but may spread as unpatched computers are exploited. Some of the national news like CNN are running stories too."

13 of 497 comments (clear)

  1. How big a threat is this? by mjmalone · · Score: 4, Interesting

    The security people at my office were talking about this vulnerability yesterday in our monthly meeting, they were saying it is likely going to be worse than slammer/code red/etc (which the article seems to back up)... Do you guys think this is that serious of a threat? A lot of what they were saying sounded like worst case scenario kind of stuff, hopefully it will not be that large of an issue. One interesting thing that the security people mentioned, that the article doesn't, is that windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.

    --
    Visualize the world of wine
    1. Re:How big a threat is this? by tlovie · · Score: 5, Interesting

      I'm not sure if Windows98/se is vulnerable since microsoft's knowledge base specifically states that Windows ME is not vulnerable. The vulnerability is based on a buffer overflow of the RPC service. Does windows 95/98 even offer the RPC service?

    2. Re:How big a threat is this? by gregmac · · Score: 3, Interesting
      One interesting thing that the security people mentioned, that the article doesn't, is that windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.

      If this is true, Microsoft doesn't even acknowledge that it affects Windows98. It's one thing to not release a patch for an affected OS, it's quite another to not mention that it's affected.

      --
      Speak before you think
    3. Re:How big a threat is this? by Lumpy · · Score: 3, Interesting

      and the fun part is that cince corperate IT is so damn slow, current IT policy is "NOTHING HIGHER THAN SP3 on W2K machines."

      so that makes all "OFFICIAL" machines in corperate will be hosed as usual when these things come through... Just like the stupid policy of no virus updates from anywher but the corperate server which is always at least 4-5 behind the software companies site. (Another policy I ignore.. I keep everything at the latest DAT)

      --
      Do not look at laser with remaining good eye.
  2. Microsoft really did it this time.. by Tirel · · Score: 5, Interesting

    This is turning out to be a huge problem, we got the exploit a bit *cough*early*cough* and by simply joining a channel on IRC you get a handful of IPs, of which at least a few are exploitable. And then they wonder why there are a thousands of ddos zombie machines running windows!

    But there's another problem, a lot of people are starting to distrust microsoft and are turning off the automatic update / not getting service packs instead of switching to another operating system.

    1. Re:Microsoft really did it this time.. by BWJones · · Score: 4, Interesting

      But there's another problem, a lot of people are starting to distrust microsoft and are turning off the automatic update / not getting service packs instead of switching to another operating system.

      Shoot, this was a problem years ago leading me to never enable automatic updates after more than one Windows machine was completely FUBAR'ed after an update. We fought with security issues on Windows for a while, then dealt with the expense and hassle of IRIX (although IRIX is impressively stable), went back to Windows due to the cost and then simply migrated our servers to Apache on OS X. Safe, simple, stable, affordable and secure.

      --
      Visit Jonesblog and say hello.
  3. Re:How long? by rusty0101 · · Score: 4, Interesting

    And what's the OS Vendor of choice for the Department of Homeland Security? I seem to recall a story or something about it.

    Anyone want to talk to their representative or senators about that decision?

    --
    You never know...
  4. windows at the office?? by chef_raekwon · · Score: 5, Interesting

    i could have sworn that 2 weeks ago, here on this very same slashdot....there was a story about HomeLand Security securing a very large purchase from Microsoft....aka 100 million, or some outrageous number like that..

    isn't this a bit irresponsible of them, now that they are declaring Windows a vulnerability?

    --
    We're like rats, in some experiment! -- George Costanza
  5. Re:How long? by sniggly · · Score: 4, Interesting

    The sad part is that the NSA itself already was far ahead developing a secure OS that would do just fine for the dept of HS. Instead tax monies go to bill gates and his dancing monkeys.

    --
    Of those to whom much is given, much is required.
  6. Re:Well engineered worms by hey · · Score: 3, Interesting
    Thanks for the tips ;-)

    Yeah, I like the idea of changing DLLs on a system back to insecure versions and (of course) keeping the Add/Remove Programs list saying they patches have been applied. Needless to say this would be other worms/viruses would get in further making diagnosing more difficult.

    If we want to see what nasty viruses do we need only look at nature. For example, AIDS (or the HIV virus if you want to be exact) attacks the immune system -- the part of the body that fights viruses. People with AIDS then die with opportunistic viruses, like pneumonia, take advantage of the situation. If you wrote a computer virus that only attacked the immune system of the net it would be quite a sight to see.

    • Launch DDOS attached against Windows Update, Symantec, Norton, CERT websites
    • Make the Windows update agent think all is well but to the user appear to functioning properly
    • Likewise neuter virus checking programs by say altering their .EXE's to check for a different .DAT file. If the user can manage to get a current .DAT file he replace one that the program isn't looking at :-)
  7. google is fun by sniggly · · Score: 3, Interesting

    Concidence or not? google news' primary link to this story points to the register's article about this vulnerability. In their best sour Brit register tradition theyre none too congratulatory about "free patches". Does bandwidth cost money?

    --
    Of those to whom much is given, much is required.
  8. Re:Well engineered worms by Finni · · Score: 3, Interesting
    No. This has nothing to do with forced upgrades, because

    1. They made patches for this covering all the way back to NT 4.0

    2. They don't charge for these patches.

    3. The bloody patch doesn't work.

  9. Re:Well engineered worms by johnnyb · · Score: 3, Interesting

    Actually, destroying the whole OS isn't as bad as you can get. Imagine if there were a worm packed with a payload like CPUburn! Or if it had drivers which hosed hardware. Especially if it was set to go off in the middle of the night, you could actually have a virus which inflicted hardware damage.

    --
    Engineering and the Ultimate