HomeSec Warns Again About Microsoft's Insecurity

cbrandtbuffalo writes "The Department of Homeland Security has posted this advisory about an impending attack on MS systems. This RPC attack has already been seen in some localized systems, but may spread as unpatched computers are exploited. Some of the national news like CNN are running stories too."

How big a threat is this?

[mjmalone]

The security people at my office were talking about this vulnerability yesterday in our monthly meeting, they were saying it is likely going to be worse than slammer/code red/etc (which the article seems to back up)... Do you guys think this is that serious of a threat? A lot of what they were saying sounded like worst case scenario kind of stuff, hopefully it will not be that large of an issue. One interesting thing that the security people mentioned, that the article doesn't, is that windows 98/windows 98se is vulnerable but Microsoft has not released a patch because they no longer support the product.

Re:How big a threat is this?

[tlovie]

I'm not sure if Windows98/se is vulnerable since microsoft's knowledge base specifically states that Windows ME is not vulnerable. The vulnerability is based on a buffer overflow of the RPC service. Does windows 95/98 even offer the RPC service?

Microsoft really did it this time..

[Tirel]

This is turning out to be a huge problem, we got the exploit a bit *cough*early*cough* and by simply joining a channel on IRC you get a handful of IPs, of which at least a few are exploitable. And then they wonder why there are a thousands of ddos zombie machines running windows!

But there's another problem, a lot of people are starting to distrust microsoft and are turning off the automatic update / not getting service packs instead of switching to another operating system.

Re:Microsoft really did it this time..

[BWJones]

But there's another problem, a lot of people are starting to distrust microsoft and are turning off the automatic update / not getting service packs instead of switching to another operating system.

Shoot, this was a problem years ago leading me to never enable automatic updates after more than one Windows machine was completely FUBAR'ed after an update. We fought with security issues on Windows for a while, then dealt with the expense and hassle of IRIX (although IRIX is impressively stable), went back to Windows due to the cost and then simply migrated our servers to Apache on OS X. Safe, simple, stable, affordable and secure.

Re:How long?

[rusty0101]

And what's the OS Vendor of choice for the Department of Homeland Security? I seem to recall a story or something about it.

Anyone want to talk to their representative or senators about that decision?

windows at the office??

[chef_raekwon]

i could have sworn that 2 weeks ago, here on this very same slashdot....there was a story about HomeLand Security securing a very large purchase from Microsoft....aka 100 million, or some outrageous number like that..

isn't this a bit irresponsible of them, now that they are declaring Windows a vulnerability?

Re:How long?

[sniggly]

The sad part is that the NSA itself already was far ahead developing a secure OS that would do just fine for the dept of HS. Instead tax monies go to bill gates and his dancing monkeys.