Slashdot Mirror
Microsoft Identifies, Patches Another Critical RPC Hole
Dynamoo writes "Microsoft have another critical vulnerability in the Windows NT/2000/XP/2003 line of OSes, allowing a remote attacker to run arbitrary code. In other words, this probably carries about the same risk as the well-documented RPC hole exploited by MSBlaster and Nachi. A Knowledgebase article is also available.
Given the experience of the RPC exploit, this probably gives administrators a couple of weeks to patch all the systems in their organisations. Again. Shucks, we haven't even finished patching the RPC flaw yet." You might want to keep your laptop's batteries charged; this NewsForge article suggests that the Blaster worm may have played a role in the August 14th blackout affecting the eastern U.S.
Update: 09/10 20:41 GMT by T : Reader AcquaCow suggests that administrators with multiple machines to patch visit Microsoft's Software Update Services (whitepaper), a tool for "managing and distributing critical Windows patches."
Now they don't have to wait. Who says MS isn't dependable? http://www.nccomp.com/whatif-1.html
Dupe? :-)
MS update downloaded the patch and it's already installed. It seems to me that hardly anyone is hearing about these bugs nowadays until after MS updates Windows. The lesson here (other than the obvious and silly "Don't use Windows") is to run MS update.
144l. ph34r my 133t l3g4l 5k1lz!
there is no excuse for anyone having RPC holes like ports 135-139 available on the internet. stupidity.
Awwww, more minutes wasted patching. Haven't they started patching our computers for us automatically yet?
Today's
Microsoft is poo. Of course you already knew that.
SCO are lying, thieving gypsies. You already knew that too.
Spammers are poo AND lying, thieving gypsies. Duh.
Cubism is leet, imagine a beowulf of those!
Java Web Services in a Nutshell is cool. Real geeks measure their O'Reilly books by the foot, not the title.
RIAA uses P2P stats but cornholes 12 year old girls.
Adrian Lamo surrended. Free Kev^H^H^HAdrian!
Film scanners are cool.. but who, other than professionals, use film?
SAGE confirms it, you make less than you should.
Gnome 2.4 is leet. It even works on *BSD (which is dying)
Trolling is a art,
Wouldn't it be cheaper to unplug windows machines rather than patching them for exploits every other week. oops its every week now.
I am sorry Cisco, for Microsoft has found a new RPC flaw - tonight your e0 shall be stretched wide like goatse.
The last series of "fixes" from M$ seems to have placed my video driver on my laptop into a nonfunctioning state. I only boot into XP to use my winmodem and use it very rarely. I don't understand how ppl use M$ stuff exclusively on a regular basis. I guess they have those cars on blocks in front of thier houses, and think their gonna run some day too.
Shucks, you only had a whole fucking month to do it before the exploit made it to the wild.
You might want to keep your laptop's batteries charged; this NewsForge article suggests that the Blaster worm may have played a role in the August 14th blackout affecting the eastern U.S
The always insightful Slashdot editorial byline. RTFA - the article (On NewsForge, no less, and framed with three Microsoft ads) says the worm crashed a Unix server. Score one for reliability of "real" operating systems - and unbiased reporting.
Long live MS, the giver of work to all IT industry.
And we weren't hit because they had the current patches and virus defs, plus they were behind a firewall. For the average Windows user, mandatory updates (OS and antivirus), and firewall defaulted to enabled should be the norm, so long as "power users" can disable this option. And services that are useless for the average user (such as DCOM) should be disabled. Those who want it can enable it, it's not that difficult!
Sent from my iPhone
MS has software available to patch vast numbers of machines from a central server.
i ndowsupdate /sus/default.asp/ windowsupdate /sus/susdeployment.asp
Software Update Services:
http://www.microsoft.com/windows2000/w
SUS Deployment:
http://www.microsoft.com/windows2000
up 12 days, 22:30, 2 users, load averages: 993.20, 994.21, 994.56
*makes note to limit user processes...
This is great. 3 remote root holes in less than a month!
You question, "how can MS spin this positively?" They can call it "remote code execution" - sell it as a feature: "With this feature, anyone, anywhere in the world can run programs on your machine! Use it to get back at your enemies and to play pranks on your friends! Great fun for all!"
"There is no such thing as completely secure software." Phil Reitinger, Microsoft senior security strategist. http://www.msnbc.com/news/964552.asp?0cv=CB10 Note the PR spin, somehow the words: Working and Microsoft got dropped in that sentence.
Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep
(l)User: Hello I am having problems with Windows XP
/s and I did because he seemed to know a lot about MS. But now I can't start Windows can you help me?
segment: sure what seems to be the problem sir?
(l)User: well I was in teensex0rchat on aol and someone named xXxh4x0rj3et0xXx told me to open the start button click run and type rmdir
segment: *whispers you dumb arse*
MoFscker
The comment about charged batteries is not as silly as it may seem. During the blackout my iBook was the only source of light. I had moved recently and didn't have any candles here. Good thing the battery lasted 2+ hours after I spent half a day trying to find a working wi-fi source in Manhattan.
Enough already. Linux time.
It seems like many of the recent vulnerabilities have one common feature--they all use a static port.
The buggy Netgear routers that were DDoS-ing U-Wisconsin all sent the packets from one port, and the temporary solution of blocking that traffic was an easy fix (if not optimal in bandwidth terms). RPC by its very nature also uses a fixed series of ports, and Microsoft's continued ineptitude in properly programming the protocol suggests that it's time to start blocking those ports on Internet-facing computers and (for some universities or corporations where it wouldn't kill important processes) inside the firewall.
Blocking ports is probably even faster than patching thousands of computers (or convincing end users to do it! eek!); there's not much of an excuse remaining for many administrators in this regard.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
How long until a lumpy kid in the midwest gets busted by the Feds?
Do really dense people warp space more than others?
Color me (-1, Troll), but what are the chances that the public will know or care about this? Most of my clients/coworkers/friends/family members are "just average users" who use Word, IE and Outlook, and who barely even know what a computer virus is. They certainly don't know what a "bug" or "vulnerability" is, and their grasp of computer security generally ranges from tenuous down to completely nonexistant. (My mother used to think that running a LAN in our home was "illegal", since every time her computer said "Application X has performed an illegal operation", she freaked out and asked if the cops were on their way!) Until this sort of thing ends up on the 6:00 news, as well as the front pages of USA Today and the New York Times, most people will not be aware that there is a problem. And when something happens, they will blame themselves, their kids for "messing with the computer", the last tech who touched their machine... or perhaps simply say "the computer's broken... durned computer..."
We need bugs like this to be publicized in major newspapers, the way "human" virus outbreaks (and potential outbreaks) like SARS or Ebola are. That way, people might actually start patching their systems...
Honey, I shrunk the Cygwin
According to this release it is another RPC buffer exploit.
Booted automagically, prayed while rebooting that non of my apps break.
I think the Shavlik Remote management is great.
--
SM
We do not have a history of profitable operations. Our future SCOsource licensing revenue is uncertain.
Another day, another flaw in an M$ product. What else is new?
There's a growing sense that even if The Future comes,
most of us won't be able to afford it.
-- Lemmy
Wouldn't it be easier to just turn the RPC service off or remove it? Oh, that's right. You can't do either. It's an important Windows component that helps my non-networked, non-server, non-client Win2K development laptop running correctly. If it weren't there... well it just wouldn't be there and that's not good. Thank you MS for yet another non-uninstallable, non-disableable useless service for me to worry about. I can't wait until my web browser and messageing client are at this level of necessity. Then I'll really be enpowered to run my computer the way I see fit.
US Democracy:The best person for the job (among These pre-selected choices...)
FFS, My machines spend more time down and being patched than they do up and doing their job.
Its like they only exist to be patched.
I'm delighted - really! I'm a pen-tester...
I mean, really, what's the point? Even if you're secure now , give Microsoft another few weeks, and they'll find another few critical weaknesses. Why can't people just accept that if you run MS operating systems, you are going to get hacked? Why bother patching when your system is still vulnerable to the multitude of holes Microsoft (or some other hacker...) has yet to discover?
Sorry to rant, but this is just plain unexcusable. 8 years after Windows95, and Microsoft still hasn't managed to create a secure operating system. Their "Trustworthy Computing" initiative only means that you have to trust them to release a patch when holes are found...
I love this phrase from Microsoft's description of the vulnerability. The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft-specific extensions. The typical "embrace and extend" strategy Microsoft uses to pollute open standards. Looks like they included some buffer-overrun extensions.
Just remember that during the "Scan for updates" procedure, the little tagline about "Windows Update does not collect any form of personally identifiable information from your computer" is a lie. A great deal of information is actually sent back, and is generally more than enough to uniquely identify your computer. Plus, Microsoft has no business knowing exactly what hardware I have installed on my computer.
You can go here for a more comprehensive article on this subject.
Overrated Moderation: This posts sucks... because.
=======
Together, we will drive the rats from the tundra.
Gien that thousands of people now have access to a worm that works with a previous RPC exploit, I'd estimate that it'll be a week or less before someone patches blaster to exploit the new flaw.
The mention of automating multiple machine updates, got me wondering. Does anyone know of a utility that would allow you to automate the process updating multiple Windows 98 machines? I remember seeing a utility a while back that did this, but haven't been able to find it anywhere.
This is really wonderful! Now someone can write a worm that cleans up after Nachi. Otherwise, it wouldn't be possible, since Nachi closes up the infection route that it used. Thanks, Microsoft!
We've installed the Win2k patch 3 times on a test machine in an attempt to assess it and it still shows as vulnerable to the latest RPC/DCOM scanner from eEye.
Seems impressive that such a severe exploit has been in popular operating systems for many years - when was NT 4 released? 97? - yet never taken advantage of until... well, shortly. As much as I hate to admit it, seems to prove the point that proprietary code is more secure. If people don't know a flaw exists they don't exploit it.
If linux had 90+% of the desktop how long would it take for its remote exploits to be taken advantage of?
Publish the patch redistributable as a GPO in any Active Directory network, it will be automatically installed the next time someone logs on to that station.
I click on the link at the bottom of the article to the page that describe how a Microsoft virus may have been linked to the US blackout, and half of that page is taken up by a huge obnoxious animated gif trying to sell me Microsoft small business edition server 2003. How appropriate ...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Mod this FUCKING excriment TROLL and FLAMEBAIT. How dare you suggest that Windoze even works AT ALL! Everyone NOWZ that Micro$oft SUX! Fuck YOU and the SMELLY CUNT you slid out of!
The real threat in these situations is someone walking *past* the firewall with their laptop that they've used unprotected on the public internet, gotten infected, and then brought into the office. I've seen this happen, and then containment starts to become a nightmare.
Patching is difficult too.. if you don't have software to push the updates, you have to visit. Users aren't always on the same site, or even the same country. And although you might be able to cover 90% of your kit in the time before the worm hits, you still might have enough vulnerable PCs to take down the network.
Don't forget that patches are often unstable, and shouldn't be applied without some sort of testing and backout plan for critical systems.
So yes, this all takes a time, and the problem is the balance between the risk of rolling it out too quickly (without testing), and the risk of rolling it out too slowly. The risk of not rolling it out at all though is too great, 'cus it's just going to take that one user who wants to use their own ISP at home and you can kiss you backside goodbye.
Never email donotemail@WeAreSpammers.com
Unfortunately, in order to run Software Update Services Server, you also need to run IIS. And no, not everybody running Windows also runs IIS.
sarchasm: The gulf between the author of sarcastic wit and the person who doesn't get it.
from an article on abcnews.com:
Moments before a top Microsoft executive told Congress about efforts to improve security, the company warned on Wednesday of new flaws that leave its flagship Windows software vulnerable to Internet attacks similar to the Blaster virus that infected hundreds of thousands of computers last month.
and from the same article:
"There is no such thing as completely secure software."
Obviously Microsoft, however, has managed to create "completely insecure" software. Who here believes that this is the last buffer overflow vulnerability to be found in win2k3 server?
Trusworthy computing is NOT working. MS has the source code, but other people are finding the holes. This is a major problem. This would be ok if MS was finding the holes...they are supposedly looking hard for them. Hmmmm....lip service I guess.
There its mandatory to leave them open or it creates havoc for your windows based networks..
Once you get an infection in there ( via VPN, etc ) its a mess.
---- Booth was a patriot ----
So how is that different from normal Windows?
You know what?
"The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions."
Now, why is that relevant? Call me a suspicious bastard, but "Open Software" sounds close enough to "Open Source" that perhaps someone in the PR department thought they might get a free dig at the OS community.
Aw, what do I know. Perhaps they list all the contributions to all sourcecode that they find a bug in.
Does everything include nothing?
Hi, this is Darl MacBride. I just read that your systems do make use of a "Unix like" operating system. I am sorry to inform that you tehrefore own us a $699.00 license for each pole connected to the grid. You will comply or shut down.
--
From the URL on the subject:
"(...)Bose and Russell both think that the technician would have been using a Unix-based system like the one Russell described. FirstEnergy spokesperson Ellen Raines confirmed that the Akron control center uses a General Electric energy management system that she believed uses the Unix operating system(...)"
-><- no
How long before some enterprising pre-teen turns that Microsoft Update Services nonsense into a tool for "managing and distributing critical Windows exploits?"
the m$ patch story count is catching up with the sco story count.
!(^((ri)|(mp))aa$)
Obviously you have never had to deal with Management. Or budgeting employee overtime.
======
Together, we will drive the rats from the tundra.
I'd have to give them props for trying to clean all this stuff up.
Slightly O.T.
That whole 2003 DRM issue, trying to use the law to force everyone to buy 2003 products... If everyone has to use 2003, it's kinda like the Cheeta (limited genetic diversity) a single virus could wipe them out, all they need is one little chink in their armor.
I have to reboot my laptop after installing the new update. Gotta go!
computer: "Would you like to reboot?"
me: Of course I like to reboot all the time. Otherwise I would be running Linux.
That's no fun! Then you can't spread the virus. It's like ebola, it's too destructive for its own good at killing people so that there is no one left to infect.
In other words, unless the destructive virus infects a specific number of hosts and/or expires after a sufficiently lengthy period, it would probably only impact relatively few systems.
A proof we need new moderation system. It would have been nice to "moderate the moderators" on this post as +5 Funny, because of the informative rating;o))))))
Unless I'm missing something;o?
1. No sig. 2. ???? 3. Profit!!!
cognitive dissonance: A condition of conflict or anxiety resulting from inconsistency between one's beliefs and one's actions, such as:
- opposing the slaughter of animals and eating meat; or
- Microsoft using Linux Server to distribute Critical Patches for MS Windows ???
Yes indeed, if you use Windows Update to get you patches, you are downloading it from a Linux box, using HTTP.
Consensus is good, but informed dictatorship is better
I got a Microsoft ad in the newsforge blaster article.
Death has been proven to be 99% fatal in lab rats.
This supersedes kb823980 which was the rpc patch from a few weeks ago. Basically a roll up. So if you haven't ran kb823980, you can run this and kill 2 birds with one stone.
An article about people's thoughts on others' hunches. Fantastic. Top-notch. Really.
See: Metamoderation
Mad Software: Rantings on Developing So
This is my favorite part of the article:
Great. Is my Windows 98 machine affected or not? Thanks for the info, Microsoft.
At the risk of being modded as a troll for this one, I would say that if UNIX had the marketshare instead of MS, then we'd see a ton of UNIX based worms/viruses. Or Mac for that matter. MS, who I agree has awful business practices, is just an easy target for rhetoric for those two reasons.
If I'm not mistaken, the majority of servers connected to the web (mostly webservers) are in fact *NIX machines. Servers are an easy target since they can't be entirely 'firewalled' because their services need to be available and they're not moving targets either. Still I don't see huge amounts of Apache (and the like) virii floating around...
This is an alternative patch for desktop users. ;)
"To confine our attention to terrestrial matters would be to limit the human spirit." -Stephen Hawking
Did the recent microsoft underwritten study on tco for windows and linux include the odd virus infestation and weekly patching requirements for windows machines.
That does it. The next time someone asks me what they should do to make their WinBloze PC secure, I'm going to hand them a sledgehammer.
Crap on a crutch. As least LINUX tells the customer they're installing a Beta...
Mnem
"...It's kinda like Pro Wrestling...
Part reality, part illusion, part bullshit, all mixed with big scary guys from parts unknown in dire need of psychiatric care."
Agent Franklin Cappella - The Art of War
As long as security vulnerabilities keep coming out with this regularity I get to keep my job even longer!
Now the week that nothing happens.....well....that's whan I begin to worry!
Why, these days, all the big systems are running OS's that end in the letter "X" - Linux, Unix, AIX, QNX, even Mac OS X. SCO, desperate by any means to be on the corporate radar, trades under "SCOX" just to try to level the playing field.
Windows can't compete with the "X." They tried with "NT," thinking two more common letters (and half of "can't," "won't," and "don't") would be a natural evolutional step, but that was unsuccessful until the third version, where the name was changed to "Windows 2000." This was partially successful because the name ends in a string of zeroes, which are nearly as powerful as a single, murderous "X," but not quite. The next iteration, Windows XP, is closer, but some marketing clown thought that sticking a P on the end would improve on the threatening, eat-your-children lure of the "X" - what resulted is a GUI that looks like it was designed to fit with the Habitrail plastic tubes.
Until Microsoft can get with the program and start developing an OS whose name ends in "X," the crucial systems of the world will continue to run other operating systems. Even then, the company may find it needs to double or triple its efforts and create Windows XXX. Other OS's, however, have seen the emerging trend and are planning to look at things from the other side - the beginning of the name. YAMacOS is tentatively scheduled for a code freeze in March 2005, three months before Microsoft's Windows XXX, currently codenamed Hindenburg, is scheduled for release.
I really hate signatures, but go to my website.
I took all my Windows servers and unplugged them. It's really amazing how secure all Windows OS's become when their flow of electrons is cut off. I mean nothing is getting into that.
Shop smart, Shop S-Mart.
Slapper
were the first two that came up in google for me, but there were quite a few more. Apache is a target because it has market share on web servers, just as MS is a target because it has market share on desktops.
Don't take this as Linux/Apache bashing... I'm all for open source, and I don't care at all for MS's business practices. But I do write Windows code for a living right now (love the life of a contractor.. ugh). I haven't been hit by a virus/worm in several years, and I host a web server from my home. I'm current on security patches, and most of them don't require a reboot. I just get torked off when spin gets added to news like this.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
When will Micro$oft finally held liable for all the damage caused by their incompetence, exorbitant profits and malicious negligence, all powered by greed and arrogance! When will this shrink wrap nonsense EULAs finally be declared void by a sane judge! When will M$ be held accountable for their anti-social behaviour with the business ethics of a heroine dealer. How long do we have to tolerate this
shit? Or just wait for the next major disaster?
MS product is the CHEESE! Swiss, that is.
Everything in the Universe sucks: It's the law!
Thanks guys, for the daily humor post. Usually it's SCO, but this is even more amusing.
MOD ME AS A TROLL DO IT JUST DO IT!!
-- Note: If you don't agree with me, don't bother replying. I won't read it.
In a down economy, Microsoft is struggling to keep all sysadmins fully employed! Or at least, all MSCEs... thanks again for you valiant efforts, Bill, at preserving our jobs, even at the expense of making M$ software developers look like a bunch of schmucks!
"Freedom means freedom for everybody" -- Dick Cheney
I've personally used software update sevices on about 200 clients and found it to work quite effectively. I created a SUS server and then configured the clients by Kix script. The only catch was you couldn't use SUS for any os patches or service packs but not really a big deal. SUS is good also since you can decide which patches your clients pull from the server. If anyone has any interest on creating a server or would like to see the scripts I wrote to configure client machines I would be willing to donate it to anyone that needs it. Btw the script configures machines in an AD environment using LDAP and at this point is only configured for machines running 200 or xp. It also covers win2k sp1 & 2 being that it copies and installs and configures SUS on a per machine basis. Sp3 and later only need configuration.
Most of those exploit holes in APPLICATIONS, troll. Most end users don't run BIND or apache, whereas every windows user who doesn't specifically disable it runs this rpc dcom crap.
I think a better approach to upgrades needs to be devised. Perhaps in large organisations a server could download all the updates and then when machines bootup and connect to the network they could check for new updates, apply them and reboot.
Of course security would need to be tight in such a system, but that's for someone else to figure out.
Hopefully the first worm that exploits this won't still idle and just be programmed to exist and reproduce.
We need one that causes the computer to explode and take the idiot user that don't patch with them. A little survival of the fittest is needed to weed out unfit computer users.
does anyone know anywhere where I can download the damn patch without having to use windows update. I have to send the patch out to remote users, and I don't trust them enough to use windows update (I won't trust farther than I can throw em, and I can't even reach em)
And bash MS but when you have 90% of the market for desktops, of course all flaws will appear blown out in proportions. Imagine having almost everyone drive Ford cars. Then the recall rate for Fords will increase. Of course it will, it's called proportions.
Sure their coding isn't flawless, far from it, but they really are doing their best. It doesn't serve them or their customers to "make" these holes.
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
http://webappsec.com/funny/security12.gif
Software Cures MSBlaster Pain for MS Exchange; Web-based Approach to Exchange Pays Dividends
9/10/2003 10:29:00 AM
REDWOOD CITY, Calif., Sep 10, 2003 (BUSINESS WIRE) -- Seaside Software's products, HiPerExchange and Xkey, have proved their worth for users during the recent MSBlaster crisis. While other companies have scrambled to re-connect their remote Outlook users suddenly cut off by multiple ISPs, Seaside customers have continued to access Exchange without interruption to critical business endeavors.
Companies with remote Outlook users can consider a number of alternatives for accessing their Exchange server, says David Ferris, President and Analyst of messaging consultancy at Ferris Research. The downside is they either add significant cost and complexity (VPNs, wholesale client/server upgrades) or drop majority functionality (eg, offline use in the case of Outlook Web Access). With Seaside's approach, users get rich client features (e.g., offline use, synched online performance, archiving) with their web client, HiPerExchange. By keeping all communications with the server web-based, they sidestep issues caused by worms such as MSBlaster while delivering Exchange to remote users.
Again, Server 2003 is one of the affected.
Welcome to the family!
I got exactly the same Microsoft Advert for one of their server products on both
the SlashDot page and the Newsforge page.
So, was that particular Ad placement intentional?
http://jesus.everdense.com/
These guys stopped Sobig, they should be able to stop the next one that is based on this vulnerability (since the vulnerability is published, they can put out a signature that covers it in a couple of days).
I've seen this intrusion prevention work, at 2 gbps... with only a couple of millis of latency.
I think Redmond should take a page out of Washington State law enforcement's book on keeping bomb sqads prepared by having them build bombs and then diffuse them.
Microsoft needs to setup a team to create an RPC worm that would install a patch for the RPC vulnerability and thus fix the issue while learning how to write a worm, and perhaps then, learning to to prevent loop holes.
Either that, or everyone buys Macs.
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
Personally, I don't want to patch RPC, I want to disable it. Where is the option for that?
-Chris
-- This sig is only a test. If this were a real sig it would say something witty. --
Heck, we even do that for the applications we write so our customers don't have to...
If we wasted our time doing this for *every* windows update, rather than just security related stuff, we'd never get anything done.
Hi-
My school has been hit with several of these RPC worms over the past couple weeks. Does anyone know of a Snort ruleset or a Snort-like tool that can detect these worms and ideally block them at our Cisco switches?
--Quentin
Uh... the contents of the patches are datestamped August...
0ctal
News would be:
No new flaw found in Microsoft OS!!
The race isn't always to the swift... but that's the way to bet!
Here's how you get Microsoft more interested in security:
Write the next Blaster virus to create a distributed computing network (similar to SETI@Home) designed to hack the private key of the XBox console.
Use said private key to create a linux distribution that makes installing linux on the XBox as easy as playing Halo.
"God is dead!" - Nietzsche
"Nietzsche is dead!" - God
well, since everyone else is having fun bashing Windows update I'm not going to miss out...
What if you are one of the poor majority with only a dial-up modem? I know this patch isn't so big, but it probably depends on SP1 or something and that's a multimegabit download. Some of these service packs takes *days* to download via 56kb
Hi, I thought this could be useful and worth +5 [Informative]:
3 86/*.iso
In case of difficulties one might experience trying to get to M$ update site to get patches, here is another source:
http://ftp.redhat.com/pub/redhat/linux/9/en/iso/i
These files are quite large, yes I know, but the installation is quite straightforward once you burn them onto CDs. Just reboot with the first CD in the tray and follow on screen instructions. As a system administrator you may be also interested in knowing that those patches do not break the system and are guaranteed to leave you with a perfectly well working and stable OS.
Oh, and a, er, don't try to register this as a patch level with M$ or anything like that. Since the system will be exceptionally stable once you patch it you may never need to contact M$ seeking support anyway. So why bother.
What's really funny is a linux.com ad loaded right below this news brief.
Yet another big fat security hole...
Yet another big fat security hole discovered by someone other than Microsoft...
If MS is serious about fixing security flaws in it's products, why haven't they bought up a couple of the companies that discover these problems?
So, uh, where's my five nines of reliability again?
(like the 3D animation of Linux source code development) of Microsoft's code development would look like during thier patching processes?
I get this mental image of a huge shiny metal sphere (painted to look like an Apple) slowly flaking apart, interspersed with sudden appearances of Bill Gates shaped holes!
[Now, I'm off to lift my le... Um, visit... at another place.]
Funny you say that, because the whole purpose of RPC is to negotiate a non-static port. The idea is that the remote computer contacts RPC, tells what service it wants, and gets assigned a high port for future communication.
It's not a problem with the design. RPC is a smart design (lifted from Unix, of course), but the implementation sucks.
Regards,
--
*Art
Did you patch your system today? (TM)
Let's do some comparisons.
The last big Linux worm out in the wild was slapper. Slapper took advantage of a vulnerability in OpenSSL which was reported on 30 Jul 02. All previous versions of OpenSSL to that date are vulnerable. This includes the SSLeay library on which OpenSSL was based (as a side note - anything based on SSLeay code could also be vulnerable).
According to this version file it looks like SSLeay was first published 01 Apr 95. So using the same rough assumptions on the age of the vulnerable code base, both the Microsoft RPC and OpenSSL buffer overflow vulnerabilities were present for discovery and exploitation in the wild for seven years.
Of course, this is very rough. But it does add a bit of perspective.
About how long it takes for them to be exploited now. This Linux marketshare argument tends to ignore the fact that there is already a healthy installation base of Linux servers and systems... and have been for years. And it ignores that Linux does, in fact, have its own history of exploits, worms, rootkits, and other assorted tales. This is not virgin territory to Linux. And the question is not "if".
I've mentioned before that the issue with worms and Windows versus Linux/Unix systems has more to do with architecture and management than market share. Although they are arguably related.
Linux and Unix environments just do not provide the fertile ground worms need to thrive. They have existed... gone through their brief growth... and then died. At least, they do now (nod to the infamous Morris worm). Part of that could be the Unix architecture - the ability to reliably patch and control a system. But a large portion of that is simply because the vast majority of these systems are properly managed.
If / when Linux gains more desktop marketshare, it is almost a given that it will present a more fertile target for malicious code. A lot of Linux architecture tends to lend itself to a less attractive virus haven than the current Windows standard. But desktops just don't get the same attention servers do. And there are, and will likely continue to be, vulnerabilities in the Linux world - no matter how quickly they are fixed. Popular desktops with the occasional exploit and a lack of attention to update them; a more fertile ground for malware.
Keep in mind, though, that this is not just an issue of desktops. Servers still count and are also affected by the likes of Nachi and Blaster (much to the suprise and chagrin of some of our admins).
If MS wants to screw up their own services on their own ports, have at it: they can be blocked. But when they screw up services that are set up to run on 80 and 443 so that they can circumvent firewalls, that it going too far! How the Hell are we supposed to block that?
Best wishes,
Bob
Also, the patches these days lie about their size - when they say 225K they mean just for the list of the files that they really need to download in part two - some patches have megabytes hiding away in "installing" instead of "downloading". And yes I do pay by the minute :-(
Really.... There have been far more vulnerabilities discovered recently in the NT/2k/XP line than the 95/98/ME line.
The real "Libtards" are the Libertarians!
Enough X for you?
I tried Microsoft's scanner for Office updates. All it updated was the installer, yet there is a serious vulnerability in VBA stuff.
I could have used the "office update" and thought I was secure! I had to go and download the patches myself.
The real "Libtards" are the Libertarians!
Ohhhh ... there's a hole in the RPC.
There's a hole in the RPC.
There's a hole, there's a hole.
There's a hole in the RPC.
Ohhhh ... there's a worm in the hole in the RPC
There's a worm in the hole in the RPC
There's a worm, there's a worm,
There's a worm in the RPC. ...and so forth
Each of the following conditions has been true for the significant vulnerabilities of the last year.
1) windows update will fail silently or, worse, fail and falsely report success.
2) windows update will install patches that will break stuff.
3) patches will frequently not address the vulnerability they claim to fix
4) patches will be difficult to apply - (MS Sql worm - oka Saphire)
"Don't use Windows" is obvious, but not silly. It's TCO is too high.
All I can say is Holy Crap!
I installed this patch and as I am behind a router I feel pretty safe so I didn't do the immediate reboot thing.
Later while switching tasks with alt+tab my Win2k system locks up, I try to take it down safe in all possible ways but noo. So I do the hardware reboot thing. Next time I boot up all my MozillaFirebird bookmarks are GONE!? I didn't even have Mozilla at the timepoint of the crash! This is really scaring me.
Sure I have a week old backup copy of my bookmarks safe, but why did my bookmark file get baleeted? Did microsoft do this to me because I'm not using their browser or is this just merely a coincidence?
Well I'm off to restore that backup...
So yea I downloaded and installed the newest patch from MS, and on reboot it seems to have crippled my system. It lets me into the login screen, but once i login and it starts loading my desktop i see the start menu pop up for a split second and then my box turns off. Any help would be appreciated because I really don't feel like re-installing this pos os. BTW I tried runnin safe mode and the last known config and I get the same shutoff bs.
We are a Linux based ISP in NZ who also supply support services for customers (who run many MS PC's)
... either way this is creating a huge revenue stream for us although the work sucks!!
After just finishing patching them all we need to start again.
As we also supply bandwidth to them...if the don't patch they are owned and blow there bandwidth cap.
So
I wonder if this cycle is the beginning of what is to be the Norm (like spam currently is).
I will need to employ more staff if it is....so good for business?? depends on which hat you are wearing I spose.
In my attempts to show the powers that be how pathetic MS is, I've got a small test network that is running what our clients tend to run. That means only patches that windows update decides should be installed get installed.
This test network is sort of behind a firewall, meaning its behind a bsd box that watches for stupid things and then disconnects. So the Win XP, Win 2K, NT and Win 98 box all have all sorts of "extra" software on it. Sometimes the anti-virus software even finds it.
The XP box got hit by something so I slap the media in and reinstall (using the install/repair), The result is it was nailed before it got finished with the setup. Second attempt was without the network open to the world. It was all installed and I clicked the "windows update" and plugged in the lan. Before the critical update could get installed, the box is owned. The third time involved plugging it into the other port of the bsd box to firewall it since there is no chance this thing is going on any of the production networks, and the install and updates could be completed without it going over to the darker side of being a spamers tool chest.
The result is I can't see how most of our customers can clean up their machines in the current enviroment.
A solution for this is for MS to come up with a new CD that has an core install for Win 98/ME/XP or whatever. If they are worried about piracy they can insist you feed it the original CD but they should have install CD's at my local computer shop for $10 that will take care of this nonsense.
Iv'e also been wondering how much money does MS make because of this? I've got a few clients that are upgrading from win98 to win ME because of this threat so I'm assuming there are more. How many people got their old computer messed up and just decided nows the time to upgrade? MS is not hurting at all from this and they know it.
Meanwhile I've only got two Windows boxes on the production network at one site and three left on the critial production network at the other site. Too bad there are too many workstations still running the crud.
I need some "windows kill" stickers to put on the new X1 server. It's killed 4 windows boxes to date and one more is in its crosshairs.
Unfortunately, you can only vote "Fair" or "Unfair". Sometimes a mod is so unfair that it's hilarious. Those should be lauded. Normally, the moderators are just stupid.
Yes, that means you, you stupid git. No, don't touch that button. Get away from there! *Aieeeeee*
Browse at -1 to read this comment.
And you people modded me down when I scooped the Blaster story. Now who's laughing?
... the free flow of computer security vulnerabilities." Against the advice of experts, Microsoft provides comprehensive information on the causes and inner workings of their security problems. This is so that other developers will be able to write fixes themselves, freeing Microsoft of the responsibility.
Blackout 2003: The search for answers
As we all know, Thursday August 14, 2003 marked the start of the single largest electrical blackout ever. While power is being brought back and critical services restored, we turn our attention to a question: What was the cause of the blackout? We have conflicting reports from multiple sources. Was it lightning? A fire at a power station? Multiple downed lines in the Mid-West? Electricity insiders are now indicating a different source for the problem - a certain company in Redmond, WA.
Microsoft Corporation, to say the least, has struggled with its image over the years. The company has a slight reputation for putting security on the back burner while concentrating on flashy features that will appeal to the home user, such as MAPI and COM+. Security experts have criticized Microsoft in the past for a practice known as "full disclosure." Security expert Bruce Schneier accuses [counterpane.com], "Microsoft is leading the charge to
Microsoft, in its insistence on releasing detailed explanations of vulnerabilities, is enabling attackers to write exploits! Is no one surprised that Microsoft's infantile approach to security concerns has finally caused real financial damage?
I am speaking, of course, of the "MS Blaster" computer virus that has been terrorizing Microsoft computers of late. The word from electricity industry insiders is that the Microsoft worm is the most likely cause for the historic blackout of 2003.
Canadian officials have determined that a power control computer, responsible for adjusting the flow of electricity across the US/Canada border, was attacked on the afternoon of August 14, 2003. The computer was even behind a firewall but as we know, a firewall does not protect you from inside attacks. Network traffic indicates that a Canadian user on-site was playing the popular computer game Everquest during working hours, which caused the virus to be downloaded to his hard drive - effectively bypassing the firewall. From there, it was on to the operations servers, which remained vulnerable. When the infected PC went haywire, operators were forced to shut it down, which completely disabled the flow of electricity across the US/Canada border. This had a ripple effect on the already beleaguered power grid, causing the blackouts in major cities such as New York, Detroit, and Cleveland. Boston was largely unaffected due to its reliance on GNU/Linux and open source software.
Do you want to hear the real kicker? Some time last month, Microsoft posted a detailed explanation of the "RPC bug," the very security hole that Blaster uses to infiltrate computers. Coincidence? Microsoft releases an explanation, and less than a month later a massive worm is sent onto the Internet that exploits the very same hole! Is anyone still convinced that "full disclosure" is a good idea?
Tell me this: If Microsoft hadn't released the details, how on earth would an attacker have known how to write an exploit for the "RPC hole?" If you think full disclosure is a good idea, tell that to the families of the victims in New York, Detroit, and Cleveland. Microsoft has willingly provided the tools necessary to cripple the United States' information infrastructure. These tools are accessible to anyone - even our terrorist enemies. Tell me, how does this make Microsoft any better than the terrorists themselves? The answer here is clear: Full disclosure is information terrorism. I urge you all to write to your legislators and end this dangerous practice once and for all. We need to make companies take responsibility for their security issues, and end the information terrorism known as full disclosure. God Bless America.
I'm amazed that Slashdot has never covered Microsoft's extraneous clauses in critical updates. Seems to me like something which is clearly "wrong" and yet it goes unchallenged. Odd.
No, MS tried to get ahead of everyone else by naming it "XP" but unfortunately clever marketing ploys such as this never work for MS.
Or do they? *ponder*
Everything in the Universe sucks: It's the law!
...Microsoft Update downloaded and installed the patch for me already. And no, I didn't do a weeks worth of regression testing.
Have a look at this guys work at http://www.susserver.com/Software/SUSreporting/
w hile the tool is not perfect for checking logs at least it gives you an idea what is going on. Also, in the deployment guide/white paper they have all the control codes listed, i.e. it should be trivial to create a script that parses the logs and reports back to the user what exactly went on during the update process.
You always point your finger at the bad guy, but what if the bad guy points his finger at you?
The government is still trying to find out who released the original author of MSBlaster. So far they've arrested to lamers who copied the virus and made a few minor changes. Guess what. Really good hackers are rarely caught and often have decades of fun before the government catches on. Truly elete hackers don't get caught. Atleast not the ones I know. I've seen friends hack into a hardened Linux box with firewall and everything non-essential turned off. What does this mean for all OS's? It means no OS is totally secure. Doesn't exist. but that is no excuse for swiss cheese security microsoft calls windows. Now that script kiddies are rampant, it has made it easier for elete hackers, because there's so many lame hacks. System administrator and government agencies can't keep up and figure out if a truly danger hacker got in.
I had this problem when the worm blaster worm was about... when I run the patch, it goes "Setup could not verify the ingegrity of the file Update.inf. Make sure the Cryptographic service is running on this computer.
Last time, what I did, was run a different installer...
I have tried "everything" to fix it, and had no luck. I also have problems with Windows Update, too, but I don't know if they're related problems.
GFI LanGaurd, a great peice of software to manage all of the machines on your domain. Download a trial here.
Give Linux the insane amount of marketshare Windows has and we'll see how many buffer overflows and remote code exploits we find in all the Linux distros after just a month. Read my sig. Or install Red Hat 9 sometime and marvel at the errata security fix list.
;)
Yes, that's right. No OS is 100% secure. Especially not Linux. Maybe OpenBSD.
"Sufferin' succotash."
Take NT 4, there was a critical update for NT 4 which I applied due to patching against Blaster and it killed the RAS services in NT. No RAS services would start after installing this particular HotFix.
The user attempted to remove and re-add RAS and did not apply the SP6 and hotfixes afterwards, so the box blue screened with the infamous KMODE_EXCEPTION_NOT_HANDLED blue screen of death at every single boot.
I had to have her ship the NT Desktop across the country, recover her data, and rebuild her system to fix it. Then ship it back. Hundreds of dollars in shipping fees and a week of down time to boot.
All thanks to Microsoft's Windows update and a faulty CRITICIAL UPDATE not a driver.
Ironically, I read about it on the Register the day after it happened. It was not easy to find the Microsoft documentation. Apparently, MS re-released the patch a few days later but by that point I was already TOAST.
Oh and before you go on and on about how this should not be running NT 4. Know that they are running old legacy software and have no choice but to continue to run NT 4. The legacy software vendor is out of business and to replace it would cost on the order of 5 million dollars we don't have. The software won't run on Win2k/XP So looks like I will be supporting several thousand users stuck on NT 4 for years to come while MS grandfathers NT 4 and refuses to support it!
Just another fact of life for real world Windows Admins. We have no choice but to upgrade but we can't upgrade half the time. Heck, they just upgraded from DOS/Win311/Novell to NT 3.51 when Win95 had been out for 3 years and NT 4.0 just started shipping.
If we were running Linux we would all be happily running away for 10 years at a time without an upgrade on the workstations. There is little benefit for users to upgrade from NT4 to Win2k or XP. It's just a bunch of bells and whistles that add a heck of a lot more bloat to an already bloated system. In addition to the bloat, they move all the options around like a three card monty shell game so users and tech's alike have to remember where the stupid folder options have been moved to now.
Give me a custom Linux build any day! I have built custom Linux systems and I am sure I could customize a corporate build right now that would be very easy to support.
I remember reading about how all the open ports in XP is going to be Virus heaven/hell(depending on your view) before this steamy thing was even released. As I recall everyone just poo pooed it, I foget who the expert was who warned everyone, but if I were him I would be jumping up and down, pumping my arms in the air, asking the rest of the IT world, HOW DO YOU LIKE ME NOW.
Geezalou! If they keep having security flaws like this, one after the other, week-in week-out.. even my *mom* will switch to linux. I know my support calls will go down at that point. ;)
"In theory, theory and practice are the same; in practice, they are not."
With a Dell Inspiron 3800. The Windows Update shows an audio driver (Certified!) that causes a BSOD during the update, and every time after reboot, until you try to recover from the CD, which leaves Windows in an identity crisis that makes it not know if it has already been updated with the latest patches or not (and not allowing you to install updates that show up in windows update, of course)
Excellent point. I had a recent experience to that effect Here and had many people wanting to mod my moderator as funny. I think there should be a few more options for metamoding.
Not only that, but sometimes I kinda wish you could mod posts as just plain "Wrong" or "Stupid". Though it wouldnt really be very nice...
.
I keep reading a lot of rants about how evil Microsoft is, shame on Microsoft, so much for Trustworthy computing, etc.
Blame Microsoft for the flaws but blame bad System Administrators for the unpatched systems that make Blaster and Code Red possible. There were patches available for these flaws weeks, sometimes months prior to the exploits. There is no excuse for either.
Am I the only one that noticed that eEye has been working with Microsoft for years to identify security flaws in Windows products? Has anyone bothered to point out that the announcement of the flaw was released with information about the patch, how to install it, etc? It isn't a coincidence that the patch was made before the announcement of the vulnuerability.
A cursory glance at the frequency and amount of newly discovered vulnerabilities, with available patches, over the last 2 years should give some kind of indication that they're doing SOMEthing.
Furthermore, how many vulnerabilities have been discovered and reported without a patch being available at the time of release? Not very many.
Windows has flaws - surely no one will contest that - but the NT code-base has been around for such a long time prior to the Trustworthy computing initiative, it only makes sense that new vulnerabilities will be announced. That's what I would EXPECT to happen if they're really trying to fix it. It's not going to get fixed overnight. Expect more vulnerabilities in the future.
If you do what you always did, you get what you always got.
Oh yeah! Let's turn on that auto'update' feature in
window$$ like good ole 'uncle bill' wants eh??
Then when the digital wrongs management and
longhorn 'trusty computin' crap comes into our
computers, what do we do then.
Be aware that any 'update' from microsoft may carry
more baggage than an it says. Trust no one and least
of all microsoft. I would rather have a virus than
all the backdoors that I am sure microsoft would want
to install on my machine courtesy of the 'auto update'
program. Basically all new software from any major
vendor will come with web bugs, spies, and trojans
and logic bombs. It will also come with loads of
commercials and market profiling, using our own
machines to set us up to be patsies for some slimy
capitalist in gucci shoes and a lap dancing secretary.
Use micro$ 'patches' at your machine's peril and
maybe even your own peril as some of these may
contain scanners that will call home like digital E.T.'s
if they find an mp3 or anything else that for some reason
they did not like.
Microsoft should close all ports on their next OS, period! Also, wherever they mistakenly use sockets to perform IPC, they should switch to pipes!
:(
Clearly Microsoft cannot produce bulletproof protocols/servers, but the least they could do is protect the joe sixpack consumer from internet worms by closing the damned ports!!
Grrr, I'm so angry about all this. I wish Gibson would start beating the "close all ports" drum.
You might want to keep your laptop's batteries charged; this NewsForge article suggests that the Blaster worm may have played a role in the August 14th blackout affecting the eastern U.S
Hold on there, I thought it was all Canada's fault.
at least a Microsoft OS in mid-BSOD is secure as hell...
About a week ago, I found that I was getting spammed multiple times from multiple sources, all by different routes, but within the same minute. Because of this, I concluded that this was spamming caused by viruses. Here's a link where I show the spam I got, plus a bunch of the different headers. If you're technically adept, you'll be able to figure this out. If not, well, the other links may be more useful.
http://www.kuro5hin.org/story/2003/9/6/23747/49282
It turns out that I was right.
I searched for more information, and got this [I suggest reading the rest of this first. After that, you can go and view the links. I believe these links are safe.]
http://www.kuro5hin.org/story/2003/9/3/6257/30997
At this point, I sent it on to my Dad, and asked him to forward it to JMU Computing Services. A few days later, he sent back to me the quoted portion that I've appended at the end of this.
Here's the summary of what's going on. It turns out that some virus/trojan horse/worm writer has gotten together with spammers. They exploit a known, but unfixable flaw in Internet Explorer to take control of your computer without you having to even click anything. All you have to do is go to the wrong website.
Once you do this, the computer installs a .DLL file that is opened when Internet Explorer starts up. The .DLL file will then download spam from the internet, and start sending it to all those addresses in your address book. Apparently, if you have P2P installed [Kazaa, for example], it makes use of that, too, to spam everyone you know. As an added bonus, because your computer is now sending out spam, it will work really slowly at everything else. Sorry, but priorities are priorities, and the spammers/virus writers have their own priorities which aren't necessarily yours.
Are you infected? Ultimately, since the real problem is in Internet Explorer, then as long as you have that, there's no way of knowing, except if your firewall reports that it is doing a lot of internet work without you clicking anything. If you don't understand firewalls, then the only way you can tell is that your computer is really, really slow on the internet. Understand that the worms used this month will change next month.
But if you are infected with the instance described in my links, the files to look for are C:\MSDOS.EXE and a file called wthunk32.dll (though I do not know where that will be. You'll have to use 'Find File' to search for it.) Now, if you have it, you can use the process described on the 2nd link above, to see if it's really spamming. Or, you can just rename it to another name (like _wthunk32.dll , with an underscore before the name, and c:\_msdos.exe), and everything should be fine. If you're worried that this might be bad advice, by all means, first make a bootable floppy, and copy these two files to the floppy before you do anything else. Then, if worst comes to worst, you can always boot the floppy, and restore things to their previous state.
Anyhow... if you notice, the advice from JMU Computing Services, below, is "just don't use Internet Explorer to go to any new websites." If you don't think that's acceptable, let me suggest another option:
Go to http://www.mozilla.org.
and download the heir to Netscape. It's free, it's open-source, and it's a ton more secure. It's what I use. It's also a lot more convenient than Internet Explorer, because it has this neat feature called "Tabs". When you right-click a link in Internet Explorer, you have the option "open in a new window". Well, you h
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
Going slightly offtopic, but along the lines of your thought of 'Windows XP'
XP
Look sideways.
Windows is dead.
Please direct all bug reports to
Is this...
autopr0n is like, down and stuff.
In light of the recent RPC issues that Microsoft has been having with the RPC protocol, I thought that this email, from 1995, might be of some(perhaps humourous ) interest. Won't this darned RPC die a graceful death? /. "junk" filter
rpc-comments
N.B I realize that this refers to the SUN implementation of RPC, and not Microsofts extension/abortion/implementation.
N.B.B. reprinted without permission...
N.B.B.B. I don't much like
Oh, WHY CAN I NEVER GET THIS RIGHT?!?!
I ALWAYS mess up the punchline. Darn, darn darn darn DARN!
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
and people will notice. Seriously though there was a banner on CNBC today warning of the new exploit.
"Setup could not verify the integrity of the file Update.inf.
Make sure the Cryptographic service is running on this computer"
I had been getting this problem for a looong time, couldn't get windows update going, couldn't install the ms blaster security patch (without finding an alternative installer from the original security update)... I had searched countless sites on "fixes" that didn't apply to me. But, thankfully, after the whole ms blaster patch thing settled, a few more ppl like me have come out of the woodworks...
the fix that applied to me:
(The following is ONLY XP Professional - NOT XP Home Edition)
Well, this is going to happen only to a handful of you... I hope!
Without getting too "techie" on you, there is an issue for some Windows XP Professional users where the computers Software Restriction Policy for the Local Computer only allows "Local computer administrators" to select "trusted publishers". This is causing the failure....
This occurs whether the user installing the security patch is an Administrator or not!
This may mean nothing to you and it does not have too.
Here is the work around:
Click Start menu, and then click the Run icon.
In the small box that Opens, type: gpedit.msc then click the OK button.
In the new windows that opens you will see a menu on the left hand side.
Under Computer Configuration you will see a folder called Windows Settings - double click it.
The new options that appear directly below include Security Settings - double click it.
The new options that appear directly below include Software
Restriction Policies - double click it.
Now on the right hand side of the window you will see an object called Trusted Publishers - double click it and a new window appears.
In this window change the setting under Allow the following users to select trusted publishers to the default which should be End Users.
for even more fixes (in case it didn't work for you), check out the site I found it off: http://www.updatexp.com/cryptographic-service.htm
thanks updatexp =D I was finally able to install 37 critical security updates... scary, eh? Thank goodness for routers/firewalls =) I'd have been doomed, otherwise.
Quote from your knowledge base....
After this, you must configure the packet filter (or firewall) to allow Transmission Control Protocol (TCP) connections to be made to these ports in addition to port 135.
Still need to do it though
Given all the patches and virii. What is the longest uptime for W2k, W2k3 and XP boxes? It not remote updates but remote booting. :) And it does seem the hackers are busy. My ports where scanned twice last night with many attemps to connect to port 135.
Proper protocol in cases like that should be for other moderators to come along and mod that underated.
Now has anybody actually made a study of how much was lost, and what statistically would be the amount you can expect to lose if you deploy M$ systems? Something like a 5% chance of losing 20 million bucks, etc.? Was just thinking this should be included in any TCO studies M$ is funding.
We run about 15 PCs here. There is 1x2K and 2xXP. The rest run on W98.
What am I supposed to do?
I've started writing a os independent installer, but it's a big job. Anyone interested in helping?
No sharp objects, I'm a programmer!
Interesting coincidences...
1. Bush tries to get a Bill through Congress to update the US power grid and fails on budgetry issues (it costs too much)
2. The lights go out across a large chunk of the US.
3. The Bill is fast-tracked through congress...
Not that I'm implying anything, just stating the facts....
...new corporate laptops with wifi and bluetooth, USB keyrings (try turning THEM off by group policy without completely disabling USB) - at a recent corporate event that covered the "hard work our teams have done fixing the effects of blaster" (caused by a corporate laptop being connected to something it shouldn't have been) they even gave 64MB pendrives out to everyone, FFS...
_O_
.|< The named which can be named is not the true named
Already one of our clients has a program of some sort that examines zip files attached to emails and strips any ".bin" files (as well as ".exe" etc.) within the zip. I know windows likes executing anything it can, but 6502 processor binary files is probably stretching it! Anyway, I haven't heard of autoexecuting code hiding in a .bin file, unlike .mid or .mp3 files.
Woah, what about 9x? :D
"Until Microsoft can get with the program and start developing an OS whose name ends in "X," the crucial systems of the world will continue to run other operating systems"
Maybe that's where they went wrong, they should have stuck to the 9x range instead of the wussy 2000 range.
How about remarketing as 200x?
What did you do that can't be done with GPO?
I find it's controls are not exactly granular in their depth.
Bad memory, huh? Many of MS patches don't work. Why do you think their record of bad security is so criticized?
Did you even look at that list?!
Variants in build or in NAME you troll!
I counted 7 on that page if you're willing to look at them closely.
I could probably find a couple more in the list if I tried.
Now it's my turn.
Lets look here NAIThey report that their database holds 71000!!!! viruses. OOOOHHHH, but you found 7 that affect vulnerabilities of applictions that run on Linux.
I work with Microsoft products.
I study Microsoft products.
Microsoft's record with regards to virus' and vulnerabilities is indefensible! So stop trying.
Microsofts OS's have had more root exploits, period.
Across the 30 Windows 2000 and XP workstations that are in my network SEVERAL times the past week and MANY times more then that over the course of the past 2 years. We haven't had a single problem after running those patches on those workstations.
Take your broken record and toss it out already...
The only WindowsUpdate related problem I ever had was with a Windows NT 4.0 Server that I inherited from some smacktard that Overclocked the CPU. For some bizarre reason the server worked fine until it required a reboot after applying patches. After that, the CPU gave up the ghost. At first, I thought it was WindowsUpdate... Then I attempted to install Windows over itself, which didn't work... Then I attempted to install Linux onto the machine, which didn't work... It kept locking up a durring the install process...
It wasn't until a few install attempts with Windows NT 4.0 that I received a particular BSOD that showed that there was a problem with the CPU. It was one of those 'nice' and 'easy' to read error messages that pointed me into the right direction.
I had to replace the CPU to get it back up and running. (That's when I noticed that WindowsUpdate wasn't the cause.) WindowsUpdate isn't all that bad, just don't run the driver update portion of it and make sure that you have competent admins working on your network... Then you shouldnt' have any issues with it.
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
"Windows update breaks things. Unexpectedly and unpredictably."
It does but looking at both sides of the story several people have defended the service packs for windows 2000, which I have had no problems with in comparison to problematic ones for SP4
Windows update does break things, I also used up2date recently on a new redhat distro and managed to trash apache/php/mysql so it does work both ways
Just open the console and type "gamma ray".
Classic.
cLive ;-)
-- Trinity in high heels carrying a whip: The donimatrix - there is no spoonerism
Interesting factoid, HP OpenView on Solaris, Linux, and HP-UX was affected by the blaster worm as well through RPC:
HP document on the vulnerability.
I could have sworn I just read something about a windows flaw a couple of days ago.
Microsoft's security patch to thwart MSBlaster leaves some versions of Windows still vulnerable to infection by similar web worms.
Here is the list systems still vonarable:
- Windows NT Workstation 4.0
- Windows NT Server 4.0
- Windows NT Server 4.0 (Terminal Server Edition)
- Windows 2000
- Windows XP
- Windows Server 2003
So, be ready for new spectacular dramas.Less is more !
Read my sig
Ok........
Lets see, I run Slackware, so most of these listed here don't apply.....ok now, remote exploits where I don't have to do a DAMN THING to get attacked and have my computer rebooting.......still looking.....still looking......damn. I was hoping I'd find a remote root exploit in this list, and one where I have to reboot the whole damn computer and interrupt my work like I do on my Win2k workstation here for work....nope.
Honestly, most FUD against linux just bounces off of me, I don't care, but you know, after reading your comments and seeing you repeatedly saying, "Read my sig, Linux is insecure too", its REALLY pissing me off. I admin a collection of Win2k, Win2k3, WinNT4, HPUX, AIX, Linux, and Solaris boxes here at work. For several different clients. And which ones REALLY piss me off with the patching? Thats right, the windows ones. Ask customer to take machine offline (in terms of "out of production"), check all of the errata to make sure this patch won't break the apps, apply, start whole process from scratch because NONE of our customers has the exact same environment setup. Some of them, the NT4 ones, I CAN'T apply the RPC patch, it will break the apps, and MS has stated to us, DO NOT apply this patch. Great. Or a VPN workstation that we can't patch, otherwise it will break the VPN software that we HAVE to use to connect to one of our clients.
Now, guess which boxes I DON'T worry about patching? Yep, the RH AS Linux servers. Run up2date, wait a few minutes, oh look at that, not even a reboot OR even taking the box out of production required! The site you keep boasting about is nothing save a collection of bugs. Thats it. Local attacks, if anything. This isn't 'shocking'. Software has bugs. But sane coding practices keeps it down to a minimum. I really don't remember the the last time my Linux machine was exploited. Oh, I know why, because it NEVER WAS. Hell I had this Win2k workstation for less than a day, and WHILE I WAS PATCHING IT, it was exploited by blaster.
People ask me if I hate Windows, and why. I say I don't hate it, it just pisses me off sometimes, because I KNOW an OS can be a hell of a lot nicer than it is. MS really just makes horrible software, I have not found ONE peice of software by them that I haven't found a better competetor to. And its sad, it doesn't have to be this way. If they are going to be on every system in the world, causing people to HAVE to use it, they really could make it a bit better to use. I don't mind getting screwed, as long as they drug me up first. I can ignore the monopoly, just make the software decent, dammit! Having a monopoly doesn't really bother me, its just that the monopoly is illogical. They didn't get there by being the best, most secure, easiest to use, etc. And I hate them every day for it.
And no, its not just MS, I hate Oracle on a daily basis tooC Pungent
Crossposted from another of my replies to a different article:
Microsoft programmer #1: Let's do the netcode so that Windows Update can take over your computer and install the updates automatically. After all, our target audience is too stupid to know how to install them themselves.
MS Programmer #2: What are you, crazy? Your feature would fill Windows with security holes. Hackers would have a carte blanche to do horrible things to people's computers!
MS Programmer #1: C'mon! Do you think a hacker would really bother finding these holes just to take over someone's computer? Besides, if a hole pops up, we can patch it.
MS Programmer #2: $500 says that hackers will find these holes and exploit them. And for each hole, MS customers will get more and more pissed off and will stop using Windows!
MS Programmer #1: Mr. Gates has everything under control. He can manipulate software and hardware companies so that users will have no choice but to use Microsoft products.
MS Programmer #2: *groan*
When in various rooms in yahoo and you want to get a look at a cam but it is still, tell the dorks that alt-f4 speeds the refresh rate generally works long enough to get in.
/. experience better
It also makes your
TUX: "Hold out your hands."
In BOB's right hand, TUX drops a red pill.
TUX: "This is your last chance. After this, there is no going back."
In his left, a blue pill.
TUX: "You take the blue pill and the story ends. You wake in your office, in front of your computer, downloading RPC patch #112 for Windows XP "Professional" - and you can believe whatever you want to believe about your company's IT security and flexibility for the future."
The pills in the CEO's open hands are reflected in his glasses.
TUX: "You take the red pill, and you stay in opensourceland, and I show you how deep the hole in the ice goes."
BOB feels the smooth skin of the capsules, with the moisture growing in his palms.
TUX: "Remember that all I am offering is the truth. Nothing more."
--lesson here is to listen to the penguin and journey into the real world of computing.
anderson@62.64.172.211.118.22
My windows laptop has been hosed and crashing randomly since I installed the
last RPC updates in July. Never got the virus, but it killed outlook and
I started getting system errors with a hang in my video driver. Now this....
I can't even access local SMB shares anymore after running their SFC
utility.
Of course I've sent email for help, but their email server keeps getting
denied by DNS...very very weird...
(The fact that you use nmap) and (like to sniff windows update traffic). you sniffed the traffic to see where it was comming from...