Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Bracing for Worm Attack

Posted by ryuzaki0 on from the red-alert dept.

10010010 writes "A network worm attack targeting a critical Microsoft Windows vulnerability appears inevitable. The flaw is easy to exploit, as evidenced by the quick release of an exploit module for HD Moore's Metasploit Framework. Within hours of the Patch Day release Tuesday, two pen testing companies (Immunity and Core) created and released 'reliable exploits' for the flaw, which was deemed wormable on all Windows versions, including Windows XP SP2 and Windows Server 2003 SP1."

39 of 256 comments (clear)

  1. Re:So, an Exploit For a Patch? by Anonymous Coward · · Score: 5, Funny

    you can get the patch for the patch here

  2. Pen Testing? by devnullkac · · Score: 4, Funny

    OK, maybe I'm just missing an acronym/typo somewhere, but "pen testing?" Will the worms come through my Mont Blanc?

    --
    What do you mean they cut the power? How can they cut the power, man? They're animals!
    1. Re:Pen Testing? by 1_brown_mouse · · Score: 5, Funny

      Ha Ha! I use a PaperMate and they have never been cracked due to superior design and stylishness. Its the simple interface.

  3. Re:Penetration Testing? by Anonymous Coward · · Score: 5, Funny

    "Pen" is a commonly used short term for "penetration" so you could interchange "pen testing" with "penetration testing."

    Or, in your case, you would request full pen videos when you go to video rental store.

  4. The Cyber Gnome, Denouncer of Computer Myths by krell · · Score: 4, Funny

    "The Cyber Gnome here. Denouncer of computer myths. Who needs to download security patches? I don't, and I've never had any prob%$#@@@@#^_@_#@ NO CARRIER"

    --
    Where were you when the voynix came?
  5. Let's mobilize by ericlondaits · · Score: 5, Funny

    From TFA:

    <blockquote>A spokesperson for Microsoft said it is difficult to predict the motives and actions of attackers but insisted the company is "watching round-the-clock" and actively encouraging customers to download the update immediately.

    "We will mobilize if something does happen," the spokesperson said.
    </blockquote>
    They'll mobilize? Mobilize? As in "get the heck out of here"? Or are they calling the [GI]Joes?

    --
    As a Slashdot discussion grows longer, the probability of an analogy involving cars approaches one.
    1. Re:Let's mobilize by bky1701 · · Score: 2, Funny

      I think their mobilization plan is "launch all vista", however in their haste they forget to patch vista... or maybe just "run out doors and run around in circles". Who knows, it's M$.

      --
      Great Intellect...
    2. Re:Let's mobilize by TheRaven64 · · Score: 5, Funny
      "launch all vista"

      I think you mean:

      Take off all Vista! For great profit!

      There should probably be a 'We get worm! Main firewall turn on!' in there somewhere too.

      --
      I am TheRaven on Soylent News
  6. Re:The power of Homeland Security compels you! by skoaldipper · · Score: 5, Funny

    I have a red shield and X in my systray so I'm safe. I think it's a warning symbol for anyone trying to hack my box, like a medieaval coat of arms or something saying my computer is stronger than them.

    --
    I hope, when they die, cartoon characters have to answer for their sins.
  7. OH PLEASE GOD, Let me help out on this one by Anonymous Coward · · Score: 1, Funny

    If there's anything I can do to help get a worm going for this baby, respond back here. I'd love to stir up some shit.

    1. Re:OH PLEASE GOD, Let me help out on this one by Anonymous Coward · · Score: 2, Funny

      Try #hackers on irc.fbi.gov

  8. Re:How will this effect unpatched pirated versions by skoaldipper · · Score: 5, Funny

    Your pirate neighbor should be ok. I'm pretty sure the green parrot on his shoulder will eat any worms. If not, the patch over his right eye is probably the most current out there.

    --
    I hope, when they die, cartoon characters have to answer for their sins.
  9. New Microsoft Windows mascot suggestion. by krell · · Score: 5, Funny

    Here's my suggestion for a new Microsoft Windows mascot. She's old enough to be public domain, she's tanned, she's rested, she's ready, and she's all patched to hell. All the better that Redmond is located in the vicinity of America's "Emerald City". Please, pay no attention to the borg behind the curtain.

    --
    Where were you when the voynix came?
  10. Pirate loading windows. by krell · · Score: 5, Funny

    Your pirate neighbor (what, do you live on a WHARF???) should be able to get around this by launching his Windows in pirate mode. He has to boot to the command line, and then enter WIN.EXE -R -R -R. Also, has he considered the eyepatched system? It might be more useful to him than the "unpatched system" you mentioned.

    --
    Where were you when the voynix came?
  11. he who controls the OS.. by Anonymous Coward · · Score: 2, Funny

    From the title, I wondered if they were harvesting spice. "Wormsign! Is that wormsign?"

  12. Re:File Servers by Professor_UNIX · · Score: 4, Funny
    Our enterprise file servers run w2k3sp1... Those ports are open on these machines. Basically we have to hope that noone brings infection inside.
    That would be impossible unless you have users that have laptops that they take outside the office or users that browse the web or receive e-mail to their desktops or users that connect remotely from their homes via dialup or VPNs. All very unlikely scenarios in any modern business environment.
  13. Re:ALL Windows versions? by dvice_null · · Score: 2, Funny

    Don't worry, win98 has several well known unpatched security holes already.

  14. Re:Not quite by jackmama · · Score: 4, Funny

    Windows XP SP2 is the current version of Windows. Has been for almost two years. Aside from Windows XP SP1 all other versions of Windows are no longer supported by Microsoft.

    Well, that's a relief. I was worried that millions of PCs and servers might still be out there running Windows 2000 and NT, and might help propagate some sort of worm. As long as all computers are magically running the currently-supported versions of Windows, I guess we're OK.

  15. Re:So, an Exploit For a Patch? by IAmTheDave · · Score: 5, Funny

    Look, whatever the article says, it probably makes sense to ban all liquid or gell substances from any building that has Windows PCs, make all people stand in rediculously long lines to have their pocket books and napsacks security-checked for 8.5" floppy disks carrying said exploit, and even perhaps start a secret list of people who are banned by name from actually accessing a PC at all. I recommend the first name be John Smith, that bastard.

    Further, we should probably ban anyone that has dirt on their shoes, because I hear worms like dirt.

    Saftey first people. It may be an inconvenience, but it's all about your saftey, and the saftey of democracy across the world. We will prevail over the security-exploiters.

    --
    Excuse my speling.
    Making The Bar Project
  16. Pen Testing explained by krell · · Score: 4, Funny

    The "pen test" is to see whether it much easier, faster, safer, and cheaper to create a document using a pen and paper compared to booting up the computer and doing it there.

    --
    Where were you when the voynix came?
  17. Re:Penetration Testing? by Billosaur · · Score: 2, Funny

    Well, it's better than calling it "digital penetration".

    Yes, that involves something entirely different... wink, wink, nudge, nudge, say no more!

    --
    GetOuttaMySpace - The Anti-Social Network
  18. Re:Not really that serious by telchine · · Score: 5, Funny

    I'm a Windows user.

    Can somebody please tell me what the hell a port is? :)

  19. Re:Not really that serious by walt-sjc · · Score: 4, Funny

    IMHO, you should not be blocking those ports at the firewall, but rather redirect them to a responder that floods the return path with copies of the Ubuntu ISO. Run QOS on your outbound and set it at a lower(est) priority than your normal traffic so it doesn't impact you.

  20. Re:File Servers by Anonymous Coward · · Score: 1, Funny

    And which one of the dumb mods modded this to informative? The guy reveals their file servers are not secured, but doesn't even add ip addresses or name of the company. How is that informative?

  21. Microsoft Bracing for (Giant) Worm Attack by geobeck · · Score: 3, Funny

    Emperor Shaddam Gates IV admitted today that the high rock formations that ring the city of Arredmond might not be able to repel a full-on attack by the Frehax0rz and their giant worms. Story at 11.

    --
    Find environmentally and socially responsible products on http://buy-right.net
  22. Re:So, an Exploit For a Patch? by LordSnooty · · Score: 2, Funny

    Excuse me, I never browse the net without my pants on.

  23. Re:So, an Exploit For a Patch? by TheGhostOfDerrida · · Score: 5, Funny

    I tried to read the article, but it got a little confusing... is this a worm for a patch? A patch for a worm? A patch for a patch? A worm for a patch for a patch? a patch for a worm for a patch for a patch? A worm that patches? A patch that worms? Patches for worms? Does my dog (patches) have worms? I lost interest. And I think the TV is on...

    --
    Paul: If you're reading this, pick your shoes up out of the hallway. I keep tripping over them. Slob.
  24. Re:So, an Exploit For a Patch? by tomstdenis · · Score: 3, Funny

    Damn you Brit, we have ways of making you speak English properly!

    So what are pants in the UK? :-)

    Next you'll tell me that a fanny has a different meaning there too...

    --
    Someday, I'll have a real sig.
  25. Re:So, an Exploit For a Patch? by venir · · Score: 3, Funny

    Shooting soda out my nose wasn't exactly the way I planned to start my day, but thanks anyway.

  26. Re:So, an Exploit For a Patch? by Anonymous Coward · · Score: 5, Funny

    That's your own fault. You were supposed to stay away from liquids.

  27. Re:Not quite by evil_Tak · · Score: 2, Funny

    Where does he live?

  28. Re:So, an Exploit For a Patch? by D-Cypell · · Score: 3, Funny

    So what are pants in the UK? :-)

    Trousers.

    Funny story, my wife is Canadian and some time ago while in Florida on holiday (read: vacation). She asked if we could stop as a shopping centre (read: mall) to look for some 'Cacky Pants'. To her, this phrase describes those lightweight, cotton, military styled 'trousers'.

    To me, it describes, "Soiled underwear". There was a short moment of total confusion while we unravelled that one.

    Living with someone from the opposite side of the atlantic really puts meaning to the phrase, "Two nations divided by a common language" :).

  29. Re:So, an Exploit For a Patch? by steveatmarz · · Score: 3, Funny

    My wife grew up in the UK. She and 5 other girls came over in 90 as foreign exchange students and they were concerned about coming to the DC area with the crime etc. They got to talking to an American soccer mom type and she said, "Oh, don't worry, you just need to get your self a fanny pack!" The British girls jaws all dropped. Fanny in the UK means vagina, so they were all envisioning a small (or large as the case may be) pack that you hide your valuables in and then insert into the holiest of holes for safe keeping. She saw their confusion and shouted to her husband (a few rows back), "honey, they want to see my fanny pack, pass it up here so they can see it!" The first exposure to English vs American, the "common" language that seperates us.

    --
    Steve Maher freeunixtraining.com
  30. The DHS was on top of this. by DiscWolf · · Score: 2, Funny
    The Department of Homeland Security was on top of this. It seems like they are starting to understand what is going on. It makes you wonder if they are going to be proactive and raise the 'Terror Alert Level' when Vista is finally released.

    This signature was going to be a lot nicer but I had to cut a lot of features in order to get this post out without any further delays.

  31. patch your worm, worm your patch by flickwipe · · Score: 2, Funny

    Todays Microsoft Update menu

    KB666123456 - Patch, Worm, Worm and Patch
    KB666456789 - Patch, Worm, Worm, Worm, Worm and Patch
    KB666666666* - Worm, Worm, Worm, Worm, Worm, Patch, Worm and Worm


    * May not contain patch

    1. Re:patch your worm, worm your patch by burndive · · Score: 2, Funny

      Well, there's worm patch sausage and worm, that's not got much worm in it.

      --
      ...because "hacker" sounds way sexier than "code drone."
  32. Re:So, an Exploit For a Patch? by jrockway · · Score: 4, Funny

    And you can get the patch for Ubuntu here.

    --
    My other car is first.
  33. Re:So, an Exploit For a Patch? by advocate_one · · Score: 3, Funny
    I now run Ubuntu at home and at work. When all the windows systems are getting patched, updated crashing or just dying (my bosses computer needs a re-install this morning), I can just keep plugging away.

    that's the real pisser though isn't it... everybody else can use the "my computer's playing up" excuse when they're late with some work... us Linux users can't

    --
    Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
  34. What's a port? by neo · · Score: 2, Funny

    "I'm a Windows user.

    Can somebody please tell me what the hell a port is? :)"

    A port is where software pirates come to collect their booty. In this case your pron. They sail in by using special software to "surf the web" and come into your port. Once in your port they have to fight with swords in order to capture the port (just like in the game Pirates by Sid Myers... it looks just like that.)

    Once they are in your port you're screwed, all the walls in the world wont stop them.