It uses the exploit described in MS01-020. Reading it or viewing in in Outlook's "Preview Pane" will execute it on vulnerable systems. I've had about 20 copies reach my home email address - that's the worst I've ever seen.
A few years back there was a report that night lights left on in childrens' bedrooms could lead to short-sightedness. A later report told us all not to worry.
Microsoft is aware of a problem with the recently released security patch MS03-029 (http://www.microsoft.com/technet/securi ty/bulleti n/MS03-029.asp) This patch corrects a Moderate rated Denial of Service security vulnerability in Microsoft Windows NT 4.0 Server.
Specifically there is a problem with the patch when installed on systems that are also running RRAS (Routing and Remote Access Service) that causes the RRAS Service to fail when the system is rebooted after applying the patch. It is important to note that the security fix itself is unaffected and the patch is still effective in correcting the DOS flaw.
Microsoft is investigating this problem and will shortly issue a fix to correct it once that fix has been thoroughly tested. The security bulletin has been updated to reflect this. In the meantime customers affected by the problem may take one of the following actions.
1. Contact Microsoft Product Support Services for a hot fix that corrects the problem. This fix has not yet been extensively tested and should therefore only be applied by customers who are directly affected by the RRAS problem. 2. Install the patch if you do not need the RRAS service. The RRAS Service will fail to start however this will not impact normal operations other than those that use the RRAS Service. 3. Review the security bulletin and assess whether your enviroment requires the security patch. 4. Wait until a fix for the RRAS problem has been fully tested and released. The security bulletin will be updated when this happens.
Now all we need is an exploit for the quartz.dll (MS03-030) vulnerablility which uses that as a launchpad for the DCOM/RPC (MS03-026) attacks. That way you use your unpatched Win9x boxes to attack the others, all from an innoculous email or web page link.
That is complete and utter bollocks. There are all sorts of reasons why the net might not be available when installing software. Installers can and should handle such situations gracefully. And you've ignored the fact that the ICQ client doesn't work even when configured to go via the proxy, you insensitive clod!;-)
Netscape's QA department really need to get their act together.
Trying to install the full version on a Windows 98 box whose only access to the net is via a squid HTTP/HTTPS proxy.
Install got stuck at... configuring radio@netscape... I waited, waited, and waited some more... In the end I figured Godot would have turned up earlier if I'd continued waiting.
So, I killed the installer and try again, without radio@netscape. Looked good, so I decided to try their nice little ICQ client. Except it is not. Could not connect, even though the config from a previous netscape 7 incarnation had the ICQ web proxy set appropriately. Edited the AIM client preferences to make sure, and it moaned at me cos I wasn't6 connected (bad bad bad user interface, Netscape people!). Save the changes (actually, none, cos they were all right to start with), and it whinged again (same reason). Still unable to connect to ICQ. The real ICQ proggie has no such problems. Sighs...
Windows comes out of the box with extensions for known filetypes hidden means that something like "Invoice.doc.exe" will be shown as "Invoice.doc"
That brilliant idea (not), which is one more example of why dumbing-down is dangerous, makes it very easy to con people into opening infected attachments.
It is time for a service pack or security update to completely obliterate that option and always show all filetypes.
Note too that Microsoft limits the number of email addresses you can block, and if you get a spam from abc@def.ghi.com they give you the opportunity to block abc@def.ghi.com or all mail from def.ghi.com but do not give you any chance to block wverything from ghi.com. This shows that Microsoft have either never looked at the email addresses spammers use or are in league with them. The end result's the same, it is pretty impossible for Hotmail users to block spam using Hotmail's so-called antispam features.
Why not get KiXtart and play with it? It is free, has a lively user community, some great addons, and can be easily debugged. ScriptLogic have produced a good HTML Help version of the documentation, too. And there are loads of User Defined Functions to play with.
So why use either of them? That copy you downloaded and spread all over your organisation is illegal. Go on, read the licences, I dare you to;-) Then uninstall both of them and install either 7-zip or IZArc instead. You know you should!
There are a few fundamental problems with Windows update and Microsoft's security patches. NTBugtraq's Russ Cooper recently had this to say about it.
Secondly, Microsoft has the very very bad habit of releasing the "fixed" version of a bad patch under the same filename. Guess what, if you installed the "bad" patch, WindowsUpdate won't tell you there's a revised patch out. Because it is dumb dumb dumb and only checks registry keys and not file dates and versions. So windowsupdate leads one into a very FALSE sense of security.
Yes, Avast 4 Home Edition rocks! Small incremental pattern updates released frquently - 3 updates in the last 3 days. On the one occasion I've experienced where a update resulted in false positives, the fixed patterns were there within a few hours. Good stuff.
Re:I'm always skeptical when someone tries to sell
on
What's Microsoft Up To?
·
· Score: 2, Interesting
If you can read German, look here
Or, summarised in English:
1st No updates of RedHat Advanced Server.
2nd No new Samba version.
3rd No new kswapd (should especially speed up performance under high load).
4th Original Samba version got difficulties, used even older ones, but did not ask RedHat for any help.
5th Tuning of Windows using Registry-Key "Disablelastaccess", but did not use corresponding mount-Option "noatime" for the used ext3 file system.
6th ext3 uses a much more sophisticated journaling of the file system, but they did not set the mount option "data=writeback" to have similar conditions.
7th Very old LinUX kernel (over one year old, with known limits of this kernel for high load environments - do you remember all these 2.4.xy problems because of the virtual memory!?).
8th Redhat provides solutions to the most of the described problems, but they did not use these updates or that help.
9th They did not really try to tune Samba and used mostly the default settings.
Cripes, they're a load of rabid right-wingers, who probably think OSS is another variety of Communism. And they have it in for environmental groups too...
Slashdot Mirror
It uses the exploit described in MS01-020. Reading it or viewing in in Outlook's "Preview Pane" will execute it on vulnerable systems. I've had about 20 copies reach my home email address - that's the worst I've ever seen.
A few years back there was a report that night lights left on in childrens' bedrooms could lead to short-sightedness. A later report told us all not to worry.
Phil
Yes, like RRAS on Windows NT 4 Servers:
i ty/bulleti n/MS03-029.asp) This patch corrects a Moderate rated Denial of Service security vulnerability in Microsoft Windows NT 4.0 Server.
Microsoft is aware of a problem with the recently released security patch MS03-029
(http://www.microsoft.com/technet/secur
Specifically there is a problem with the patch when installed on systems that are also running RRAS (Routing and Remote Access Service) that
causes the RRAS Service to fail when the system is rebooted after applying the patch. It is important to note that the security fix itself is unaffected and the patch is still effective in correcting the DOS flaw.
Microsoft is investigating this problem and will shortly issue a fix to correct it once that fix has been thoroughly tested. The security bulletin has been updated to reflect this. In the meantime customers affected by the problem may take one of the following actions.
1. Contact Microsoft Product Support Services for a hot fix that corrects the problem. This fix has not yet been extensively tested and should therefore only be applied by customers who are directly affected by the RRAS problem.
2. Install the patch if you do not need the RRAS service. The RRAS Service will fail to start however this will not impact normal operations other than those that use the RRAS Service.
3. Review the security bulletin and assess whether your enviroment requires the security patch.
4. Wait until a fix for the RRAS problem has been fully tested and released. The security bulletin will be updated when this happens.
Regards,
Microsoft Security Response Center
Now all we need is an exploit for the quartz.dll (MS03-030) vulnerablility which uses that as a launchpad for the DCOM/RPC (MS03-026) attacks. That way you use your unpatched Win9x boxes to attack the others, all from an innoculous email or web page link.
That is complete and utter bollocks. There are all sorts of reasons why the net might not be available when installing software. Installers can and should handle such situations gracefully. And you've ignored the fact that the ICQ client doesn't work even when configured to go via the proxy, you insensitive clod! ;-)
Phil
No.
... configuring radio@netscape... I waited, waited, and waited some more... In the end I figured Godot would have turned up earlier if I'd continued waiting.
Netscape's QA department really need to get their act together.
Trying to install the full version on a Windows 98 box whose only access to the net is via a squid HTTP/HTTPS proxy.
Install got stuck at
So, I killed the installer and try again, without radio@netscape. Looked good, so I decided to try their nice little ICQ client. Except it is not. Could not connect, even though the config from a previous netscape 7 incarnation had the ICQ web proxy set appropriately. Edited the AIM client preferences to make sure, and it moaned at me cos I wasn't6 connected (bad bad bad user interface, Netscape people!). Save the changes (actually, none, cos they were all right to start with), and it whinged again (same reason). Still unable to connect to ICQ. The real ICQ proggie has no such problems. Sighs...
Phil
Windows comes out of the box with extensions for known filetypes hidden means that something like "Invoice.doc.exe" will be shown as "Invoice.doc"
That brilliant idea (not), which is one more example of why dumbing-down is dangerous, makes it very easy to con people into opening infected attachments.
It is time for a service pack or security update to completely obliterate that option and always show all filetypes.
Note too that Microsoft limits the number of email addresses you can block, and if you get a spam from abc@def.ghi.com they give you the opportunity to block abc@def.ghi.com or all mail from def.ghi.com but do not give you any chance to block wverything from ghi.com. This shows that Microsoft have either never looked at the email addresses spammers use or are in league with them. The end result's the same, it is pretty impossible for Hotmail users to block spam using Hotmail's so-called antispam features.
Phil
Why not get KiXtart and play with it? It is free, has a lively user community, some great addons, and can be easily debugged. ScriptLogic have produced a good HTML Help version of the documentation, too. And there are loads of User Defined Functions to play with.
;-)
One idiot is even scripting Nagios plugins with it
Phil
So why use either of them? That copy you downloaded and spread all over your organisation is illegal. Go on, read the licences, I dare you to ;-) Then uninstall both of them and install either 7-zip or IZArc instead. You know you should!
There are a few fundamental problems with Windows update and Microsoft's security patches. NTBugtraq's Russ Cooper recently had this to say about it.
Secondly, Microsoft has the very very bad habit of releasing the "fixed" version of a bad patch under the same filename. Guess what, if you installed the "bad" patch, WindowsUpdate won't tell you there's a revised patch out. Because it is dumb dumb dumb and only checks registry keys and not file dates and versions. So windowsupdate leads one into a very FALSE sense of security.
Phil
Yes, Avast 4 Home Edition rocks! Small incremental pattern updates released frquently - 3 updates in the last 3 days. On the one occasion I've experienced where a update resulted in false positives, the fixed patterns were there within a few hours. Good stuff.
If you can read German, look here
Or, summarised in English:
1st No updates of RedHat Advanced Server.
2nd No new Samba version.
3rd No new kswapd (should especially speed up performance under high load).
4th Original Samba version got difficulties, used even older ones, but did not ask RedHat for any help.
5th Tuning of Windows using Registry-Key "Disablelastaccess", but did not use corresponding mount-Option "noatime" for the used ext3 file system.
6th ext3 uses a much more sophisticated journaling of the file system, but they did not set the mount option "data=writeback" to have similar conditions.
7th Very old LinUX kernel (over one year old, with known limits of this kernel for high load environments - do you remember all these 2.4.xy problems because of the virtual memory!?).
8th Redhat provides solutions to the most of the described problems, but they did not use these updates or that help.
9th They did not really try to tune Samba and used mostly the default settings.
Cripes, they're a load of rabid right-wingers, who probably think OSS is another variety of Communism. And they have it in for environmental groups too...
Try this