Exploits Circulate for Windows 2000 Vulnerability ~~ multiple exploits are circulating

2CPU.com - eWeek ^ | Tuesday, August 16, 2005 at 1:48 PM EST | duke

[Ernest_at_the_Beach]

DisneyLand took a hit yesterday, also...

[Ernest_at_the_Beach]

From Exploits Circulate for Windows 2000 Worm Hole ....Aug 12

Ziff Davis Internet News has confirmed the existence of at least five exploits targeting several different vulnerabilities patched by Microsoft earlier this week.

[general_re]

I must be doing something wrong - there are four Win2k machines in easy reach here, and several hundred more scattered about, none of which have had a problem. Maybe Disney, CNN, ABC, and the NYT (did I forget anyone?) would like a quote on some consulting work.

[ShadowAce]

Here's another Windows Security Alert!

[redlocks322]

Yep, the company I work for got hit this morning. All hell is breaking loose. Still haven't gotten the server to come back up. Not good.

[Ernest_at_the_Beach]

Article said Microsoft was most concerned over this one:

Microsoft Security Bulletin MS05-039
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
Issued: August 9, 2005
Version: 1.0

[AppyPappy]

I had 3 file sharing boxen infected. Luckily, the firewall refused them a chance to talk to the internet. Some jerk with a unfirewalled laptop was the culprit.

[Ernest_at_the_Beach]

I thought the detail of 5 different exploits was new....althought more than likely someone here knew it.

GR...if you have a good plan for continual updates...and since MS had their alerts out in plenty of time, you DONE GOOD!

[N3WBI3]

We have seen two of our server catch it (macafee), we have just finished patching our entire dev/test area. Should have everything in PROD patched by sunday but its hard because these damn things require a reboot!

[general_re]

Short cycle, though - not a lot of time for testing.

[Ernest_at_the_Beach]

This from 2CPU also

*************************************

Zotob worm hits Windows users
By duke on Monday, August 15, 2005 at 9:43 AM EST [ Post A Comment ] #3821

C|Net has posted a quick article about a new worm affecting Windows users: Zotob.

The Zotob worm appeared shortly after the world's largest software maker warned of three newly found "critical" security flaws in its software, including one that could allow attackers to take complete control of a computer.

More information is available here.

[HAL9000]

Some jerk with a unfirewalled laptop was the culprit.

The Microsoft Wheel of Blame spins again.

[AppyPappy]

Yeah but I can't use a Mac. I'm a heterosexual.

[Ernest_at_the_Beach]

This says more than just Windows 2000???

**********************************************

Zotob worm hits Windows users

By Reuters
http://news.com.com/Zotob+worm+hits+Windows+users/2100-7349_3-5832849.html

Story last modified Mon Aug 15 04:30:00 PDT 2005


A new Internet worm has been detected that can infect Microsoft's Windows platforms faster than previous computer worms, according to an antivirus software maker.

The Zotob worm appeared shortly after the world's largest software maker warned of three newly found "critical" security flaws in its software, including one that could allow attackers to take complete control of a computer.

		Related story First potential virus risk for Vista found Code that may be part of the new OS is already being probed by a virus writer.

The latest worm exploits security holes in Microsoft's Windows 95, 98, ME, NE, 2000 and XP platforms and can give computer attackers remote access to affected systems, said Trend Micro.

"Hundreds of infection reports were sighted in the United States and Germany," Tokyo-based Trend Micro said in a statement released late last week.

"Since most users may not be aware of this newly announced security hole so as to install the necessary patch during last weekend, we can foresee more infections from worm Zotob," it said.

The latest virus drops a copy of itself into the Windows system folder as BOTZOR.EXE and modifies the system's host file in the infected user's computer to prevent the user getting online assistance from antivirus web sites, Trend Micro added.

It can also connect to a specific Internet relay chat server and give hackers remote control over affected systems, which can be used to infect other unpatched machines in a network and slow down the network performance.

Last Tuesday, Microsoft issued patches to fix its security flaws as part of its monthly security bulletin. The problems affect the Windows operating system and Microsoft's Internet Explorer Web browser.

Microsoft has warned that an attacker could exploit a vulnerability in its Internet Explorer Web browser and lure users to malicious Web pages, and could run software code on the user's PC, giving the attacker control of the affected computer.

Computer users should update their antivirus pattern files and apply the latest Microsoft patches to protect their computer systems, Trend Micro said.

[frogjerk]

[Ernest_at_the_Beach]

IE again......

Microsoft has warned that an attacker could exploit a vulnerability in its Internet Explorer Web browser and lure users to malicious Web pages, and could run software code on the user's PC, giving the attacker control of the affected computer.

Must be ActiveX ....

[Ernest_at_the_Beach]

LOL...Fedora Core 4 here....

[Windcatcher]

I wonder if MS still thinks that Win2k doesn't need a SP5, like they initially promised. Whoever made that decision needs to be smacked.

[Question_Assumptions]

I was advised by my company's IT person not to routinely install Microsoft updates because there is no telling what they might break. (Looks to the left) Hello rock. (Looks to the right) Hello hard place.

Fortunately, our firewall seems to have protected me.

[AppyPappy]

That's good advice. A firewall with some basic procedures should help

Delete the default share for the system drive
Make every program ask for permission to leave the box
Heavily restrict who can see the box
Turn off unneeded processes
Check the system32 folder daily
Whenever a new virus comes out, create a read-only text file with the same name and put it in the offending directory
Create a locked down honeypot on your network to sniff out new viri