New attack code crashes Windows XP & Vista
Posted by Steven Parker on 19 January 2008 - 10:50 · 23 comments & 18530 views
About the Author
Full name: Steven Parker
Forum name: Neobond
Contact: via forum PM
Submissions: Normal · Headline
Full name: Steven Parker
Forum name: Neobond
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
#2 Posted by +mad_onion on 19 Jan 2008 - 11:53
- but it's been patched and so is a non issue, for microsoft at least.
-
(2 replies)
#3 Posted by Examinus on 19 Jan 2008 - 12:59
- "Microsoft patched the flaw in its MS08-001 update, released last week"
So how is it different to any other flaw that's been patched? -
#3.1 Posted by gollux on 19 Jan 2008 - 20:13
- Because when someone figures how to exploit the buffer overflow, it will very quickly become the "IGMP Ping of Compromise" among all the unpatched systems out there on the network that aren't properly firewalled. You have forgotten SASSER?
http://en.wikipedia.org/wiki/Sasser_worm -
#3.2 Posted by whocares78 on 21 Jan 2008 - 07:58
- (gollux said @ #3.1)Because when someone figures how to exploit the buffer overflow, it will very quickly become the "IGMP Ping of Compromise" among all the unpatched systems out there on the network that aren't properly firewalled. You have forgotten SASSER?
http://en.wikipedia.org/wiki/Sasser_worm
do you understand what patched a flaw means, it means if you have updated your system you wont get hit by it, nomatter what anyone figures out, oh yeah and someone already figured it out, thats why theres an article here...
i remember sasser, a fully patched sytem wasn't vulnerable!!!
-
#4 Posted by +GreyWolfSC on 19 Jan 2008 - 13:02
- Comment submitted via quality rating...
-
#5 Posted by ThaCrip on 19 Jan 2008 - 13:32
- nothing to worry about since im sure most users on this website tend to get windows update asap
-
(1 reply)
#6 Posted by Foub on 19 Jan 2008 - 13:55
- As if it took all that much to crash Windows as it is.....
-
#6.1 Posted by +GreyWolfSC on 19 Jan 2008 - 15:47
- (Foub said @ #6)As if it took all that much to crash Windows as it is.....
If your Windows installation crashes a lot, you must have a defect. (Or your Windows install does.)
-
#7 Posted by +Beastage on 19 Jan 2008 - 15:11
- I guess the researchers knew about it since before the patch and release it now once its fixed, maybe they found it early and contacted MS that patched it.
-
(5 replies)
#8 Posted by hotdog963al on 19 Jan 2008 - 16:28
- I haven't updated since SP2
Don't have A/V either...
No problems, though! -
#8.1 Posted by hairbautt on 19 Jan 2008 - 17:43
- I don't go for the hotfixes either.
No AV as well, but I use Comodo Firewall with Defense+. No problems. -
#8.2 Posted by +warwagon on 19 Jan 2008 - 18:04
- So you are saying you haven't installed any updates since service pack 2? If so WHY!!!!!!!!!!!!!???????????
-
#8.3 Posted by excalpius on 20 Jan 2008 - 00:26
- (warwagon said @ #3)So you are saying you haven't installed any updates since service pack 2? If so WHY!!!!!!!!!!!!!???????????
Because he is being a hot dog!
(which don't have brains AFAIK) -
#8.4 Posted by +warwagon on 20 Jan 2008 - 20:14
- So you have no antivirus either and no updates?
Not something I would brag about. -
#8.5 Posted by whocares78 on 21 Jan 2008 - 08:00
- well more fool you... and i am guessing if you actually did a scan, youd have a whole bunch of crap on your machine
-
(1 reply)
#9 Posted by PsiMoon314 on 19 Jan 2008 - 17:39
- Hi,
Many folks do not patch their systems as they are simply unaware they need to. My experience has shown me this.
This issue may yet be exploited to become a widespread worm if a suitable attack can be developed. It could be on the scale of Sasser or similar when or if this happens.
Servers are often the last machines to be updated given their admins dislike for disturbing the status quo for production machines.
Kind Regards
Simon -
#9.1 Posted by .hasan on 19 Jan 2008 - 19:30
- (PsiMoon314 said @ #1)Servers are often the last machines to be updated given their admins dislike for disturbing the status quo for production machines.
admins like that need to think about how much down time there production machines might have if exploited.
-
(2 replies)
#10 Posted by soldier1st on 19 Jan 2008 - 19:36
- and also admins should update during off peak hours maybe once or at least twice a month,not doing it at all could create more downtime.admins that dont do there job right should be fired and told no pay for you as you failed our expectations,true downtime isint a good thing.
-
#10.1 Posted by gollux on 19 Jan 2008 - 20:08
- @soldier1st
Why all the patching during off-peak hours or the downtime. With WSUS 3.0, you just approve the patches to a test computer, fire it up as admin, run wuauclt.exe /detectnow, install the patches when it prompts you, test the computer. If all's well, you approve the patches for everything else, and the patches get installed the next time the workstations are shut down. Monitor for those that haven't had the patches applied the next day and go shut the offenders down at lunch time.
Problem solved.
The only difficulties are servers, they are the ones that have to be done in off-peak hours. -
#10.2 Posted by whocares78 on 21 Jan 2008 - 08:01
- (gollux said @ #10.1)@soldier1st
Why all the patching during off-peak hours or the downtime. With WSUS 3.0, you just approve the patches to a test computer, fire it up as admin, run wuauclt.exe /detectnow, install the patches when it prompts you, test the computer. If all's well, you approve the patches for everything else, and the patches get installed the next time the workstations are shut down. Monitor for those that haven't had the patches applied the next day and go shut the offenders down at lunch time.
Problem solved.
The only difficulties are servers, they are the ones that have to be done in off-peak hours.
+1, but i always just schedule the server updates during off peak, they install reboot themsleves and all good.. it really aint that hard
-
(1 reply)
#11 Posted by rpgfan on 20 Jan 2008 - 00:09
- *sigh* The patch may have been released before proof-of-concept code was released to the public, but what about when you need to reinstall, and you are so tired of Windows updates that you just don't do them? I'd gladly trade poor security on my personal computer for the huge amount of time it takes to do those. And then there's Office updates... Oh, right - XP SP3 or Vista SP1, right? Wait, aren't those both still in the Release Candidate stage? As much as I would like to slipstream them into my installation, I'd rather not waste my discs on something that is incomplete.
-
#11.1 Posted by +Kushan on 21 Jan 2008 - 12:07
- (rpgfan said @ #11)*sigh* The patch may have been released before proof-of-concept code was released to the public, but what about when you need to reinstall, and you are so tired of Windows updates that you just don't do them? I'd gladly trade poor security on my personal computer for the huge amount of time it takes to do those. And then there's Office updates... Oh, right - XP SP3 or Vista SP1, right? Wait, aren't those both still in the Release Candidate stage? As much as I would like to slipstream them into my installation, I'd rather not waste my discs on something that is incomplete.
Huge amount of time?
You boot up, go to windows update, select everything, click install and go have your dinner/lunch/whatever. Job's done and it only has to be done ONCE per installation, after that it's once a month for a few mins and a restart.
Whereas how much time do you lose when you get a nasty virus that you can't easily get rid of?
And no doubt you're one of the first people to complain about insecurities and vulnerabilities and so on.
That's the biggest concern for security experts who worry that a more dangerous attack may soon follow as researchers dig further into the vulnerability. The bug is particularly troublesome for two reasons. First, it affects a widely used Windows component that is turned on by default. Worse, no user interaction is required to trigger the flaw, meaning that it could be exploited in a self-copying worm attack. Microsoft patched the flaw in its MS08-001 update, released last week, but it takes time for enterprise users to test and install Microsoft's patches.