MS08-067 Worm Dangers

Started by zep516, January 15, 2009, 05:42:53 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

zep516

January 15, 2009, 05:42:53 PM
You're only as safe as your last update.

Corrine

#1
January 16, 2009, 01:28:04 AM


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

zep516

#2
January 16, 2009, 01:51:23 AM
You're only as safe as your last update.

Frands

#3
January 16, 2009, 04:36:52 PM
More news about this issue here:

http://news.bbc.co.uk/2/hi/technology/7832652.stm
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

Eric the Red

#4
January 16, 2009, 07:23:14 PM
What the heck, I'll join the party with this offering from the UK Covernment's "Centre for the Protection of National Infrastructure".

QuoteThe vulnerability addressed in MS08-067 continues to be exploited by the Downadup / Conficker (and variants) worm.  This advisory acts as a reminder for continued caution.

CPNI are aware of continuing infections of the Downadup / Conficker worm.  CSIRTUK advise extra vigilance at this time and recommend consulting the advice provided on the following websites:

There then follows a list of links.

http://www.cpni.gov.uk/Products/alerts/3747.aspx
"The time to start running is around about the "e" in "Hey, you!" "

pastywhitegurl

#6
January 21, 2009, 03:37:42 PM
I didn't read every single article here, but it seems that Windows users are being directed to get this critical update:
KB958644

When I checked my update logs, it seems this update went out in October. This is the date my system was patched:
Friday October 24
Security Update for Windows XP (KB958644)

So is this a continuation of the same warning, or is there a new threat?



R-C

#7
January 21, 2009, 07:37:49 PM
it just goes to show how many people did not get the windows patch even when it was a special patch that was put out with much publicity and warnings, as an out of band patch.
I even saw tv news broadcasts emphasizing the importance of getting that patch back when it came out.
registered Linux user:476595
May inspiration fill your heart and hands, run down your legs onto your feet and cause Spontaneous Dancing! :dance:

Eric the Red

#8
January 21, 2009, 08:04:44 PM
Quote from: pastywhitegurl on January 21, 2009, 03:37:42 PM
I didn't read every single article here, but it seems that Windows users are being directed to get this critical update:
KB958644

When I checked my update logs, it seems this update went out in October. This is the date my system was patched:
Friday October 24
Security Update for Windows XP (KB958644)

So is this a continuation of the same warning, or is there a new threat?


Yes, the patch did go out in October and we are now seeing an attack that tries to exploit the vulnerability that that patch closed. Many users, particularly Corporate users, do not use the auto-update feature for fear of the impact that Microsoft's patches may have on their networks - they like to be able to check that the applications that they use are not affected by the patch before they apply it. Those types of users, if they didn't install MS08=067, are particularly vulnerable to this threat. As a home user with the auto-update enabled you should not be under threat if you practice safe computing.



"The time to start running is around about the "e" in "Hey, you!" "

dp

#9
January 23, 2009, 12:45:40 PM
January 22, 2009: MS08-067 Conficker Worm Update

Microsoft Malware Protection Center has published a Threat Research and Response Blog that centralizes Microsoft's guidance.

Centralized Information About The Conficker Worm

Since the time Microsoft released security update MS08-067, we have released information about MS08-067 exploits and specifically about the Conficker worm in our malware encyclopedia and in multiple blog posts for example here. This blog provides a summary of the available information Microsoft has provided on the Conficker worm and the vulnerability it exploits, which Microsoft addressed with MS08-067.

First, we outline the various attack vectors because it's important for customers to understand that the Conficker worm utilizes a variety of attack vectors to infect machines. Based on this analysis we follow up with guidance for what customers can do to protect themselves. The first and most important piece of guidance is to immediately deploy the security update associated with Microsoft Security Bulletin MS08-067, if you haven't already. However, because this worm utilizes a number of additional vectors of attack we provide additional information and guidance to help you build a defense in depth approach. Finally, we close with information and pointers to how to clean up your machine using the Microsoft Malicious Software Removal Tool.

http://blogs.technet.com/mmpc/archive/2009/01/22/centralized-information-about-the-conficker-worm.aspx
Microsoft MVP - Consumer Security since 2004
DP's Security Bits
Print
Go Up Pages1
User actions