MS08-067 – Paul's Tech Talk

A fan wants to Release Windows 7 Now : My Security Concerns

PaulJanuary 29, 2009

After reading about this from PcWorld, I’ve went to check this site out. I went to his twitter accoun(Kelly Poe) to find out the site he put up and I am quite impressed. Here are few things that I am concerned about starting with the website.

[ad#ad2-right]I love the idea and all but I am quite concerned with the privacy of my email account. I don’t know if you have to submit your email account but I would caution people not enter one until the site says what it will do with your email address.

Now that being said that’s the only thing I can think of when it comes to security for your email address, you don’t want to someone to give out your email address to spammers. That would just make it even worse for your email account. You could however use a 10 min Email account to use but that might make it harder for Microsoft to contact you if they want to verify these accounts!!

Now my main concern is Windows 7 right now and Security. You know the Conflicker/Conflickr/Downadup Worm is currently loose on the internet. It uses the the Ms 08-067 Exploit and currently Windows 7 does not protect against this Worm in fact Microsoft has released information that you would need to install the updates manually to fix this problem.

Some vendors are yet to develop for Windows 7 beta due to it being a beta. Some others like Security Vendors are offering protection for Windows 7 Beta. This is mainly the Anti-virus software group, I would like to see more people embrace windows 7 as much as the security groups. Although this is the first step it would need to be more open response from Manufacturers and dealers alike they would need to get it to work making sure their drivers and such will work good with Windows 7. This is where it takes time, that is why I am glad it is a beta, it allows vendors and Companies a like a chance to test out their software and Hardware and even their drivers before the release.

Before I support this, I would like to see more happen to Windows 7 in some areas. For instance I’d like to see more compatability and more drivers and software that works for Windows 7. I’d also like to see Microsoft to take Windows 7 Beta Serious and Keep the Security up on it and not let it lapse. I’d want Microsoft to send out patches for Vulnerabilities just like Vista and keep people’s system updated so you don’t have to update them manually. I just hope Microsoft takes Apple’s example to heart and release Windows 7 without having to have several versions of the same Operating System.

Admins are shaking in there boots due to the Ms 09-001 Patch

PaulJanuary 14, 2009

I have to talk about this because this is a big deal. According to Techworld and I’ll quote:

“This one scares me – a lot,” says Eric Schultze, CTO of Shavlik Technologies. “It is a lot like Blaster and Sasser. It is the same exploit vector. If I am an attacker and I can touch NetBios then I can execute code with no credentials.”

[via Techworld]

[ad]Now This is due to the fact of what is happening with an update that came a few months ago the MS 08 – 067 that still people haven’t patched their systems. According to F-secure the Downadup/Conflicker has grown overnight by a million computers being infected.

Now why are they scared of the recent patch (MS 09-001), because of so many vectors of infection, you don’t need any credentials. The virus does not need to know any passwords or user names to gain access. Just like the Downadup variant that is hitting the internet right now, this virus tries to access accounts by guessing weak passwords or even putting itself on flash drives or other mobile media to get other systems infected.

So why are admins scared over this new patch?

Most companies don’t patch there system as quickly as Microsoft would like them to. You see most companies have quite a few computers depending on the size of the company it could be quite a lot. So many in fact that it would have several IT personal just to keep the system going.
[ad]

So why don’t they just put the new patches on the systems?

Depending on the size of the company and what they do has a lot to do with them updating there systems. Some use really special programs or have a network going that is vital. Even the smallest update to the system could bring the network or the program down. Most companies liketo test it out on test machine for a while to make sure that the patch doesn’t prevent the business from doing business. Here are a few articles that prove why companies do not want to just install patches automatically:

Windows patch is flawed (Dated March 31, 2005 8:31 AM PST)

Stealth Windows update prevents XP repair (Dated Sept 27, 2007)

Patch Tuesday security update causes problems with IE for some (Dated Dec 18, 2007)

Some companies are using older systems like Windows ME or some older Windows Operating systesm. Although there isn’t anything we can do about those because Microsoft has stopped supporting them with updates and all. I know we are all thinking thesame question?

Is there a way to fix the problem with Windows Updates?

I personally don’t have an answer but I am sure hackers will find ways to exploit codes so they can get on your system so way. I’ve recently read a story about Adware Author and now I understand even more about why people do all of this.

This is one of the questions every admin has to ask themselves? How do we update all of the systems we are responsible for? There are no easy answers to this.

Blasting the Downadup.b/Conflicker back to the Stone-age!

PaulJanuary 12, 2009

It has been talked about the last few days where there is a worm hitting the computers who haven’t done the Microsoft Update MS08-067 which was release out of cycle and still have some systems has not been patched. It has also been reported that it is spreading around the internet really quickly. According to Computer World:

[ad#ad2-right]The worm, which was first reported by Panda and other security companies on Dec. 31, 2008, exploits a vulnerability in the Windows Server service that’s part of all currently supported versions of Microsoft’s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008.

[via Computer World]

It seems Microsoft has scolded people who haven’t patched for the October emergency update. Accusing users of playing “Russian Roulette” and scolding them for not promptly updating their system to remove the vulnerability.

Symantec Blogged about this security of this program and how it was a variant of Downadup.b. It also talks about how they are seeing an even more increase on this worm that was supposed to be patched by people who use Windows 2000 Server.

[ad#ad2-left]F-secure did a post about Downadup/Conflicker and how they took an Preemptive domain block list for this worm. They have also seen an increase in this worm and they are trying to prevent this worm from gaining ground. Talking about this being a network worm, in more ways then one. Some have even seen it being sent through USB drives. If you have a system you want to protect you should stop autorun.

Here are some links to better help you get this worm off your system:

Virus Removal Tools

>W32.Downadup.B removal help

F-Secure has the removal tools to remove this Worm.

XP Geek Has a great post about manually removing this worm>

In order to remove this worm, you must do a complete system scan with any of the free virus scanning programs. You’ll need to update your virus database before you do the scan. You may even want to try the free virus scanners tha are online to get rid of this worm. These should help you get rid of this worm, but you must remember to install the update or you will get the worm again. The MS08-067 Patch should be installed as soon as possible you can find the patch here.