Admins are shaking in there boots due to the Ms 09-001 Patch

I have to talk about this because this is a big deal.   According to Techworld and I’ll quote:

“This one scares me – a lot,” says Eric Schultze, CTO of Shavlik Technologies. “It is a lot like Blaster and Sasser. It is the same exploit vector. If I am an attacker and I can touch NetBios then I can execute code with no credentials.”

[via Techworld]

[ad]Now This is due to the fact of what is happening with an update that came a few months ago the MS 08 – 067 that still people haven’t patched their systems.  According to F-secure the Downadup/Conflicker has grown overnight by a million computers being infected.

Now why are they scared of the recent patch (MS 09-001), because of so many vectors of infection, you don’t need any credentials.  The virus  does not  need to know any passwords or user names to gain access.  Just like the Downadup variant that is hitting the internet right now, this virus tries to access accounts by guessing weak passwords or even putting itself on flash drives or other mobile media to get other systems infected.

So why are admins scared over this new patch?

Most  companies don’t patch there system as quickly as Microsoft would like them to.   You see most companies have quite a few computers depending on the size of the company it could be quite a lot.  So many in fact that it would have several IT personal just to keep the system going.
[ad]

So why don’t they just put the new patches on the systems?

Depending on the size of the company and what they do has a lot to do with them updating there systems.  Some use really special programs or have a network going that is vital.  Even the smallest update to the system could bring the network or the program down.  Most companies liketo test it out on test machine for a while to make sure that the patch doesn’t  prevent the business from doing business.   Here are a few articles that prove why companies do not want to just install patches automatically:

Some companies are using older systems like Windows ME or some older Windows Operating systesm.   Although there isn’t anything we can do about those because Microsoft has stopped supporting them with updates and all.  I know we are all thinking thesame question?

Is there a way to fix the problem with Windows Updates?

I personally don’t have an answer but I am sure hackers will find ways to exploit codes so they can get on your system so way.  I’ve recently read a story about Adware Author and now I understand even more about why people do all of this.

This is one of the questions every admin has to ask themselves?  How do we update all of the systems we are responsible for?  There are no easy answers to this.

Blasting the Downadup.b/Conflicker back to the Stone-age!

It has been talked about the last few days where there is a worm hitting the computers who haven’t done the Microsoft Update MS08-067 which was release out of cycle and still have some systems has not been patched.  It has also been reported that it is spreading around the internet really quickly.   According to Computer World:

[ad#ad2-right]The worm, which was first reported by Panda and other security companies on Dec. 31, 2008, exploits a vulnerability in the Windows Server service that’s part of all currently supported versions of Microsoft’s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008.


[via Computer World]

It seems Microsoft has scolded people who haven’t patched for the October emergency update. Accusing users of playing “Russian Roulette”  and scolding them for not promptly updating their system to remove the vulnerability.

Symantec Blogged about this security of this program and how it was a variant of Downadup.b.  It also talks about how they are seeing an even more increase on this worm that was supposed to be patched by people who use Windows 2000 Server.

[ad#ad2-left]F-secure did a post about Downadup/Conflicker and how they took an Preemptive domain block list for this worm.   They have also seen an increase in this worm and they are trying to prevent this worm from gaining ground.   Talking about this being a network worm, in more ways then one.  Some have even seen it being sent through USB drives.   If you have a system you want to protect you should stop autorun.

Here are some links to better help you get this worm off your system:

In order to remove this worm, you must do a complete system scan with any of the free virus scanning programs.  You’ll need to update your virus database before you do the scan.  You may even want to try the free virus scanners tha are online to get rid of this worm.   These should help you get rid of this worm, but you must remember to install the update or you will get the worm again.  The MS08-067 Patch should be installed as soon as possible you can find the patch here.