MS-08-067

similar to sasser potentially.

MS have confirmed off the record that 2 major corporates in the states have already been subject to attack.

our place is working on deployment as i type.

gonna be a looong night!

 

kb link mate?

 

KB958644

 

initial trojan exploit..
ymantec Definitions version released 101024p today
http://www.symantec.com/business/security_response/definitions/rapidrelease/index.jsp

Sophos Protection available since 23rd October

Site explaining Trojan/ worm http://blog.threatexpert.com/2008/10/gimmiva-exploits-zero-day-vulnerability.html


worm won't be far behind......

 

I can feel one of 'those' threads coming on!!

Where I don't understand a single word and yet I love it!

 

your a closet geek thats why Lee

 

the first word I spotted on that link was 'backdoors' and am now giggling like a schoolboy

 

It starts from probing other IPs from the same network by sending them a sequence of bytes "abcde" or "12345". The worm then attempts to exploit other machines by sending them a malformed RPC request and relying on a vulnerable Server service. As known, Server service uses a named pipe SRVSVC as its RPC interface, which is registered with UUID equal to 4b324fc8-1670-01d3-1278-5a47bf6ee188. In order to attack it, the worm firstly attempts to bind SRVSVC by constructing the following RPC request:


I agree Lee

 

lee.. just go home mate.. seriously. your pc will be rebooted tonight.

 

I think we're covered

 

Thanks for the heads up hadn't seen this! Typically happens on a Friday though :-/

 

Good, could do with work picking up a bit!

Sorry in advance to anyone affected

 

tell me about it.

 

I patched it with Linux

 

My boss said fuck it we'll patch next week

 

thanks for the heads up mark. have passed this information onto the powers that be for them to totally ignore

its fun this way when you turn up at the last minute, do a bit of overtime and save the day you look a proper hero

 

Cheers, just done ours that are turned on, the rest can wait till Monday LOL

 

WSUS for the win

 

I doubt my Internal Support Team have any idea about this, let alone know how to rectify it

They send around an e-mail saying they have approved the latest windows updates for download each time they are out, they don't know I've got service pack 3 on the machine

 

threat status was downgraded over the weekend. we've still patched everything though just in case. took us about 3 hours to do 1800 workstations + 500 laptops
unfortunately for the server team, they're so out of date that they're having to install a service pack as a perrequisite on most of their servers. took them all weekend to do 350

 

what service pack is a prerequisite? please dont say 2003 SP2

 

you sure????


()

 

.......you mean a bit like the one about your Westy rebuild

 

might be my mistake... might not be a prerequisite but they should be up to date anyway!
if you really wanna know, try the KB article!