Feb 18, 2003, 1:19 PM
Post #4 of 4
Dave: You will be interested in this Windows newsletter, that weekly (and sometimes more often) touches on all the latest patches and security issues, telling us which ones we should trust and why:
Re: [davidmcl] Security updates for Win XP-pro - they scare me . . .
Can't Post |
In fact, here's a blurb on the SMB flaw:
Really Urgent Patch - Do This Now
I'm not sure if you are aware of the Sunbelt sponsored NTSYSADMIN list. There are about 5,000 front-line, in-the-trenches network and system admins on this list that warn each other for threats and discuss admin problems. August 27, a thread was started up that is urgent and you need to take action right away.
Why? The old "WinNuke" from the evil days of Win95 has reincarnated for NT/W2K/XP and .NET (WinNuke allowed you to shut a system down remotely with about three clicks). Our techies in Sunbelt downloaded it and sure enough we could blow systems up with it. Here is a snippet off the NTSYSADMIN list (which in itself came off another list called ntbugtraq).
Subject: MS02-045 exploit is out
I haven't seen much noise on this list about MS02-045 (Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)), but the implications are very nasty. Any unpatched WinNT/2K/XP or .NET machine on your network that's listening on port 139 and/or 445 can be crashed in about two seconds with a malformed SMB packet. I highly disagreed with Microsoft's assessment that this was only a "moderate" threat level to intranet and desktop systems because the exploit is so easy to perform.
It was bad enough in theory, but now a script-kiddie friendly GUI version of the exploit has been posted on PacketStorm, and it works against all of the above. We worked through the weekend to get a large percentage of our boxes patched - you may have to do the same. You can try for yourself at:
[Editor's note] The fact this thing is out now with a GUI and can sit on a desktop as an icon makes it really dangerous. More over, it is infected with the hacktool virus as well, so we tool this link out.
The Patch is here (MS02-45):