New Security Exploit Found for Windows XP and 2000

submitted by rogueleader on Wednesday, September 10 2003 at 4:29 PM

For those of you who don't frequent Tech Talk there has recently been a lot going on that you should be aware of to protect yourself and others. The recent spread of worms and viruses have been taking advantage of security holes inherent in MS Windows. It is extremely important that each of you take the necessary steps to protect your systems.

This exploit discovered today is VERY similar to the MSBlaster Exploit which crippled many PC's around the globe a few weeks ago. If you use these two Operating Systems on your PC, do yourself a favor and download the security fix. I want each of you to make sure to patch your system from this new exploit here and to make sure to frequent WindowsUpdate and download ALL of the Critical Updates.

If you DO NOT download these patches, you can expect your PC to be attacked and if infected and on ResNet, they will probably disconnect you from the network like they did with the MSBlaster Worm.

posted by EVroccck on Wednesday, September 10 2003 at 4:38 PM

[Edited on September 10, 2003 at 5:15 PM. Reason : woops!]

9/10/2003 5:15:02 PM

We just had a bit of a problem getting the correct version of the story synched. To those of you who got to see that mess, you now understand what we Editors do Thanks to RL for submitting a story you should ALL pay attention to.

9/10/2003 5:16:27 PM

Cameron (rogueleader) is right, but you should note that there is no "probably" in the "disconnect you from the network."

I'll say that again: If you are infected and on the ResNet network, you will be disconnected until you (or us) get your system patched and we verify it.

If you have not applied the patch that was released TODAY, then you are not patched against this worm!

And by the way, if you'd like to know if your machine is infected with Blaster, you can look at the security logs here: http://www.ncsu.edu/itd/security/logs/blaster

You'll have to WRAP in, and I'm not sure if just any NCSU user can see that link or not, but it's there if you've got the permissions. If you don't have the permissions and think your machine is infected, contact us: 513-7638, resnet@ncsu.edu, or (this is new!) via AIM at NCStateResNet.

-bigginal

[Edited on September 10, 2003 at 5:46 PM. Reason : link, permissions, contact, more, and then spelling ]

9/10/2003 5:39:30 PM

so what are we looking for? what's abnormal?

9/10/2003 5:56:32 PM

You won't know until you lose control of your PC. It's better to patch first and be safe.

9/10/2003 10:24:49 PM

why in hell does it take so long to install?

9/10/2003 10:58:15 PM

NOTE: you DO NOT need to install the patch if you are running windows 95, 98, 98SE, or ME.

you DO need to install if you use Windows 2000 Professional or any version of XP. to find out your version, right click on my computer and select properties. it will tell you there.

also of note, a good firewall such as Zonealarm *should* protect you. you can download here:

http://download.com.com/3000-2092-10217783.html?tag=lst-0-1

also if you are behind a NAT Firewall Router on Cable Modem or DSL, you *should* be protected.

HOWEVER, the patch should still be installed because the exploit can be received over e-mail and no firewall will save you if you open an infected attachment.

RL

9/10/2003 11:06:32 PM

THANKS DAD!

9/10/2003 11:22:55 PM

That's why I still use trusty Win98

9/11/2003 12:13:28 PM

i keep forgetting to do the automatic updates... it's not really that automatic

9/11/2003 1:33:08 PM

This is SERIOUS stuff. My laptop crashed because of that stupid thing. Y'all really need to download it. My laptop will be in Atlanta for the next 2 weeks getting an entire new hard drive.

9/12/2003 11:31:39 AM

these patches make my web server stop running scripts. DAMNIT

9/12/2003 12:29:32 PM