Owner of the BFT
Virus / MS05-039 update 
16th-Aug-2005 09:24 pm
Serve
In case you haven't heard, there are now several different viruses in the wild that are using the MS05-309 vulnerability to infect and propagate. Two of these viruses -- WORM_RBOT.CBQ and WORM_ZOTOB.D -- went in the wild today, and causes infected systems to reboot. This is similar to the Sasser and Blaster worms.

Some companies have not been successful in protecting their environment. CNN is reporting that "Among those [companies] hit were offices on Capitol Hill, which is in the midst of August recess, and media organizations, including CNN, ABC and The New York Times. The Caterpillar Co. in Peoria, Illinois, reportedly also had problems." I have unofficial information that the County of San Diego and Small Business Association in Los Angeles were also impacted.

So, what can you do? If you support your own systems for security updates, help us protect the computing environment and apply the MS05-039 update to your systems as soon as possible. I can not emphasize enough how critical this. The last thing that we want is a viral infection impacting our clients, clogging up our network, and preventing business from continuing. The simplest way to keep our enviroment safe from these viruses is to apply the MS05-039 patch.

References:
MS05-039 Security Bulletin
WORM_RBOT.CBQ
WORM_ZOTOB.D
CNN Story
MSNBC Story
Comments 
17th-Aug-2005 07:11 pm (UTC)
[info]zarchasmpgmr
My company got hit hard overnight.

Corporate standard has been W2K. When I got my new laptop, I said "leave it alone, I want WXP".

But the corporate dingleheads say not to install SP 2, because it "breaks things". Seeing some of the software I'm forced to run, entirely understandable. (Including some web-based Java crap that only runs on M$'s piece o' crap JVM, not J2RE.)

Our corporate IT staff is populated by turkeys. There was one good local guy, but when we bought out a company that had an office 5 minutes from his house, surprisingly he decided to transfer over there.

I can't do anything right now; all the VPN's are shut down. So I'm reading LJ. :-)
17th-Aug-2005 07:52 pm (UTC)
[info]rialtus
Wait, so your laptop has XP or W2K? I ask because the viruses only hit W2K systems,a n I would hope that even the corporate dinglehaeads would have at least allows W2K SP4 to be applied...

XP is vulernable, but can not be exploited remotely. The update is only available for XP SP1 or higher though. And, of course, if you have XP SP1a or a clean XP SP2 install, you don't have the MS JVM anyway...
17th-Aug-2005 08:13 pm (UTC)
[info]zarchasmpgmr
No, I'm running WXP SP1 plus updates. I keep my laptop updated. Ain't gonna hit me.

Someone's gonna get into trouble; the Western Region IT guy has been publishing all the machines that have been infected. Tons of Active Directory servers.

17th-Aug-2005 10:24 pm (UTC)
[info]rialtus
Oof. Hope he's got some sort of automated deployment tool. Of course, dealing with more than 5 Windows machines, you pretty much *have* to have one. =)
17th-Aug-2005 11:23 pm (UTC)
[info]zarchasmpgmr
We do - McCrappee's ePO.

At least 60 machines in the last list (issued at 12 noon PDT).

Hmmmm....police helicopter's flying around outside...I'll go check it out.
Leave a Comment to the Entry
Profile
User: [info]rialtus
Name: Rialtus
Page Summary
Latest Month
June 2009
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Links
Search
Entry Tags
This page was loaded Nov 11th 2009, 11:06 am GMT.