?

Log in

No account? Create an account

Previous Entry | Next Entry

Virus / MS05-039 update

In case you haven't heard, there are now several different viruses in the wild that are using the MS05-309 vulnerability to infect and propagate. Two of these viruses -- WORM_RBOT.CBQ and WORM_ZOTOB.D -- went in the wild today, and causes infected systems to reboot. This is similar to the Sasser and Blaster worms.

Some companies have not been successful in protecting their environment. CNN is reporting that "Among those [companies] hit were offices on Capitol Hill, which is in the midst of August recess, and media organizations, including CNN, ABC and The New York Times. The Caterpillar Co. in Peoria, Illinois, reportedly also had problems." I have unofficial information that the County of San Diego and Small Business Association in Los Angeles were also impacted.

So, what can you do? If you support your own systems for security updates, help us protect the computing environment and apply the MS05-039 update to your systems as soon as possible. I can not emphasize enough how critical this. The last thing that we want is a viral infection impacting our clients, clogging up our network, and preventing business from continuing. The simplest way to keep our enviroment safe from these viruses is to apply the MS05-039 patch.

References:
MS05-039 Security Bulletin
WORM_RBOT.CBQ
WORM_ZOTOB.D
CNN Story
MSNBC Story

Comments

( 5 comments — Leave a comment )
zarchasmpgmr
Aug. 17th, 2005 07:11 pm (UTC)
My company got hit hard overnight.

Corporate standard has been W2K. When I got my new laptop, I said "leave it alone, I want WXP".

But the corporate dingleheads say not to install SP 2, because it "breaks things". Seeing some of the software I'm forced to run, entirely understandable. (Including some web-based Java crap that only runs on M$'s piece o' crap JVM, not J2RE.)

Our corporate IT staff is populated by turkeys. There was one good local guy, but when we bought out a company that had an office 5 minutes from his house, surprisingly he decided to transfer over there.

I can't do anything right now; all the VPN's are shut down. So I'm reading LJ. :-)
rialtus
Aug. 17th, 2005 07:52 pm (UTC)
Wait, so your laptop has XP or W2K? I ask because the viruses only hit W2K systems,a n I would hope that even the corporate dinglehaeads would have at least allows W2K SP4 to be applied...

XP is vulernable, but can not be exploited remotely. The update is only available for XP SP1 or higher though. And, of course, if you have XP SP1a or a clean XP SP2 install, you don't have the MS JVM anyway...
zarchasmpgmr
Aug. 17th, 2005 08:13 pm (UTC)
No, I'm running WXP SP1 plus updates. I keep my laptop updated. Ain't gonna hit me.

Someone's gonna get into trouble; the Western Region IT guy has been publishing all the machines that have been infected. Tons of Active Directory servers.

rialtus
Aug. 17th, 2005 10:24 pm (UTC)
Oof. Hope he's got some sort of automated deployment tool. Of course, dealing with more than 5 Windows machines, you pretty much *have* to have one. =)
zarchasmpgmr
Aug. 17th, 2005 11:23 pm (UTC)
We do - McCrappee's ePO.

At least 60 machines in the last list (issued at 12 noon PDT).

Hmmmm....police helicopter's flying around outside...I'll go check it out.
( 5 comments — Leave a comment )