Tuesday, October 28, 2008

Microsoft vulnerability from Hell

Well, maybe not from Hell, but it's serious enough that Microsoft released an unscheduled patch to cover it. That's very, very unusual. Rich Mogull has a good, short description of the problem:

It’s a nasty vulnerability in the Server service that allows remote code execution without authentication. You should already be blocking TCP ports 139 and 445 at the perimeter, so nothing unusual to change on the firewall.

But this is totally wormable, requires no authentication, and allows arbitrary code execution. It’s the evil trinity of vulnerabilities. Oh, did we mention it’s being actively exploited and that’s how MS found it? This folks, is a true zero day.

So, is this a problem for you? Not if one or more of these apply to you:
  • You're a Mac Fanboy. Go back to sneering at the poor Windows slobs.
  • You're a Linux Fanboy. Go back to explaining to the Mac fanboys that it's actually cooler to recompile your kernel. No, really.
  • You use a company Windows box, but you know that your company's IT keeps up on this.
The rest of you, you're fine if you have a firewall (like a Linksys) as long as the firewall is turned on.

Don't laugh - I have a buddy who used to do security audits for companies. At one, he asked if they had a firewall. They said yes, and then brought in a (powered off, disconnected) firewall box. Seems it had been blocking some stuff, so they took it out. But hey, they had one, right?

If you want to check to see if your firewall is working, there are a bunch of on-line scanning options. One that's been around for quite some time is Steve Gibson's Shields UP! (yeah, it's a little breathless, but the scan works fine. It should only take a few minutes, and if everything's green, you're fine:

2 comments:

Jay G said...

Holy crap. All green.

Gave this report:

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

I have no idea how I did this...

the pistolero said...

Mac fanboy here, though I won't sneer at anyone. ;-) I ran with Windows for years and thought XP was pretty good, actually...but things like this, combined with the other things that have made Vista the clusterf*ck it is, make me glad I went to the Mac when I got in the market for a new computer.