Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafemuddy

Post to this Thread - Sort Descending - Printer Friendly - Home

Tech: Microsoft's current vulnerability

Acme 24 Oct 08 - 03:19 PM
gnu 24 Oct 08 - 03:24 PM
Bonzo3legs 24 Oct 08 - 03:50 PM
Jack Campin 24 Oct 08 - 03:57 PM
JohnInKansas 25 Oct 08 - 07:56 AM
Acme 28 Oct 08 - 11:54 AM
JohnInKansas 29 Oct 08 - 10:40 AM
JohnInKansas 29 Oct 08 - 10:44 AM
Acme 29 Oct 08 - 11:07 PM
JohnInKansas 30 Oct 08 - 12:10 AM
Share Thread
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:

Subject: Tech: Microsoft's current vulnerability
From: Acme
Date: 24 Oct 08 - 03:19 PM

These things come along periodically, so I've given this thread
a fairly generic name and will refer back to it with future
questions or alert commentary.

For now, a high priority announcement came out at the university where I work about updates due to a new Microsoft vulnerability - MS08-067. They're pushing this through fast, and I also had an update to download this morning on my home computer (via the alert system) as soon as I turned it on.

Maybe with finances going to Hell in a Hand-basket and politics boiling away on the front burner, this slipped past the IT reporters, but I wonder what it is? I searched at Google News and found a site with some technical gibberish.

Here it is.

How does this translate in the real world today? Is there something going on that maybe we should hear about instead of second-guessing what Greenspan knew or didn't know today?

This is the message we received at work:

    ISO Alert (Microsoft Vulnerability - MS08-067) - IMMEDIATE ATTENTION REQUIRED!

    Why Are We Issuing This Alert?

    Periodically, security issues are identified that could allow malicious attacks involving previously unknown security vulnerabilities on some computers running the Microsoft Windows platform. Once such vulnerability has recently been announced and impacts all Microsoft Windows systems on campus. The Office of Information Technology (OIT) offers services to protect UT Arlington information resources against such malicious activities and will automatically keep your computer protected. All computers should already be subscribed to these services. However, please follow the steps below to confirm that your computer is protected. Subscribing to these services is a relatively easy task and will ensure that all computing equipment is protected with approved vendor updates and antivirus definitions on a timely basis, making your computing equipment as secure as possible.

    What can you do?
    Step 1: Confirm that Automatic Updates are properly configured.

    For all UTA Faculty and Staff computers only!

  • On the taskbar, click Start, and then click Run.
  • In the Run dialog box, type wuaucpl.cpl
  • Click OK.
  • An automatic updates dialog box will be displayed. If all of the options are 'grayed out' then your system is properly configured and you can continue to Step 2.
  • If the options are not 'grayed out' then Click Here to subscribe to the update service.
  • If you are uncomfortable with performing this step or experience any technical difficulties, please call the OIT Helpdesk at x.22208.

    For all Student and Personal computers
  • Due to the number and type of updates that get released, it is recommended that all students and users of personal computers utilize the other automated method of updating. Click Here to go to the Windows Update site. Scan for updates and then review and install all critical updates.

    Step 2: Confirm that the virus definitions on your computer are current.

  • In the system tray (lower right hand corner of screen) double click on the antivirus icon. It will look like this à .
  • The software dialog box will be displayed. If the date for Antivirus and Antispyware Protection is NOT at least Thursday, October 23, 2008 r41 then click on the "Live Update" button and follow the prompts.
  • If you are uncomfortable with the live update process or experience any technical difficulties, please call the OIT Helpdesk at x.22208.

    Step 3: Install security update and then restart your computer!

  • All UT Arlington computers that are subscribed to the protection services will be automatically updated this morning.
  • You will see an icon appear in your system tray notifying you of the update. It will look like this à.
  • Double click on this icon and follow all instructions. After your computer has been updated it will require it to be restarted.
  • If you are uncomfortable with the update process or experience any technical difficulties, please call the OIT Helpdesk at x.xxxxx.
    NOTE: If you would like to manually install the software upgrade please Click Here and follow the instructions. The manual step is only made available for those that need additional technical support and should not be used by the general campus user.

    Following these simple steps will help ensure that your computing equipment will continue to be as secure as possible.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Microsoft's current vulnerability
From: gnu
Date: 24 Oct 08 - 03:24 PM


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Microsoft's current vulnerability
From: Bonzo3legs
Date: 24 Oct 08 - 03:50 PM

I always keep an old laptop running XP completely free of updates, so that I can still strip DRM from BBC Iplayer downloads.

Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Microsoft's current vulnerability
From: Jack Campin
Date: 24 Oct 08 - 03:57 PM

Googling "Microsoft Vulnerability - MS08-067" it seems to be for real.

I am *so* glad I don't use MS products.

Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Microsoft's current vulnerability
From: JohnInKansas
Date: 25 Oct 08 - 07:56 AM

The vulnerability is real, but as yet has not been publicly described. Apparently Microsoft, in this case, wanted to get a patch out before the whole world had the details about the vulnerability.

The security bulletin linked by Jack may look pretty alarming for those who don't follow the news; but those who look at Microsoft bulletins fairly regularly will recognize pretty much the same "boilerplate" stuff that's in them all. The "fill-in-the-blanks" spots here are the insertion of "specially crafted RPC query." The "sameness" of all Microsoft Bulletins makes it hard to get up a good panic here.

"Official" word is that there have been NO REPORTS of anyone exploiting the vulnerability, but the "out of sequence" patch implies that it might be fairly easily used for malicious purposes once it is "announced" and described.

Microsoft releases critical patches normally on the first Tuesday(?) of each month. This patch was distributed beginning on Tuesday of this week, which ain't the first Tuesday of this month. Until distribution is completed (to about 300 million computers) no public release of details should be expected. It may be assumed that details have been - and/or are being - given to those in the anti-malware business who need to know what's going on.

The only thing currently known that is "unique" about this patch is that Microsoft is departing from their normal schedule for its distribution. Thus far, Microsoft has not indicated why they chose this "unusual" schedule.

The last previous "out of schedule" patch was about a year ago. Before that, it may have been more common it has been recently.

The obvious assumption might be that this patch fixes some truly deadly and easily exploited vulnerability, and they felt the need to get it out as quickly as possible.

There are numerous other possible reasons.

1. The last scheduled patch was a really enormous bundle - at least for WinXP (a few hundred MB, in a half dozen separate installs). They might have found an "OH SH*T!" in that package, and want to get it fixed before too many people find out that they slipped up.

2. They might just want to get this patch out of the way before the next-scheduled "enormous bundle" starts delivery?

3. This was supposedly a "privately reported vulnerability." At present, it's likely that Microsoft and the "private person" who reported it are the only ones who know how to make it work. "Private persons" who report vulnerabilities have been known to say "fix it quick or I'll use it" ... or "I'll publish it." (Maybe they're just trying to keep a good customer happy.)

4. ... Fill in the blanks with the other reasons you can dream up ... It'll keep everyone busy until they let us know (if they ever do) what the real reason(s) were.

In the meantime - Surf Safely and DON'T BE STUPID while you do it.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Microsoft's current vulnerability
From: Acme
Date: 28 Oct 08 - 11:54 AM

There was another update this morning, but it was a bit different this time. This payload came with a new annoying little program called Windows Search. Several of my monitoring programs told me there was a change but I clicked it through as the computer updated itself, figuring IE and such were updated.

At restart Windows Search launched itself first in my task bar. I clicked to close it, and it wouldn't go away. I opened my Control Panel and opened up Mike Lin's little Start-up program and unchecked the line for Windows Search, but nothing popped up (WinPatrol usually asks me if I want to make this registry change). It didn't go away.

I restarted the computer, and it was still there. I opened up Start-up and it was still unchecked, but clearly using this to get it out of that lineup wasn't working this time, it was embedded in some other start menu (how is that? What and where is it?)

When I moused over Windows Search it gives me various choices, including "index now." And when you open the program it offers to look for stuff in your computer. But Windows Explorer already does that, and there is also a Search option when you open the Start menu.

It has been my experience that when programs that want to "index" the contents of your computer come on board that they are oppressive and slow. I updated my Nero software from 6 to 8 about a year ago and it slowed a lot. I searched around and found that not only had it changed how some programs worked (they didn't) it slowed everything as it busily watched were everything was in case I might decide to run a search for something so it could go to work. I uninstalled the Nero 8 and reinstalled Nero 6.

Makes no sense to put this in, so I went into Control Panel and uninstalled that little number. I'll be interested to hear if any of the rest of you encounter this little "update" that isn't really an update.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Microsoft's current vulnerability
From: JohnInKansas
Date: 29 Oct 08 - 10:40 AM

PC World magazine has reported that hackers are Rushing to Exploit it.

It has apparently been reported by Microsoft that a few exploits had been seen, and that the existence of attempts to infect was a factor in the decision to make an out of schedule release of the patch.

Additional information in this article:

1. This vulnerability is protected by most firewalls, so any original infection (behind a firewall) must be via "social engineering."

2. Once any machine behind a firewall is infected, the exploits seen thus far can spread between machines on a local network (LAN) where individual computers often do not have individual firewalls.

3. The worm embedded in infected machines has thus far been intended to collect personal information on users, such as passwords and account and credit card information.

4. Instructions for how to exploit the vulnerability have been published on "hackers website(s).

5. Network traffic scanning for vulnerable computers has increased by 25% in the past couple of days. Vulnerable computers are those a.) not behind firewalls and b.) without the patch.

6. Infected machines can be assimilated into botnets controlled by whoever gets an exploit onto the machine.

7. The article does not make clear whether a LAN server can be infected by an infected machine behind the server firewall, but this seems to be implied by descriptions of the vulnerability.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Microsoft's current vulnerability
From: JohnInKansas
Date: 29 Oct 08 - 10:44 AM

My previous post seems to have dropped a lead-in line stating that the comments are about the out-of-schedule patch released officially on Tuesday of this week. It should be obvious, I guess.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Microsoft's current vulnerability
From: Acme
Date: 29 Oct 08 - 11:07 PM

I've resisted downloading and installing a program that our university is encouraging people to use. They've licensed it for home use of employees also--it's called Identity Finder. It's installing right now, and we shall see. I guess the time has come, use it before it's too late. I have a firewall, antivirus, up-to-date patches, etc., but this is something that needs examination also. I guess I'll move any sensitive materials it finds to a disk and keep it outside the computer.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Microsoft's current vulnerability
From: JohnInKansas
Date: 30 Oct 08 - 12:10 AM

PC World has a brief review of Identity Finder published by "Velosecure" that might be of interest if the university hasn't given you info on the program, or that might be interesting to others.

WARNING: The site linked may have a couple of "malformed" ads that you'll need to "click down" - possibly more than once. I've found similar "glitchs" at PC World sites with annoying regularity, although the source is, so far as I know, "mostly trustworthy."

As noted in the PCW review, an individual copy is $40, which is a bit much for what it does (and how well it does it). It might be worth it, if you feel you may have been "a bit sloppy" in the past.

The program only works for Win2K and later, and at 10.6 MB it's not exactly a "tiny" utility. The review indicates a free trial version, but that version only tells you what it found - NOT INCLUDING where the stuff is, and does no removal or protecting of what's found. Since the review indicates that the purchased program found several "false positives" you might find after purchase that some, or most, of what the trial version found isn't actually all that sensitive. (I'd trust the review more if there were associated user comments, perhaps.)

Since I haven't used it, or looked at it in detail, this is NOT A RECOMMENDATION. Just passing on the comment I've seen.

An "instruction" for using the program (presumed to be the same one) is also up at Carnegie Mellon Computing Services that does give quite a few details and some good advice on handling sensitive stuff, but this is just an instruction saying "do it," without much to help an individual decide whether it's worth the price of admission.


Post - Top - Home - Printer Friendly - Translate
  Share Thread:

Reply to Thread
Subject:  Help
Preview   Automatic Linebreaks   Make a link ("blue clicky")

Mudcat time: 19 July 10:11 PM EDT

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.