MS03-039 (Security Patch from Microsoft) (1 Viewer)

[Kraig Lang]

For those of you that waited on the MS03-026 patch from Microsoft and were eventually infected with SoBIG.F, Nachi, or MSblast, I recommend you go get this patch (MS03-039)as soon as possible.

I read on Cnet that there are already variants of these worms that may be able to take advantage of the vulnerabilities fixed by this patch.

BTW, getting MS03-026 when it came out saved our 2600 servers from certain death a few weeks ago.

[Edit] Sorry, here's a link to the update site http://v4.windowsupdate.microsoft.com/en/default.asp


Kraig

 

[Kevin P]

For those who don't want to use Windows Update, or have to update multiple systems, I'm providing links to the patches below.

Microsoft Security Bulletin MS03-039 Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)

To download the patch, click on one of the following links for whatever version of Windows you're running. Once the page comes up, the download link will appear in the upper right hand corner of the page. If you're running Windows 95, 98, or ME, you are not affected by this vulnerability. You can also get the patch from Windows Update.

Windows NT Workstation 4.0 (requires Service Pack 6a)
Windows NT Server 4.0 (requires Service Pack 6a)
Windows NT Server 4.0, Terminal Server Edition (requires Service Pack 6)
Windows 2000 (requires Service Pack 2 or higher)
Windows XP (requires Service Pack 1 or XP Gold)

Go here for more information, or for patches for other versions, such as 64-bit Windows XP or Windows Server 2003.

After applying the patch, you will have to reboot. If you're not prompted to reboot, it means the patch was already applied (perhaps through Windows Update).

This patch supersedes MS03-026 which covered the RPC vulnerability that allowed the Blaster worm to spread.

 

[Rob Gillespie]

This will also most likely be the last patch made available for Windows 2000 Service Pack 2.

 

[Kraig Lang]

Thanks Kevin for providing the additional links!!

And everyone, our security group has gotten news that there has been an exploit identified of unknown source, so make sure you patch quickly.

 

[Rob Gillespie]

I reckon the first viruses will be variants on Blaster and Nachi, just using the newly identified vulnerable ports.

 

[Lee L]

FYI, this update was waiting for me this morning via the auto update service on W2K at work.

 

[Kevin P]

For those who haven't patched yet, better do it soon, as it may soon be exploited, and the next Blaster-like worm attack could be upon us in the next few weeks. I'm starting to see TCP port 593 scans on my firewall, so some are already probing for vulnerable systems.

SANS - RPCSS Vulnerability Update

It's easier to patch now, than to cleanup, disinfect and patch compromised machines later!

Run, don't walk, and patch, patch, patch!

 

[John_Berger]

*sigh*

I love my Linksys router/firewall.

 

[Andrew Chong]

Thank-you Kraig and Kevin!

 

[Kraig Lang]

I always prefer hearing about the "It didn't happen to me" stories than the "Now what do I do" stories.

 

[Carl Miller]

I installed this, and the XP Service Pack Microsoft stated was required in order to install some other patch...And then Outlook Express stopped working. The Windows Management accessory program disappeared, and I got runtime errors in Word and Excel. Beautiful.

So I uninstalled the Service Pack, and now Outlook is working, the Win Managment utility is back again and the runtime errors are gone.

I've got Norton Anti-virus to protect me from virus' and worms. I've got ZoneAlarm to protect me from hackers.

Who's protecting me from Microsoft?