The database components on every Windows machine have a newly discovered security flaw. Get all of your machines updated ASAP.More info:
Title: Microsoft Windows Security Bulletin Summary for January 2004
Issued: January 13, 2004
Version Number: 1.0
Bulletin: http://www.microsoft.com/technet/security/bulletin/winjan04.asp- --------------------------------------------------------------------
Summary:
========
Included in this advisory is an update for a newly discovered vulnerability in Microsoft Data Access Components (MDAC).
This vulnerability is rated Important.MS04-003 - Buffer Overrun in MDAC Function Could Allow Code
Execution (832483)- Affected Software:
- Microsoft Data Access Components 2.5 (included with Microsoft Windows 2000)
- Microsoft Data Access Components 2.6 (included with Microsoft SQL Server 2000)
- Microsoft Data Access Components 2.7 (included with Microsoft Windows XP)
- Microsoft Data Access Components 2.8 (included with Microsoft Windows Server 2003)- Impact: Remote Code Execution
- Version Number: 1.0
Update Availability:
===================
An update is available to fix this vulnerability. For additional information, including Technical Details, Workarounds, answers to Frequently Asked Questions, and Update Deployment Information please read the Microsoft Windows Security Bulletin Summary for January at: http://www.microsoft.com/technet/security/bulletin/winjan04.asp
posted by Richard 5:22 PM
Windows Updates
You can't rely on the automatic Windows Critical Updates mini-application to get the latest updates for Windows. This is the icon that appears in your system bar (near the clock) to let you know there's a critical update.
It may be due to the fact that Microsoft's servers are under heavy load due to the current round of virus's that are forcing people to run Windows Update. Or it may be due to some other problem or flaw (or "feature").
Therefore, I suggest you manually run Windows Update (open Internet Explorer, click TOOLS / WINDOWS UPDATE) frequently. During heavy virus/worm attacks like we are seeing over the last few days, you should do it every day when you start using your computer, before you startup your email program.
posted by Richard 3:44 PM
Sobig.F virus attack slows email and webservers worldwide: (yes, "worldwide" includes yours, too)
Q: Why is my mail downloading so slowly?
Q: Why can't I connect to my email server?
Q: Why am I getting so many spam messages?
Q: What is this message subject: "Wicked screensaver"
Q: What is this message that says "...see the attached file for details"
Q: Why am I unable to reach some servers on the internet?
Q: Why is my internet connection so slow?
A: The sobig.F virus is sending so many copies of itself out by email, that it is grinding the internet and all mailservers to a halt or causing them to run very very slowly. It is also creating a huge amount of network traffic, and that is making everything on the internet slow. This is not the same attack as last week's worm (msblaster), it's a new one that started Monday 08/19.
You can't do anything about the mailserver slowdown (because even if you're not directly involved, you are still going to experience the slowdown on your mailserver) or on the internet.
If you have a rules-based email-client such as the full version of Outlook, you can create rules to delete or move subject or body contains: Wicked Screensaver, and subject or body contains: see the attached file for details, to your junkmail or delete folder.
More info here
posted by Richard 5:22 PM
Here's how to deal with the MSBlaster Worm:
Microsoft site
Symantec Site
posted by Richard 4:04 PM
Microsoft is issuing repeated warnings (see the Aug 3rd article below) about systems that have not been patched recently with the 7/16/2003 patch. This is because the FBI is seriously concerned that this vulnerability will be used by terrorists in the VERY NEAR TERM to take down the internet.
The FBI has detected practice attacks already, and software has been distributed by hackers to simplify the use of this attack by even inexperienced hackers.
It is imperative that all systems at your office and at home be checked by running Windows Update until there are NO available updates (the only exception is for Windows 98 computers which will show various foreign language updates which are not necessary).
Do not miss ANY computers. Since home systems often have work access, they could be used to attack your office network if they are unprotected. The computer that you "don't care about" (old computer on network that is rarely used, kid's computer, etc.) can be used to attack your other computers. One weak link in the chain is all that is required to break into your entire system.
I also strongly recommend that Zone Alarm, Zone Alarm Pro, or Symantec Norton Internet Security be installed on every computer in your home and office (servers are an issue for discussion, however).
Your home computers MUST have a NAT router such as the Linksys DSL/Cablemodem router installed between the computers and the DSL or cablemodem connection. Computers without this have a 100% infection rate!
An antivirus program with a *current* virus subscription is a must for every computer at work and home. If the virus-update subscription has run out, the antivirus program is completely worthless as a protection measure. If you don't know, then you probably have an expired subscription.
I also strongly recommend that you download SpyBot and run it on your computers, either weekly or monthly: SpyBot at Download.com. It will remove the trojan and spyware programs that are not viruses. I have NEVER seen a system on which Spybot didn't find anything (except servers on which email and browsers have never been used). (The truly paranoid run Spybot, AdAware, and PestPatrol).
Please don't wait - the time to check your security is now.
posted by Richard 7:28 PM
I received this advisory from Microsoft. It is the most serious warning Microsoft has ever issued.
On July 16, 2003, Microsoft® released a critical security bulletin (MS03-026) and a software patch (http://go.microsoft.com/?linkid=210348) to address a vulnerability in the Windows® operating system that could allow code execution. The incident has been widely reported in the press and the patch has been made available to Microsoft customers and partners.
If you were not aware of this bulletin and corresponding patch, we urge you get the information now (http://go.microsoft.com/?linkid=210349) and determine if you are running an affected version of the Windows operating system. If your systems are vulnerable, please apply this patch as soon as possible. We also encourage you to contact your customers and advise them of the Microsoft bulletin and corresponding patch.
Although we encourage you to pay attention to all security bulletins and to deploy patches in a timely manner, we want to call special attention to this particular instance. We have become aware of some activity on the Internet that we believe increases the likelihood of exploiting this vulnerability. Specifically, code has been published on several Web sites that would allow someone to spread a worm or virus that takes advantage of the vulnerability in question, thereby affecting your computing environment.
It is our goal to produce the most secure and dependable technology possible, but we become aware of these types of vulnerabilities. To minimize the risks of such vulnerabilities to your computing environment, we encourage you and your customers to subscribe to two services that Microsoft provides:
* The Windows Update service (http://go.microsoft.com/?linkid=210350)
* The Microsoft Security Notification service. (http://go.microsoft.com/?linkid=210351)
By subscribing to these two services you will automatically receive information on the latest software updates and the latest security notifications, improving the likelihood that your computing environment will be safe from worms and viruses.
We apologize for any inconvenience the implementation of this patch might cause but appreciate you taking the time to update your system.
Thank you,
Microsoft Corporation
posted by Richard 6:03 PM
Windows 2000 Service Pack 4
Microsoft has released Windows 2000 Service Pack 4. This means that if you are about to install some new machines, you'll only have one patch to get your machine updated.
It is recommended that all Windows 2000 admins begin updating their systems, and complete the updates next week.
posted by Richard 5:52 PM
WINDOWS CRITICAL UPDATES:
Have you checked all your workstations? Make sure automatic updates is running on all your workstations. There was a new security patch - make sure your users aren't ignoring the critical updates icon.
posted by Richard 1:49 PM
SPAM TOOLS: EVALUATION RESULTS:
QURB: I used QURB for about two weeks, but finally uninstalled it. The problem is that by nature, it moves messages from new contacts (ie, non-contacts) into the Qurb quarantine (suspected junk) folder. If you get mail from prospective clients the emails go into the suspected junk folder. The automatic request for confirmation feature in theory could resolve this (Qurb can optionally request a confirmation from all unknown senders, and if they respond, automatically move the original email back into your inbox). However, in practice, I have several email accounts (addresses), and Qurb always responds from only one of them. So if someone writes to me as webmaster at techIII, they might get a confirmation request from richard at techIII. Furthermore, if they are spam senders, they now have just gotten another of email addresses! Also, the confirmation request can be customized but not per email account, so you can't send the right customized request to the right people. Without the confirmation feature, it really didn't save me much time, because I already handle a lot of common senders via Outlook rules, moving them into their own folders. Unfortunately, you can't control in what order the Qurb rule runs versus other rules, so email for which I had a rule set up might wind up going into quarantine.
I HATE SPAM: This program would not install properly. The maker is working on the problem. I have about 10 PST (personal folder files) and over 100 folders. I HATE SPAM couldn't handle it.
So I'm back to just my rules again... If you have a simpler setup, or you think my problems wouldn't apply to you, you can try either/both of these products for 30 days free.
posted by Richard 1:46 PM