[plug] MS vulnerability
Ben Jensz
plug at jensz.id.au
Fri Aug 15 17:20:55 WST 2003
About half of the computers at my work got infested with the .B variant
of Blaster.
It didn't make it in past the firewall, web or via email. It came in
through the one way I wasn't expecting. A certain user decided to take
their laptop home and dial-up with BigPond directly to the internet
without a firewall (don't even get me started) and started getting the
RPC errors with their computer shutting down every 10 minutes, but of
course they didn't come and ask before plugging it back into the network
the next day. It took probably no more than a minute from the person
plugging it in until I pulled the core switch and half of the machines
were infected.
We don't have a Windows server (and still have no intention of getting
one), so updating of Windows without Microsoft's Software Update
Services (SUS - which only runs on their server OS, not even a
left-on-all-of-the-time XP Pro box could be used) is almost a full time
job in itself, so it gets done every couple of months. Also the
anti-virus we use didn't get updated for the variant we got until the
same day we got infected (it was available about an hour before we got
it, so auto-update didn't pick it up in time). My work computer didn't
notice a thing though as I was running Mdk9.1 at the time :)
Laptop users really are annoying, had the same person get two laptops
stolen in the space of 6 months and another one brings a diseased one in
and infects the desktops.... *sighs*
/ Ben
Randal Adamson wrote:
>As for NT4, M$ had stopped supporting it a while ago. 2K will eventually
>follow suit now 2K3 (2003) is out. Who knows how long they will support
>2K for.
>
>For all other (newer versions), all people have to do is:
>
>1) Ensure they have applied the current security patches and fixes
>from M$
>2) Use a Firewall between their PC's and the Internet
>3) Have the latest Virus Definitions with their Anti-Virus Software
>
>Or:
>
>1) Use Linux
>
>:P
>
>I know what I'd choose!
>
>Cheers,
>
>Ranz
>
>
>
More information about the plug
mailing list