Latest M$ Security patches- "Evil" Bug.

[Soapy Sam]

I get a weekly email from PC Advisor magazine.
It just included the following notification about some Windows patches.
Not sure what to make of it really.

http://www.pcadvisor.co.uk/news/index.cfm?newsid=112487

Microsoft patched seven vulnerabilities in Windows, including one marked 'critical', in its Patch Tuesday updates for March, released yesterday.

Of the three security updates the most serious, and the one to patch first, is MS09-006, researchers said. That update, which contains three separate vulnerabilities, contains the month's single critical bug.

 

[GreNME]

I get a weekly email from PC Advisor magazine.
It just included the following notification about some Windows patches.
Not sure what to make of it really.

http://www.pcadvisor.co.uk/news/index.cfm?newsid=112487

I read the PC Advisor article, as well as checking out the MS bulletins and even looking at the site of the company that the article was getting all of its information. While the patches are definitely something I'd suggest Windows users install, I think that the article is making mountains out of molehills.

Most of the patches out there being made are to block or remove the ability for remote code execution. That's pretty much the only way that any operating systems out there-- Windows, Mac, and Linux-- can be exploited now that the abundance of computers out there are firewalled and have open ports set to minimums. Receiving regular updates and patches to help prevent remote code exploits is a good thing, because I can practically guarantee that there are thousands of hands tapping away at keyboards right now trying to find the next exploit to take advantage of as many computers as possible to whatever ends they might have (whether spyware or adware or just people wanting to see how many computers they can break into).

I'd say that it's a good idea to install the patch, but it's not much to worry about. Most malware writers are focused on exploiting web browsers nowadays because it's easier to use the weakest link for breaking into computers: the users behind the keyboard. More and more those types are looking for as much cross-browser capability as possible, too, because more and more people are using different web browsers.

 

[Dancing David]

Well, it is a huge vulnerability in my schools district. As most staff do not update Windows on a regulat basis, the AV may or may not be up to date and then everybody seems to do things they shouldn't.

This weeks worm is called IRCbot.CKA by Panda, it effect machines that have not updated the AV, like one that doesn't get logged on for two weeks or something.

And then we all carry the buggers around on our flash drives.

I am in the process of intsalling at least one patch in both my schools right now. It would help if staff would update Windows and scan their machines.

It would also help if students and staff would stop doing things they aren't supposed to do. Like use personal laptops on the network.

We are likely to go to KIOSK/internet cafe mode to help the situation, it would reset the whole system everyday and download at least the critical updates. Staff will be upset because it will wipe local files everyday as well.

 

[a_unique_person]

I don't know why open ports should be such a problem. If there is nothing there to respond to activity on that port, then nothing can happen?

 

[KoihimeNakamura]

You can hook into the computer with some exploiots:

DD: Is there anyway to simply MAC filter the connections and (..okay, not simply, that would be a nightmare) and force download and install of the updates on bootup?

.. well, probably not. Still, that's what my high school ended up doing.

 

[Dancing David]

That would be nice, but my school's distrcit doesn't have enough IT staff. And they chose panda becaus eit was cheap, after running the network for 6 months without any service for AV

We are considering moving to KIOSK/ internet cafe images.

http://www.microsoft.com/windows/products/winfamily/sharedaccess/seeit/internetcafe.mspx

 

[GreNME]

I don't know why open ports should be such a problem. If there is nothing there to respond to activity on that port, then nothing can happen?

The problem is that while there are fairly standard ports, not all software follows those standards. Add to that the fact that any two given computers used by two separate people with the same base packages will not have the same level of installed software a month later (provided the users can install), and the variables go up considerably as to whether a port may or may not be a vector for exploitation. A consistent approach to security to address this problem is to have all ports closed except those which need to be open, thus lowering the number of variables to a known quantity.

Incidentally, I personally think that this type of thinking should apply to software as well, which is why I'm a big advocate of application filtering as a preventative measure over the constantly-updating A/V database. A solution that could mix app filtering and heuristic scanning of files that access ports or system processes could at least have the same efficacy as the higher-end A/V software out there, likely with lower overall footprints.