Here We Go Again: Microsoft Issues New Security Fix

Joshua · 09-11-2003, 11:29 AM

I am posting this here since it looks to be just as bad as the Blaster/Welchia exploit.. EVERYONE, RUN WINDOWS UPDATE NOW!!

-------------------------------------------------

by Paul Thurrott, thurrott@winnetmag.com

Here We Go Again: Microsoft Issues New Security Fix
In July, Microsoft released a critical security fix, warning users
that attackers could use the specified vulnerability to take over
users' systems and wreak havoc on the Internet. A month later the
infamous MSBlaster worm exploited that vulnerability. Yesterday,
Microsoft released another critical security fix that fixes a
vulnerability that's painfully similar to the one that led to
MSBlaster. If you didn't feel sufficiently warned the first time
around, take this warning to heart: You need to install this fix
immediately.
The fix, one of three detailed in Microsoft Security Bulletin
MS03-039 (Buffer Overrun In RPCSS Service Could Allow Code Execution),
supersedes and includes the fix for the earlier vulnerability,
detailed in Microsoft Security Bulletin MS03-026(Buffer Overrun In RPC
Interface Could Allow Code Execution). As with the original
vulnerability, the new vulnerability that MS03-039 fixes involves the
remote procedure call (RPC) technology in various Windows NT-based
Windows versions, including Windows Server 2003, Windows XP, Windows
2000, NT Workstation 4.0, NT Server 4.0, and NT Server 4.0, Terminal
Server Edition (WTS).
If you have a recent Windows version, you can simply download the
patch from Windows Update or Auto Update, features that are included
with your OS. For more information about the security patch or the
other tools Microsoft offers to protect your system, visit the
Microsoft Web site.
http://www.microsoft.com/technet/sec...n/ms03-039.asp

topane · 09-11-2003, 12:01 PM

Isn't this a repost?

Joshua · 09-11-2003, 12:08 PM

No.. A new one if you can believe it.

Jenny · 09-11-2003, 12:25 PM

did it last night

nickel · 09-11-2003, 12:40 PM

Quote:

Originally posted by Jenny
did it last night

me 2

nickel · 09-11-2003, 01:28 PM

Quote:

Originally posted by chosenfool

so much for NOT catching a virus....

aw.... too bad for you. go see your Doc asap.

eSDee · 09-12-2003, 01:29 AM

You might want to make this a sticky

bachviet · 09-12-2003, 08:01 AM

All my computers are batched!

billxp · 09-15-2003, 05:55 PM

Gibson Research has a nice little app that will turn of Dcom once and for all. Which is good if you don't need it.
Get it here http://grc.com/dcom/

Booyamos · 09-20-2003, 04:34 PM

oh my god I want to break computers. This is such a pain for us at work. Stupid faculty and staff don't understand that leave your computer on at night means: LEAVE YOUR COMPUTER ON AT NIGHT. We push out the patches when they leave but half the danged professors turn everything off. Ugh. These security fixes and viruses are such a pain.

ArkiStan · 10-10-2003, 09:11 AM

How can I check if I've already done this? I searched for available critical updates and got (0). Does that mean I've installed it?

Joshua · 10-29-2003, 09:03 PM

Looks like we can take this down now.

09-11-2003, 11:29 AM	#1
Joshua Rear Admiral Upper Half Join Date: Jan 2001 Location: Long Island, NY Posts: 3,390	Here We Go Again: Microsoft Issues New Security Fix I am posting this here since it looks to be just as bad as the Blaster/Welchia exploit.. EVERYONE, RUN WINDOWS UPDATE NOW!! ------------------------------------------------- by Paul Thurrott, thurrott@winnetmag.com Here We Go Again: Microsoft Issues New Security Fix In July, Microsoft released a critical security fix, warning users that attackers could use the specified vulnerability to take over users' systems and wreak havoc on the Internet. A month later the infamous MSBlaster worm exploited that vulnerability. Yesterday, Microsoft released another critical security fix that fixes a vulnerability that's painfully similar to the one that led to MSBlaster. If you didn't feel sufficiently warned the first time around, take this warning to heart: You need to install this fix immediately. The fix, one of three detailed in Microsoft Security Bulletin MS03-039 (Buffer Overrun In RPCSS Service Could Allow Code Execution), supersedes and includes the fix for the earlier vulnerability, detailed in Microsoft Security Bulletin MS03-026(Buffer Overrun In RPC Interface Could Allow Code Execution). As with the original vulnerability, the new vulnerability that MS03-039 fixes involves the remote procedure call (RPC) technology in various Windows NT-based Windows versions, including Windows Server 2003, Windows XP, Windows 2000, NT Workstation 4.0, NT Server 4.0, and NT Server 4.0, Terminal Server Edition (WTS). If you have a recent Windows version, you can simply download the patch from Windows Update or Auto Update, features that are included with your OS. For more information about the security patch or the other tools Microsoft offers to protect your system, visit the Microsoft Web site. http://www.microsoft.com/technet/sec...n/ms03-039.asp __________________ The Apexer formerly known as SnotRocket. "Like I **ing said, "Ok, so I hear it may be a repost. Blah But I had never seen it, so..." ** you Canta." -Jenny 12/4/2003

09-11-2003, 12:01 PM	#2
topane turducken all the time Join Date: Dec 2000 Location: Between the wheels Posts: 5,055	Isn't this a repost? __________________ Shall we buy a new guitar? Shall we drive a more powerful car?

09-12-2003, 01:29 AM	#7
eSDee Old Skooler Numba 1 Join Date: Nov 2000 Location: Diego Posts: 10,063	You might want to make this a sticky __________________ ~~~~~~~~~~~~ 3 days ~ Willie Nelson 3 days I dread to see arrive 3 days I hate to be alive 3 days filled with tears and sorrow yesterday today and tomorrow

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

09-11-2003, 12:08 PM	#3
Joshua Rear Admiral Upper Half Join Date: Jan 2001 Location: Long Island, NY Posts: 3,390	No.. A new one if you can believe it.

09-11-2003, 12:25 PM	#4
Jenny Chief of Naval Operations Join Date: Mar 2000 Location: Kansas City area Posts: 10,947	did it last night

09-12-2003, 08:01 AM	#8
bachviet What's Da Pho*? Join Date: Aug 2001 Location: SoCal (714) Posts: 13,296	All my computers are batched!

09-15-2003, 05:55 PM	#9
billxp Lieutenant Commander Join Date: Sep 2000 Location: NY Posts: 518	Gibson Research has a nice little app that will turn of Dcom once and for all. Which is good if you don't need it. Get it here http://grc.com/dcom/

09-20-2003, 04:34 PM	#10
Booyamos Commander Join Date: Jun 2000 Location: Boston, MA Posts: 1,277	oh my god I want to break computers. This is such a pain for us at work. Stupid faculty and staff don't understand that leave your computer on at night means: LEAVE YOUR COMPUTER ON AT NIGHT. We push out the patches when they leave but half the danged professors turn everything off. Ugh. These security fixes and viruses are such a pain.

10-10-2003, 09:11 AM	#11
ArkiStan Admiral Join Date: May 2000 Location: Recession Central Posts: 5,898	How can I check if I've already done this? I searched for available critical updates and got (0). Does that mean I've installed it?

10-29-2003, 09:03 PM	#12
Joshua Rear Admiral Upper Half Join Date: Jan 2001 Location: Long Island, NY Posts: 3,390	Looks like we can take this down now.

User Name
Password
Remember Me?