Back in November I said an exploit based on the vulnerabilities in MS08-067 could become Code Red 2008. (Remember the Code Red worm of 2001 - I guess I'm dating myself.) Well, conservative estimates put the number of computers infected with variants of Conficker/Downadup at 10 times (and maybe 30) as many as infected by Code Red at it's peak. I hope that all of you followed my advice back in November: "Don’t wait till next Patch Tuesday to update your systems." Here are some resources my MVP contact at Microsoft has asked that us Security MVPs share:
MS08-067
Malicious Software Removal tool
History: Win32/Conficker.B
It doesn't take rocket science to address this problem. I've only heard of problems with this update from one person on my list. It's just a matter of getting it done. The Microsoft malicious software removal tool (link above) is useful for fixing infected systems and of course there are free removal tools from other AV vendors but becareful since I've monitored discussions indicating that some of those install or leave behind other junk you don't want.
This goes to show that there are some patches that need to circumvent environment testing. I'm still surprised when I learn of companies in my audits that have not option in their patch management evaluation cycle for pushing patches out immediately. This needs to be an option especially when details of the exploit are public and/or being used in attacks - that's why I feature those 2 facts so prominently in my Patch Tuesday chart.
Jason Miller from Shavlik (makes Patch Tuesday updates like this possible) will be doing a new webinar on Conficker/Downadup: "Shavlik Simplifies Protection Against Downadup Worm". I think this will be a more product focused event but worthwhile attending because you really need more than just WSUS to keep systems up-to-date and secure. While your budgets may have been cut - your security requirements haven't so you have to do more with less and Shavlik solutions help you do that.
Please register now for it at: http://www.ultimatewindowssecurity.com/nextcodered/request.asp .
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Subscription Information
You can unsubscribe below but try fine-tuning what type of information I send you. I have 5 different categories emails I send out - you can choose which to receive.
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.
No comments:
Post a Comment