|
For the Good of the Internet, Patch your Windows!
Update posted by Shalome:
So due to the recent Microsoft Security Bulletin regarding the vulnerability of Microsoft RPC (Remote Procedure Call) ports.. please, for the love of the internet, patch your Windows operating system!
Between the botnets that are currently attempting to exploit this hole in the operating system and the general malicious things people can do with this code exploit, it's in your best interest (and the general interest of the internet around you) to patch your system and avoid becoming a victim of what security experts are calling MSBILLY or MSBLASTER.
The guys at DShield.org posted the first analysis of this worm, which does the following damage:
1. SOURCE sends packets to port 135 tcp with variation of dcom.c exploit to TARGET
2. this causes a remote shell on port 4444 at the TARGET
3. the SOURCE now sends the tftp get command to the TARGET, using the shell on port 4444,
4. the target will now connect to the tftp server at the SOURCE.
Keep the internet safe! Patch your systems as soon as possible! If you can't patch your systems, at least block ports 135, 137, 445, and 4444 at your firewalls, both inbound and outbound. If you're in charge of routers and gateways, block these Microsoft ports if you haven't already...
One more update... if you've got this worm, Symantec has released a Removal Tool.
|
