[OPLINTECH] Alert:Make sure you patch your systems!

JKENZIG JKENZIG@cuyahoga.lib.oh.us
Thu, 11 Dec 2003 16:01:29 -0500


http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS
03-049.asp

>From Eweek
Larry Seltzer: Security Update
No New Vulnerabilities, But Definitely Time To Patch!
Even though Microsoft announced recently that no new security bulletins
<http://eletters.eweek.com/zd1/cts?d=79-362-5-8-69236-43245-1> are scheduled
for December, other news has emerged that makes it urgent for you to
re-check the status of your systems and make sure that certain patches are
applied. This goes double for systems on the Internet periphery of your
network. 
Researchers at Core Security Technologies have discovered a new way to
launch a previously disclosed attack on Windows
<http://eletters.eweek.com/zd1/cts?d=79-362-5-8-69236-43248-1>. The new
attack is fast and remotely-based, so the potential is there to attack large
numbers of systems quickly. Microsoft had listed in their security bulletin
several potential workarounds that could protect users even without the
security patch, but the Core findings circumvent these workarounds. The only
safe way to proceed is to apply the patch. 
The vulnerability, a buffer overflow in the Windows Workstation service, is
particularly serious because it can be invoked over the network without the
user performing any action to permit the attack. It also appears that the
technique discovered by Core could serve to circumvent similar workaround
procedures for other Windows vulnerabilities. 
But if you have applied the patch for this vulnerability
<http://eletters.eweek.com/zd1/cts?d=79-362-5-8-69236-43251-1>, released
about a month ago, you are protected from this attack. Time to get moving
and update those systems. You've been warned.