Shop Forum More Submit  Join Login

Windows users your attention please

Journal Entry: Mon Mar 19, 2012, 12:33 AM
  • Playing: zippo


I don't know if its escaped your attention or not but over the last several days an undesclosed source amongst Microsoft and its "trusted" partners leaked proof of concept code to a critical vulnerability present in ALL versions of windows. The PoC has been reported on many websites and tech blogs already and its purely a matter of time before some bright light in the Black Hat community develops a worm based on this code. I can't express strongly enough that users of windows read security bulletin MS12-020 technet.microsoft.com/en-us/se… and download and install the relevent patch for their installation of windows. My computers aren't in fact vulnerable as one of the first things I do after installing the OS is to disable the remote features completely. It always struck me as stupid that this service was ON by default, it would have made far more sense to have it purely as an opt in policy rather than have possibly inexperienced users having to hunt it down and disable it.

The patch, for users who can't be bothered reading the knowledge base article is KB2621440 should you prefer to google it.


Add a Comment:
 
:iconwolvenmoon:
Wolvenmoon Featured By Owner Mar 20, 2012  Hobbyist General Artist
The threat of this is minimal for home users because RDP is accessed via a port that isn't forwarded by default in consumer routers.

I'm less concerned about this and more concerned with the recent attack involving the Java VM and loading a virus in to memory.
Reply
:iconkaranua:
karanua Featured By Owner Mar 20, 2012  Hobbyist Digital Artist
Now I've woken up (was in a morphine semi blackout when I replied earlier) I'll just admit that this journal did accomplish what I set out to do that is raise some peoples awareness of the importance of staying up to date with patches for their software. For a lot of people don't need this kind of note, they have the good sense to keep their equipment running smoothly but sadly theres a growing majority that don't heed techniical warnings and notices and therefore leave their systems open to spyware and malware. The recent spate of DDoS attacks around the globe is testament to this. Thankyou for your input I appreciate intelligent response, you clearly stay on top of things. May I suggest a Twit.TV podcast called "Security Now" for updates and the like, I've been getting it since the beginning and its an excellent source of protective info.
Reply
:iconwolvenmoon:
Wolvenmoon Featured By Owner Mar 20, 2012  Hobbyist General Artist
I keep up to date by staying on [link] every day. They're really good for security information, and occasionally they give a bit more than they should (I.E. links to backtrack linux).


Feel better soon!

(Also, not using Java would mean I couldn't play Minecraft, and that's too much to ask! :lol:)
Reply
:iconkaranua:
karanua Featured By Owner Mar 20, 2012  Hobbyist Digital Artist
Yeah, I also use Ars, that article on the anonymous OS was mad to say the least but I happen to know several nutters who will install anything thats free. Frightening.
Reply
:iconwolvenmoon:
Wolvenmoon Featured By Owner Mar 20, 2012  Hobbyist General Artist
I'm not sure who'd actually install that outside of a virtualized environment with no network access. 16 year olds being led around by the nose, maybe. Even Backtrack Linux is getting treated like high explosive by me - it's getting its own VM on its own host machine with its own virtual network before I trust it.
Reply
:iconkaranua:
karanua Featured By Owner Mar 20, 2012  Hobbyist Digital Artist
I don't blame you for your caution, thats why I'm still using a "Trusted" operating system. I still have windows XP x64 server edition installed and I always check the white pages to any update before installing it. Microsofts idea of Critical is a joke when you come to think of it. This prob was partially cured last November when automatic update introduced "Killbits" to tackle the issue, the trouble is many users have automatic update (at whatever terms and conditions) switched OFF. All I was trying to achieve here is the importance of keeping your machine up to date with patches and updates. Ignoring the problem does not make it go away. Ok the rest of us that are in the least security conscious can ignore this.

I have a linux box myself running Astaro Security Gateway, its my front end to the internet after the NAT router.
Reply
:iconwolvenmoon:
Wolvenmoon Featured By Owner Mar 20, 2012  Hobbyist General Artist
I use ClearOS due to price, [link] , it's free and if someone's good enough to get past it, I'm likely in way over my head.


I don't use Internet Explorer, so I'm not sure what Killbits mean to me. My Firefox browser has ran Noscript+adblock for years, and recently I added Ghostery to block ad/social networking sites always.
Reply
:iconkaranua:
karanua Featured By Owner Mar 20, 2012  Hobbyist Digital Artist
I too use firefox with noscript, ghostery, adblock and flashblock. I can honestly say that I've not used IE since I was using win2000 and that was only till I heard of FF.
Reply
(1 Reply)
:iconkaranua:
karanua Featured By Owner Mar 20, 2012  Hobbyist Digital Artist
Theres a very simple solution to that - don't use java. Its been the most prevalent attack vector for the last eighteen months putting MS backdoors in the shade its also supplanted shockwave flash as a vector altho that seems to be on the upswing again.
Reply
:iconmaphisto86:
Maphisto86 Featured By Owner Mar 19, 2012
Thanks for the heads up. I have downloaded the patch you identified for my operating system. It is just the one patch right?
Reply
:iconkaranua:
karanua Featured By Owner Mar 19, 2012  Hobbyist Digital Artist
just the one yes, if you have automatic updates a set of killbits were introduced two months ago paralysing the service but its always best to be safe imho.
Reply
:iconmaphisto86:
Maphisto86 Featured By Owner Mar 19, 2012
Yeah I take the updates for granted. I really should check every time what they are and I usually do but not for this one. I already had it apparently but I appreciate the notice nevertheless.
Reply
:iconulysses-31:
Ulysses-31 Featured By Owner Mar 19, 2012
You'd love Windows Server 2008 R2. It runs pretty much nothing by default and security is all set up to high levels after installation. There's a control panel that lists everything that is installed and running on the system and you can toggle it on and off with ease. Loads of great features - definitely the "professional" version of Windows. This issue aside, I think you'd be quite impressed with it.
Reply
:iconkaranua:
karanua Featured By Owner Mar 19, 2012  Hobbyist Digital Artist
I'll have to speak with my software broker perhaps he could furnish me with a license at a reasonable cost.
Reply
:iconulysses-31:
Ulysses-31 Featured By Owner Mar 19, 2012
I think there's a demo version available, you could try that. The only downside to it really is the fact that while it is essentially a tweaked version of Windows 7, certain software won't install on it (like firewalls - but it has its own so that's not so bad).
Reply
:iconthefirstfleet:
thefirstfleet Featured By Owner Mar 19, 2012
Thanks for the info, downloaded the patches!
Reply
:iconevilestone:
EvilestOne Featured By Owner Mar 19, 2012
I believe it's off by default...I was just trying to get remote desktop working (which it wouldn't) the other day, and had to enable it on both machines.

Regardless, if you keep your computer up to date, you've already gotten and installed the security updates to patch this.

I don't allow auto-update, but I do look at each update and then install it when it comes out, if it's something I want instead of just a buggy new version of IE.
Reply
:iconkaranua:
karanua Featured By Owner Mar 19, 2012  Hobbyist Digital Artist
Its actually set ON by default,a recent patch tuesday disabled it (killbits) which is why you are having issues trying to get it to work. You could try the "go to my pc" service for a safe vpn way of linking machines. This journal entry was for the very many windows users who believe patch tuesday adds more bugs than it fixes and disable the service. Like yourself I have mine ON but set to inform me of any patches (which gives me the option of installing it or not) I use windowsXP (x64) SP2 by the way.
Reply
:iconevilestone:
EvilestOne Featured By Owner Mar 20, 2012
Windows 7 on all mine at the moment, except for a media machine running XP and a linux box.

The article you linked said it was off by default...it doesn't work regardless, so I expect it's fairly safe now.
Reply
:icontimekeeper9:
Timekeeper9 Featured By Owner Mar 19, 2012
Thanks for the heads up Dave!
Reply
:iconkaranua:
karanua Featured By Owner Mar 19, 2012  Hobbyist Digital Artist
You're always welcome my friend, I hate to see people stung by this shit due to lack of info circulation.
Reply
:icongekiganfan:
Gekiganfan Featured By Owner Mar 19, 2012  Hobbyist Photographer
Thank you, downloading it now.
Reply
:iconkaranua:
karanua Featured By Owner Mar 19, 2012  Hobbyist Digital Artist
Welcome Chris :)
Reply
:iconmsgtfrank:
msgtfrank Featured By Owner Mar 19, 2012  Student General Artist
Skype Hotmail and Yahoo are also planning to put Trojans on your computer to track what you do its been rumored.
Reply
:iconkaranua:
karanua Featured By Owner Mar 19, 2012  Hobbyist Digital Artist
And never use MS Live messenger (its chock full of backdoors) same applies to yahoo messenger and aim, you'd be better off using something like pidgin to access these services. Skype I have issues with anyhow as its been used in the past as a vector for the installation of malware and for the running of botnetworks. If I must use skype I'll do so via firefox that way I can sandbox what services it has access to.
Reply
:iconmsgtfrank:
msgtfrank Featured By Owner Mar 19, 2012  Student General Artist
ok then o-o
Reply
:iconkaranua:
karanua Featured By Owner Mar 19, 2012  Hobbyist Digital Artist
If you are one of the many users who let services run riot on your machine you've no defense against supercookies, on the other hand if like me you are a control freak when it comes to your computers then you'll be aware of everything running on your comp at all times, can shut services down to reroute processor time and ram to other services (such as a render engine) they've no chance of installing squat without your notice of it.
Reply
:iconwolvenmoon:
Wolvenmoon Featured By Owner Mar 20, 2012  Hobbyist General Artist
Shutting down services to render is a bit silly, because they're not taking CPU time (or are taking a negligible amount), and any RAM they have can be paged.

WLM, AIM, YIM, and Skype are not really good primary attack vectors unless there are ways for incoming connections to access them (ports forwarded).
Reply
Add a Comment:
 
×

:iconkaranua: More from karanua


More from DeviantArt



Details

Submitted on
March 19, 2012
Link
Thumb

Stats

Views
1,542
Favourites
1 (who?)
Comments
29
×