Huge security flaw discovered July 16th.

I've worked unending hours the last few weeks getting my company protected.

Now, as of 3pm today, the worm that exploits the vulnerability is out and spreading REALLY fast.

Affected operating systems:
Windows NT 4 Server
Windows NT 4 Workstation
Windows 2000 Server/Advanced Server
Windows 2000 Professional
Windows XP
Windows Server 2003


Patch now...

Scroll down and get the patch for your specific OS here: http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-026.asp

To all of you open source zealots, I can't even begin to tell you how much I do NOT want to see a response from you. K?

Seriously, this isn't optional... all of your data is at risk, firewall or no firewall.

WB

I can attest.

Took 3 hours to fix my 2 computers. I am not a happy camper.

For those getting this shutdown in 1 minute garbage because of RPC, do this. it will stop the shutdowns, so you have time to do the above fix from WB....

1. Click on START, then RUN.

2. In the box, type services.msc, click OK.

3. In the new window, look down the list on the right hand side for the REMOTE PROCEDURE CALL (RPC). Double click it. This will open a new window.

4. In that new window, click on the RECOVERY tab. In each spot where it says 'RESTART THE COMPUTER', click on the drop down menu and change all three to 'RESTART THE SERVICE'.

5. Click on APPLY, then click OK.

this will stop the shutdowns, but your system is still vunerable. Now do the above patch. You can change the RPC settings back after you apply the patch.

Steve

Yeah - I got BIT by this bug - I'm not a Tech Guy so I at first started calling people who are, and no one was home!

Then I saw the Headline on the Explorer fron page and breathed a sigh of relief that it wasn't just me. I then just follwed the instructions given by Microsoft.....

I downloaded an Update for Windows XP and It seems to be taken care of it for now! I HOPE!!!!

I personally would like to catch the guy who started it & insert a Red Hot Iron Bar where his brains reside!!

Thanks for the info WickerBill & Devilmaster!!

for those who want more info on the worm....

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.A

Its important to see if you still have the worm after you have installed the patch above. Follow the instructions on the link in this post, to ensure you have deleted all instances of the worm.

Steve

WB and Steve, Thanks!

I just got blessed with Xp, how do I tell whether it is 32 or 64 bit?

JT

It's 32 bit. Trust me.

WB

Hey JT!!!

I just downloaded the 32 bit version, Because I too did not know what I had... It seemed to Work just fine. I just figured that if the first didn't work, then the other would! But I didn't have to go that far!!

My neighbor came over tonight and asked if I could take a look at his computer for him. I guess this is why.:shakehead

32 or 64...I didn't know either so before I got kicked off, I picked one.....go big or go home....64

For more help, TrendMicro.com, makers of PC-Cillin anti-virus software, have an free online virus scanner called housecall.

Use this in conjuction with your regular virus scanner. Its good to use since its always updated with the latest virus engines. If viruses are found, double click the virus name to get the virus info page from trendmicro, which includes removal instructions.

http://housecall.trendmicro.com/housecall/start_corp.asp

Steve

Thanks all! Like RT, I went big, and then had to go home and do the 32 bit deal. No probs so far, I just got this puppy on Friday and I didn't wanna let go of 98SE, but it had XP pre-loaded already.

Originally posted by WickerBill
To all of you open source zealots, I can't even begin to tell you how much I do NOT want to see a response from you. K?
WB

Hey I spent about 6 hours patching the machines on the network I look after! 2 Fridays ago! Pain in the butt!

I did find a cool little tool that would scan the IP range on the machines on the network and show me which ones were vulnerable.

For the FAQ page:

1. I'm still using Windows 98 and I have Norton Internet Security running full speed ahead. Am I okay?

2. My parents are using XP on a personal computer (no critical company stuff, just games, etc.). At what risk are they?

Every M$ operating system except for ME...... (WTF???) Its a small patch thats not that difficult so I would apply it no matter what the situation.


Originally posted by Lizzerd
For the FAQ page:

1. I'm still using Windows 98 and I have Norton Internet Security running full speed ahead. Am I okay?

2. My parents are using XP on a personal computer (no critical company stuff, just games, etc.). At what risk are they?

Originally posted by Cam
Every M$ operating system except for ME...... (WTF???)

Probably cause its the whole 95/98/ME based on DOS while NT/2000/XP based on nt software....

NEVER miss critical Win updates. Nimda told me so.

PS: The fix was out weeks ago. When you see the update icon in the lower right, pay attention. (If you've gotten bit before - you will download that patch.)

Originally posted by Cam
Every M$ operating system except for ME...... (WTF???)

From my experience - ME is such a load of crap that people don't write virus's to target it cause of that reason! it is much more meaning full to attack a server...(and much more annoying for us in the IT industry)

MS did not release a patch for Windows 98. Therefore, even if it IS vulnerable, it's not patchable.... aren't you lucky?

WB

Thanks for nuthin, WB. :p

Looks like our systems are vulnerable then, because we run Windows 98.

NT was not designed with no access by default. The fix now is recoding the whole mess from the ground up.

Boy, what a Monday afternoon at my company! The LAN/WAN crew were trying to push the patch out and all of the XP boxes were auto-rebooting. People were freaking out. I'm still on a 2000 box here at work, but I use the Windows update taskbar notifier and install everything that comes in.

I spent the better part of last evening helping a friend recover from this instead of sitting back with a Schlafly's Pale Ale and watching the Cubs game.

Thanks to WB and DM for the heads up and the repair advice. Needless to say, after everything was fixed, I made sure that he is running the Automatic Windows Update and has Norton subscription.

Originally posted by WickerBill

To all of you open source zealots, I can't even begin to tell you how much I do NOT want to see a response from you. K?

WB

Great, just because you're the boss, you take all of the fun out of it :cry: ;)

OPEN SOU.....Oh, never mind, I like this place too much to pi$$ off the boss.

If your a cubby fan you probably had just as much enjoyment repairing the friends system.

GO 'stros!

http://houston.astros.mlb.com/images/masthead/hou_logo_primary.gif

Originally posted by Turn7
If your a cubby fan you probably had just as much enjoyment repairing the friends system.

GO 'stros!



Watch it pal! There's still lots of head to head match ups between us. Need I remind you of that little weekend series in Houston two weeks ago?

That being said, I would much rather see the Astros win it than the Cardinals. Being is Cub fan in St. Louis, it gets rather nauseating at time listen to all of the "expert" Cardinal "fans."

Originally posted by IlliniRacer
Great, just because you're the boss, you take all of the fun out of it :cry: ;)

OPEN SOU.....Oh, never mind, I like this place too much to pi$$ off the boss.

This would never happen with an Appl... oh wait, I'm new here, I better behave too. ;)

So if have Windows ME at home, do I not need to worry?

:confused:

http://www.apple.com/powermac/

:thumbup: I gotta get me one of these!

Originally posted by spook
So if have Windows ME at home, do I not need to worry?

:confused:

you need not worry.

Steve

Originally posted by spook
So if have Windows ME at home, do I not need to worry?

:confused:

ME is not affected by this worm. ME is based on a different code than the affected operating systems.

No need to worry. Still doesn't hurt to run windows update however, to make sure all other patches and fixes are up to date..

Ok - thanks! :)

Thanks devilmaster! My computer wouldn't restart after I restarted it. I had to restore my entire hard drive. Then just now I searched even after all that and the thing was still there and running. Gone now. Thank again! :D

Thanks for the heads up WB, and thanks to steve, I know he been helping out alot of ppl who got bite hard by this worm

Some one get these two a Beer :)

Originally posted by nz_climber
Some one get these two a Beer :)

:laugh:

Don't know about WB, but I'll take a pint of either (or both):

http://members.lycos.nl/wes35/hpbimg/23.gif

http://www.beer.com/brands/ca/keiths/images/splash_main.gif

Steve

Maybe we could stretch it to 2 beers each- then you can have one of each :D

It pays to have the automatic updates box checked. The updates go through testing on a beta site before being released to the consumer Windows Update site.