Patchy Tuesdays always get you down
The Conficker/Downadup worm managed to slither onto millions of PCs worldwide at its height, but after it initially infected a computer it only really acted to spread itself, and didn't cause further harm. Until now.
Symantec reports today that it has found a new variant of the virulent worm that will identify antivirus software or security analysis tools running on the infected PC, and attempt to shut down those programs. This is a strong signal that the worm's mysterious creators haven't abandoned their creation in the face of worldwide attention, as some in the industry have theorized, but may still have plans to make a buck off their work.
Researchers at Symantec have discovered what could be a significant development in the ongoing Conficker worm saga: a new module that is being pushed out to some infected systems.
In a couple of ways, the new component is designed to harden infected machines against an industry consortium that is actively trying to contain the prolific worm. For one, the update targets antivirus software and security analysis tools to prevent them from removing the malware. Not only does it try to disable anti-malware titles, it also goes after programs such as Wireshark and regmon.
March's Patch Tuesday will see yet another critical fix for Microsoft's flagship operating systems.
Vole said that it will not be fixing a critical Excel vulnerability, which allows attackers to launch malicious code remotely on users' computers via an infected Excel spreadsheet file.
Microsoft Corp. today said it will deliver three security updates on Tuesday, one of them ranked as "critical," but will not fix an Excel flaw that attackers are now exploiting.
All three updates spelled out in today's notice will tackle vulnerabilities in Windows, but as is its practice, Microsoft did not drill any deeper than to specify which versions will be affected.
--Brian Valentine, top Windows executive
--Jim Allchin, top Windows executive
Comments
Jose_X
2009-03-08 16:41:20
I'm guessing their situation is horrible, but can you actually patch Windows against all the bugs at once, or will the different patches undue work done in other patches as these holes are moved around?
[I think the answer is that the above is true for some holes but not all. When you don't engineer for security, you have to crudely keep redefining names and numbers to keep the malware guessing.]
pcolon
2009-03-08 21:44:15
David Gerard
2009-03-08 22:12:07
Needs Sunlight
2009-03-09 09:35:19
http://www.law.cornell.edu/uscode/html/uscode18/usc_sup_01_18_10_I_20_96.html
Dave
2009-03-09 13:01:58
The vunerability used by Conficker is NOT a critical vunerability for Vista. It is only critical for windows XP !!!!
This blog is really a disgrace full of disinformation and lies !!!
Dave
2009-03-09 13:03:03
Roy Schestowitz
2009-03-09 13:07:50
If you had read this post carefully, then you would realise that you are mixing together two completely isolated parts of it (Vista vulnerability and Conficker).
David Gerard
2009-03-09 13:08:18
So people actually have to go through and check the machines. I had to do this at work (we have some Windows boxes for proprietary software that's a required part of our production chain; we're not happy about this). Ridiculously tedious.
Furthermore, the patch last year only patches the Internet transmission vector for Conficker - it doesn't actually disable the memory stick or CD vector (the autoplay problem).
[And may I say also how much autoplay sucks. I have a 500GB drive full of ripped CDs in FLAC - I plug it into a Windows XP box and it pauses for a minute while it tries to work out how to autoplay the thing. WHAT.]
Caitlin
2009-04-01 04:53:01
I immediately checked my Windows Update, and Lo and behold, the update was there.
NOT INSTALLED.
It's now installing at 55% complete.
jocaferro
2009-04-02 01:44:17
Roy Schestowitz
2009-04-02 01:46:16
jocaferro
2009-04-02 01:42:24
Yes, several (privately) vulnerabilities. Where? Windows kernel! 2000, XP, 2003 Server, Vista. An unpatched Windows computer is a serious problem since the moment everyone knows about it. In the MS/Windows world this situation can take months even years until all computers become patched! How long MS (privately) know about this problem? Or, how long MS (privately) know about many problems without caring for a patch?
Clump
2009-04-01 22:08:25
You'd think only a small percent of people wouldn't have this patch already, but it seems about 30% of Windows users haven't patched. North Americans will weather it better than Asians as most North American systems are patched while the big numbers of no-patch are in Asia, S. America etc.
David Gerard
2009-04-01 22:15:47
So people just don't trust Microsoft patches.
Yggdrasil
2009-04-02 03:23:48
I specifically remember trying to update a Ubuntu distro to 8.10. After it finished the machine rebooted, only to halt on the next boot complaining that it could not locate some file. Had I been using this machine for anything important, I would have been royally screwed. Updates "can" break installs or software on ANY OS. That's the nature of computer software. Problems with Windows will always seem worse since there are more Windows machines in use.
Try upgrading your Amiga 500 to OS 3.1, which includes having to replace a ROM chip, then find out your favorite game won't work. Computers are complex machines. To assume you will never have problems using some other OS or hardware platform is purely delusional.
For the record, in 12 years of using Windows machines, I have never had any update or security patch cause any serious problems. That includes the machines owned by my parents and sister. At the very worst, I might have had to update an older piece of software for some odd reason, but again.... that's normal.
David Gerard
2009-04-02 13:00:13
Roy Schestowitz
2009-04-01 22:16:27
Gentoo User
2009-04-01 23:46:03