While Microsoft can write all the patches it wants, it can’t make users install them. But hackers can push 
that button, which brings us to the gory little problem going on today with Win32/Conficker.A and a clock ticking toward Turkey Day. (Read more about the worm here.)
The Win32/Conficker.A malware infects computers across a network by exploiting a vulnerability in the Windows Server service. The lid is shut on Win32/Conficker.A, however, when users install patch MS08-067, which was released Oct. 23.
According to Microsoft’s Malware Center blog:
“[The worm] opens a random port between port 1024 and 10000 and acts like a web server. It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll.”
Users should be hyper sensitive to this warning. Microsoft is making a big deal about this and rightly so.
Plain and simple, installing patch MS08-067 now will guarantee that Monday, when work resumes at its normal pace, will be a pleasant and worm-free day.
Of course, the timing could have been better. Microsoft admits that reports of attacks were picking up over the weekend. It would have been nice to give IT an extra day or two to rush out the patch rather than waiting until Nov. 25 to again beg for users to patch. Clearly the attack aligns with the fact that hackers know most U.S.-based targets will be short-staffed or not even staffed over the Thanksgiving holiday.
Then again, attacks have been spotted and reported as early as Nov. 5.
Be upset with Microsoft (again), but don’t waver from the fact that networks without this patch are at risk of being compromised.
Microsoft reports calls to customer service from U.S. companies are picking up.
The company said most of the reports come from users in the United States, but also names other countries/regions such as Germany, Spain, France, Italy, Taiwan, Japan, Brazil, Turkey, China, Mexico, Canada, Argentina and Chile.
The company says some home users also are affected.
Visit the Microsoft Subnet web site for more news, blogs, podcasts. Also see:
Unified communications: Microsoft vs. Cisco vs. others
Microsoft patents ... a mere 146 issued so far in November
Just How Dead Is OneCare, Really?
10 questions for Small Business Server/Essential Business Server guy, Russ Madlener
7 Keys to cleaning up Windows with Windows 7
17 job-hunting resources for Windows pros
Glenn Weadock on Windows Server 2008
Library of Windows management tools from A Better Windows World
Subscribe to all Microsoft Subnet bloggers.
Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
The Microsoft Subnet blog is the official blog of the Network World's Microsoft Subnet community, and is written by Online Community editor Julie Bort. Microsoft Subnet is the independent voice of Microsoft customers and is your gateway to daily Microsoft news, blogs, opinion, books, prize giveaways and more. Visit the Microsoft Subnet index page daily, and while you are there, subscribe to the Microsoft newsletter. The newsletter includes news generated by the Microsoft Subnet community as well as other Microsoft news stories published by Network World.
The Leader in Network Knowledge
Post new comment