Cold: New Remote Root Exploit for Windows - PATCH YOUR BOX!! [Sticky plz]

[NuclearFusi0n]

It's not quite a hot deal, but it's an important one....

I know a lot of you don't read OT, but PLEASE update your Windows installation ASAP!

http://forums.anandtech.com/messageview.cfm?catid=38&threadid=1136884

Please keep discussion in that thread.

 

[iamme]

bump.

be sure to tell your friends to avoid another blaster worm-type ordeal

 

[perfectfire]

Thanks, I only read Hot Deals.

 

[Foghorn]

up

 

[NuclearFusi0n]

up

 

[weepul]

another one of these huh? do these ever stop coming?

//krunk (^_^x)

 

[RDMustang1]

The guy on TechTV said that this patch didn't fix the exploit and he had proof.. I don't watch the show but it was on at the place we had lunch.. We didn't stay to hear what he had to say but he did say not to trust this patch and get a firewall of some sort.

 

[GaminFreak2002]

Originally posted by: RDMustang1
The guy on TechTV said that this patch didn't fix the exploit and he had proof.. I don't watch the show but it was on at the place we had lunch.. We didn't stay to hear what he had to say but he did say not to trust this patch and get a firewall of some sort.

yea leo on the screen savers was just talkin about it said to
1)enable your windows xp firewall
2)use the program dcombobulator to disable dcom
3)if your behind a linksys router STAY behind it and dont have to worry about enabling xp firewall
4)also said something about runnin a anti-virus

 

[pxc]

Won't a cheapo router/firewall prevent this kind of RPC attack?

I have the basic WinXP firewall enabled, no extra protocols for the NIC attached to the WAP/router and I don't run Outlook. All these virii, worms and stupid exploits never affect me.

 

[vortix]

yet another reason to get a mac with osx or run linux

 

[Mizer]

Thanks for the info!!!

 

[caddlad]

Thanks, Nuke, for the heads up!!

 

[pxc]

Originally posted by: vortix
yet another reason to get a mac with osx or run linux

Naw, it seems to affect reading comprehension.

 

[GermyBoy]

Originally posted by: vortix
yet another reason to get a mac with osx or run linux

yet another reason for you to stfu...zealots like you run linux and try to ruin windows systems, and nerds that don't want to use microsuck software, yet would kill to work there.

 

[dc]

hm, anyone else have speed problems after installing the patch?

 

[RDMustang1]

Originally posted by: vortix
yet another reason to get a mac with osx or run linux

Most distributions of Linux have many more exploits found every day than windows does in a year. The main reason is because most power users use linux.

Don't know about Macs but lack of exploits probably has to do with the fact that less than 4% of all PCs are Macs and therefore the user base isn't substantial enough for anyone who has any type of life to want to find any exploits for it.

 

[wetcat007]

Originally posted by: pxc
Won't a cheapo router/firewall prevent this kind of RPC attack?

Yeah they do.

 

[oaaltone]

Originally posted by: RDMustang1

Originally posted by: vortix
yet another reason to get a mac with osx or run linux

Most distributions of Linux have many more exploits found every day than windows does in a year. The main reason is because most power users use linux.

Don't know about Macs but lack of exploits probably has to do with the fact that less than 4% of all PCs are Macs and therefore the user base isn't substantial enough for anyone who has any type of life to want to find any exploits for it.

Well said. Those are my thoughts exactly. (I use all 3 OS's regularly.)

 

[mngisdood]

Eh, just make sure to stay current on updates and you can sleep well

 

[supesman]

I tried to install the windows 2000 one but it said i need at minimum service pack 2 installed. I like my windows the way it is and i'm afraid if i update the service pack there might be some problems that may arise. should i still worry?

 

[straubs]

Originally posted by: RDMustang1

Originally posted by: vortix
yet another reason to get a mac with osx or run linux

Most distributions of Linux have many more exploits found every day than windows does in a year. The main reason is because most power users use linux.

Don't know about Macs but lack of exploits probably has to do with the fact that less than 4% of all PCs are Macs and therefore the user base isn't substantial enough for anyone who has any type of life to want to find any exploits for it.

Wow! Talk about exaggeration!
MacOS is essentially derived from the BSD operating systems. They are well known to be "the most secure OS's" on the planet. It comes as no great surprise that MacOS has retained this attribute.

Most distributions of Linux do not have more exploits found every day than windows does in a year. That is simply wrong wrong wrong. When you say "Linux" that does not mean ALL the applications that run on it! If, for example, Apache or Sendmail have an exploit, that is not Linux, that is Apache or Sendmail with the problem. This is the equivalent of saying that Windows XP is spyware because you installed WeatherBug or some other spyware-filled app onto your XP machine.


<i>The main reason is because most power users use linux.</i>

So, because power users use linux, linux is inherently less secure? Huh? Wouldn't that be the other way around, since the power users are the same people that are writing the code that goes into linux?

And since there seem to be a fair amount of Microsoft zealots on here who say silly things like "go away you hippy" whenever someone mentions Linux (for reasons that I can't comprehend), I will note that I am using Windows XP as my main desktop.

 

[xkenny013]

Originally posted by: supesman
I tried to install the windows 2000 one but it said i need at minimum service pack 2 installed. I like my windows the way it is and i'm afraid if i update the service pack there might be some problems that may arise. should i still worry?

I'm using Windows 2000 SP4, plus all the latest patches ... I haven't had any problems. Were there specific issues you were concerned about (ie: older hardware?)

 

[mechsiah]

Most distributions of Linux have many more exploits found every day than windows does in a year. The main reason is because most power users use linux.

This does not strike me as a well thought out statement. Let us say that Windows has 20 exploits in a year. Are you suggesting that linux has over 7000 in a year? Hmmm.

Windows has come a long way and does some amazing stuff, but I think that a company with as much money and manpower as Microsoft has could be a little more careful with its code.

 

[Lestan]

Originally posted by: mechsiah

Windows has come a long way and does some amazing stuff, but I think that a company with as much money and manpower as Microsoft has could be a little more careful with its code.

I couldn't disagree with this more. Coding has never been an exact science. Unix itself has been hardened over the last 30 years, and that is why it is now more secure. Windows is now the mainstream NOS, and we are witnessing the hardening process in action. It has only had 10 years or so of being heavily exposed to the Internet, so I'm betting that in 20 years (probably less) Windows will be the most secure piece of software on the planet. You can't just write secure code, it has to be a trial by fire.

Here is a fascinating article that compares computer viruses to biological ones, and it is so true: http://www.zone-h.org/en/news/read/id=3287/

 

[AUGrad]

Originally posted by: Lestan

Originally posted by: mechsiah

Windows has come a long way and does some amazing stuff, but I think that a company with as much money and manpower as Microsoft has could be a little more careful with its code.

I couldn't disagree with this more. Coding has never been an exact science. Unix itself has been hardened over the last 30 years, and that is why it is now more secure. Windows is now the mainstream NOS, and we are witnessing the hardening process in action. It has only had 10 years or so of being heavily exposed to the Internet, so I'm betting that in 20 years (probably less) Windows will be the most secure piece of software on the planet. You can't just write secure code, it has to be a trial by fire.

Here is a fascinating article that compares computer viruses to biological ones, and it is so true: http://www.zone-h.org/en/news/read/id=3287/

And I couldn't disagree with this more. Coding is based on scientific principles. While there is a creative/artistic element to it, the basic science and methodologies behind it should not be ignored. Compare programming to building a house. Each house may be different in very artistic ways, but the basic principles of determining live and dead loads, pouring an adequate foundation, etc. apply in every home. If you're not following basic principles of good coding -- validating all inputs and verifying that any data is not too big for its target memory come to mind as examples -- then you're doing it wrong. If Microsoft were a big builder, they would have been sued into nonexistence by now for building substandard homes.

I'm not saying the MS is the only company with this problem, I'm just using them as a good example of why the "coding is art" bunch need to rethink their argument. Ultimately, form should follow function, and code that breaks in not functional.