There has been a significant amount of work done recently to combat this recent RPC exploitation on Microsoft Windows Servers and clients. Since the beginning of last month there have been a lot of warnings and information available to mitigate this attack. This week we are seeing a number of increased worms detected that are apparently having an impact in Asia. Symantec is reporting activity on W32.Kernelbot.A and W32.Wecort. SecureIteam had published some sample code, and Don't Stuff Beans Up Your Nose also had a nice article. Microsoft released the patch for this before their normal release time. Due to Windows XP SP2/SP3 and Vista enabled firewalls, the ability to buy personal home firewalls for cable and dsl, and all the lessons learned by Blaster and Slammer, we may have at least for now avoided another worldwide outbreak. Although, I am sure there are still users that put their PC's on the Internet without Firewalls, host-based Firewalls, or Antivirus -- and never patch their systems that bring them into their company's and connect them to wired and wireless networks to share with their co-workers.
Leave a comment