|
Based on notifications received from Microsoft we are upgrading the rating of MS11-020 (KB 2508429, CVE-2011-0661) from Critical to PATCH NOW. See: http://isc.sans.edu/diary.html?storyid=10693 for the full table. The Remote Code Exploit is possible without authentication, so this presents a serious risk to internal networks. Think Downadup/Conficker, or think lateral movement if that will help motivate patching. Also note that this patch requires a reboot of your system. Sorry. -KL |
Kevin Liston 292 Posts ISC Handler Apr 15th 2011 |
| Thread locked Subscribe |
Apr 15th 2011 9 years ago |
|
How long it would be take to appear a new Downadup/Conficker reloaded?...Additionally, no problems detected on Win XP SP3 for this patch (including the others).
|
Anonymous |
| Quote |
Apr 15th 2011 9 years ago |
|
Downandup/Conficker reloaded? It is still loaded! I bet you find it all over the place still. So reloaded is not even necessary to disrupt things. Retooling, no doubt already planned by someone out there. I know it gives us all work, but hey, enough already!
|
Al of Your Data Center 80 Posts |
| Quote |
Apr 15th 2011 9 years ago |
|
Does anyone have any information on if this is being actively worked on?
How worried should we be of this? |
Mike 2 Posts |
| Quote |
Apr 15th 2011 9 years ago |
|
The silence is deafening..
This freaked me out, and I've heard not a word from anyone else. I talked to our TAM at MS and had him check internally, he says no changes to the severity and no new info that he can find. Until I see this corrobarated somewhere else I can't take action on it. But this vulnerability should be in testing now as direct threat or no, it's bad. |
Mike 4 Posts |
| Quote |
Apr 15th 2011 9 years ago |
|
Sorry, I meant "this patch", not "this vulnerability".
|
Mike 4 Posts |
| Quote |
Apr 15th 2011 9 years ago |
|
Don't fret Frank. It's just a Patch now alert. If I had exploit code, I would have raised the infocon to Yellow by now. All I have is a vulnerability that by MS's assessment could be allow unauthenticated remote code execution. Put that one at head of your test/deploy queue.
|
Kevin Liston 292 Posts ISC Handler |
| Quote |
Apr 15th 2011 9 years ago |
|
The upgrade rating of MS11-020 is not on the Security Bulletin of Microsoft nor on the KB Article of the Securty Update. So there is no reason to panic.
This patch can be tested and then applied... Zero should be only considered if mentioned by Microsoft |
Kevin Liston 1 Posts |
| Quote |
Apr 15th 2011 9 years ago |
|
fwiw, applied all 3 'patch now's to about 100 win2k3 and a few 2k8 servers this weekend... all were quick and without issue. rest will be applied very soon
|
Anonymous |
| Quote |
Apr 17th 2011 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!
