Heyo folks, better late than never. Besides it will probably be MORE FUN tommorow. If anyone needs some temp help to do IT stuff in the next couple days, email me off list. Patch your machines before August 16th, at that point an apparant DDOS against windows update begins. First off, block the following ports at your router / firewall. 135, 445, 4444 tcp/udp Better off, block everything you don't need to come inbound. This will - prevent further infections from outside your network - prevent further crashes - an attack on a patched server can still cause it to crash (in rare cases, apparantly). Step 1. Stop crashing. A) XP - enable the firewall. (I don't have XP home, but I'm kind of assuming that it has the same dialogues, although it might not be.) - Right click My network places, select properties. - Select the internet adapter (i.e. Local Area Connection or Dial up / whatever the isp calls it) right click, properties. - Advanced tab, check the box "Internet Connection Firewall". - Click OK With 2k / NT see step 3. OR . . . ** WILL NOT WORK IF YOU DO NOT HAVE ADMIN ** Right-click on My Computer, select Manage, expand Services and Applications, select Services. Right-click on Remote Procedure Call (RPC) in the list on the right, and select Properties. On the Recovery tab, change the 3 combo boxes from "Restart the computer" to "Take no action". Click OK. At this point you should stop crashing, proceed to step 2. Don't leave your system here though. The exploit still works, even if you don't crash. ** END Step 2) Download the appropriate patch http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS 03-026.asp It looks like their server is having issues serving ASP pages. I have provided direct links to the downloads. Your mail client may mess them up, but just copy the entire line. Previous versions of windows (98, me etc) should not be affected. If you have several machines, put the file on a machine on the network that has already been patched. Microsoft's website is running a bit slow, and there is a decent chance that you will reboot either during downloading or execution of the patch. [patch filename] /u /q Will run the patch in unattended mode w/o user interaction. Takes about 20 seconds depending on the system. You might want to pull the network cable / disable the network adapter after the file is downloaded. ************************** ** Direct Download LINKS** ************************** Windows NT, Server, Advanced Server (I don't see a workstation, I'm assuming this is for nt 4.0 workstation too, I don't have a crashbox, can someone else test and report? I know people are running NT still) http://download.microsoft.com/download/6/5/1/651c3333-4892-431f-ae93-bf8718d 29e1a/Q823980i.EXE 2000, all versions http://download.microsoft.com/download/0/1/f/01fdd40f-efc5-433d-8ad2-b4b9d42 049d5/Windows2000-KB823980-x86-ENU.exe Windows NT, Terminal Server Edition ****** PROBABLY NOT THIS ONE!****** http://download.microsoft.com/download/4/6/c/46c9c414-19ea-4268-a430-5372218 8d489/Q823980i.EXE Windows XP, 32 Bit http://download.microsoft.com/download/9/8/b/98bcfad8-afbc-458f-aaee-b7a52a9 83f01/WindowsXP-KB823980-x86-ENU.exe Windows XP, 64 Bit edition ****** PROBABLY NOT THIS ONE!****** http://download.microsoft.com/download/a/7/5/a75b3c8f-5df0-451b-b526-cfc7c5c 67df5/WindowsXP-KB823980-ia64-ENU.exe Windows 2003 Server, 32 bit http://download.microsoft.com/download/8/f/2/8f21131d-9df3-4530-802a-2780629 390b9/WindowsServer2003-KB823980-x86-ENU.exe Windows 2003 Server, 64 bit http://download.microsoft.com/download/4/0/3/403d6631-9430-4ff6-a061-9072a4c 50425/WindowsServer2003-KB823980-ia64-ENU.exe A reboot is required, after which the computer should not crash (well, it still might due to the exploit, but at least the root vunerability will be taken care of.) Have fun, Karol.
This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 02:29:53 PDT