Поделиться через

Russian Roulette with your Network

  • Статья

First of all, before I really start, I hope that you all had a great start in 2009. Mine was actually pretty mixed. The good side was, how my year really started and what I saw when I looked out the window at January 1st (yes, I was on vacation skiing and this was how the view was almost each and every morning):

But honestly, this is not the only reason, why I wrote this post. There is another one which is much, much more serious:

Unfortunately there are still plenty of customers playing Russian Roulette with their network. This term was actually used by one of our security engineers – who was kind of upset to say the least – who had to work December 31st and January 1st because of customers still not having rolled out MS08-067 – and not just one! We ran to our limits with regards to support capacity in EMEA.

Just to remind you: This is the Out of Band security update we released back on October 23rd and which then was pretty soon attacked by Conficker.A. But it seems that a lot of customer did not care back then – they were not attacked, so why bother? In the last days of 2008 Conficker.B broke out and even though it was not spread too widely, the customers who were hit (or still are hit) are hit very, very badly. Account Lockouts all over the place, admin passwords that were grabbed (often the Domain Admins) etc – and we had some really upset engineers as they had to work instead of having off because some customers were not up to their duty (and this is what it is for me!).

And this is not the end of the story:

  • For quite a while, our Anti-Malware solution was the only one, which was able to remove the thing. And without an Anti-Malware solution it is close to impossible to actually get rid of it. As always, all the information about the malware was shared amongst VIA (Virus Information Alliance) to all the partners.
  • NT got infected as well and the calls came: What shall we do now? Well, there is not too much you can do. As you might know, Windows NT is out of support for a long time (since December 31st, 2004 - see our Lifecycle Page if you need more information). Isolate your Windows NT boxes (as you should have done a long time ago) and migrate away from it. I know that there are still a lot of machines with NT embedded – isolate them and work with the vendors to get to an up to date version of the OS.

Let me add a final comment: The story above is not a Microsoft-only story. The same processes and technologies around patch management have to be applied to each and every component of your environment. Back after the Blaster times, we start to tell the consumer to apply three things to their PC to protect it:

  1. Switch on your Firewall
  2. Keep your Software Updated
  3. Run an Anti-Malware software and keep it updated

Guess what: If you would have applied 2 and 3 to your network, you would not have been hit by this problem.

Roger

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Ende Oktober hat Microsoft eine außerplanmäßige Sicherheits-Aktualisierung veröffentlicht. Siehe dazu

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 05, 2009
    OMG! View is amazing.... I might just forget about work when i see this type of view everyday... :)

  • Anonymous
    January 07, 2009
    The comment has been removed

  • Anonymous
    January 07, 2009
    The comment has been removed

  • Anonymous
    January 07, 2009
    The comment has been removed

  • Anonymous
    January 09, 2009
    No, i will not make an update. I will be in the news.

  • Anonymous
    January 11, 2009
    The comment has been removed

  • Anonymous
    January 11, 2009
    The comment has been removed

  • Anonymous
    January 19, 2009
    Look, your company distributed software that has a security problem. So it has to bear the consequences and deliver the support. I would expect Microsoft to go to customers and help them to install the software as it is their fault, your company delivered broken software. Why do customers have to roll out patches? Why do companies and European citizens have to invest their man-hours to fix what you broke! How are the compensated? "Microsoft recommends that customers apply the update immediately." Oh, nice attitude, go an fix your stuff as we said in bullettin message PBFX #1038478. As if it was our fault! Who was fired and slain by your company for letting it happen? Did your company express its regret for delivering defect software? No, you rather insult your customers: "Account Lockouts all over the place, admin passwords that were grabbed (often the Domain Admins) etc – and we had some really upset engineers as they had to work instead of having off because some customers were not up to their duty (and this is what it is for me!)." Oh yes, you delivered defect software! You were paid for support! So don't complain! Go and fix the mess.

  • Anonymous
    February 10, 2009
    Andy, you must realize that Microsoft does indeed "help them to install the software".  It is called Windows Update.

  • Anonymous
    February 18, 2009
    The potential risk of Securitycritical Softwareupdate on Mission Critical Systems is only a Question about how carefully a Programmer has done its Job. Honestly, Microsoft Developers are not intrested producing robust Software, they are allways intrested to get the Job done, verry quick, verry diry. Use FreeBSD or Solaris if you want a solid and proven Enterprise OS and you wil have seriously  less Stress. If you install Windows on your Hardware, then you playing Football with your Network Security!

  • Anonymous
    March 09, 2009
    The comment has been removed