Welcome to The UltraTech Zone Sign in | Join | Help

Talking Out Loud with ASB

Views on Life, Technology and Everything, by ASB (aka Logik!)...

My Profile

Andrew S. Baker (ASB)

News

  • Platform: CS v2.1 SP2...

    Get a FREE phishing filter for your domain!

    Who links to my website?

    Pando Pro

Revenge of the Worms?

It's been a while since we've had a massive worm outbreak, but with word that a wormable exploit has been made available for the recent .

Microsoft has issued several status updates over the past few days via the , including the news that (which is one week shy of the normal patch release day).

Because of the criticality of this vulnerability and the various editions of Windows that it affects (including ), it is highly advisable that every effort be made to test and deploy the patch as soon as it becomes available tomorrow.   Other mitigation efforts include the following:

  • Reading email in plaintext (especially if using Outlook)
  • Stop using Outlook Express, which is vulnerable even in plaintext mode
  • Keeping your host-based security tools (such as AntiVirus) up-to-date
  • Employing web content filtering tools
  • Deploying network-based IPS products
  • Engage in safe browsing/email activities, such as avoiding unknown links

The situation is deemed critical enough that several security threat analysis teams have raised their alert levels on account of this threat, including both and .

If you'd like to get a bit more information about what is being referred to as the ANI vulnerability, then check out the following:

Be advised that although the bulletins discuss Windows 2000 SP4 and later as being affected, it is highly likely that previous version of Windows -- which are currently unsupported by Microsoft -- are also affected.  Users of these older operating systems should consider the use of the unofficial, non-Microsoft patches below:

Please be alert for any updates to these bulletins...

Share Post:
Posted: Monday, April 02, 2007 9:39 AM by Logik!

Comments

Joe Smokie said:

The patch was to be released on April 3rd? I've been to microsoft.com and update.microsoft.com and haven't seen anything about the patch.

# April 3, 2007 2:20 PM
Anonymous comments are disabled

About Logik!

Andrew S. Baker aka ASB aka Logik!

Andrew S. Baker is a business-savvy, hands-on IT leader with expertise in mentoring people, mitigating risk, and integrating technology to drive innovation and maximize business results. He creates competitive advantage for organizations through effective IT leadership: implementation of processes and controls, and architecture of robust business solutions.

Mr. Baker has successfully led a number of high-performance technology teams in designing, deploying and maintaining secure, cost-effective computing environments for well-known companies, including Warner Music Group, The Princeton Review, Bear Stearns, About.com, and Lewco Securities.

For over a decade, Andrew has exhibited thought leadership on technology and business topics via mailing lists, technical forums, blogs, and professional networking groups, along with contributions to podcasts, webinars, and over 20 technical/business magazine articles. He also serves on several boards and committees for non-profit organizations, and within the Seventh-day Adventist church.

His personal interests include Astronomy, Basketball, Bible Study, Chess, Comics, Computers, Family Life Ministries, Reading, Strategy/Role Playing games, and Professional Networking...

A summary of Andrew's current résumé is available here, and he can be reached on a variety of social and professional networks, including LinkedIn, Facebook and Twitter.