Wednesday, February 11, 2004
Public Service Announcement: Patch Your NT4/2000/XP/2003 Systems!
Posted by Ed Hansberry in "OFF-TOPIC" @ 07:00 AM
http://www.microsoft.com/technet/security/bulletin/winfeb04.asp
Microsoft has released several patches in the past 24 hours, but the most critical is "MS04-007 - ASN .1 Vulnerability Could Allow Code Execution." You can apply this patch by visiting Microsoft's Windows Update site.
For more information on the issue, you can visit the following links:
• Vulnerability Note VU#216324 -
• Vulnerability Note VU#583108 -
• eEye Digital Security Advisory AD20040210 -
• eEye Digital Security Advisory AD20040210-2
• Microsoft Security Bulletin MS04-007
• Microsoft Knowledge Base Article 252648
Basically, patch your box or unplug it. There is no exploit as I type this, but the day is young. Most alarming is there are really no mitigating factors. A firewall may not be the protection you think it is for this issue. This quote puts it in perspective. "The widespread use of ASN.1 has led many security researchers to label it a possible "monoculture" -- a population so homogeneous that a single threat could destroy it." :shocked!:
Why are you still reading this? You should be patching!
Microsoft has released several patches in the past 24 hours, but the most critical is "MS04-007 - ASN .1 Vulnerability Could Allow Code Execution." You can apply this patch by visiting Microsoft's Windows Update site.
For more information on the issue, you can visit the following links:
• Vulnerability Note VU#216324 -
• Vulnerability Note VU#583108 -
• eEye Digital Security Advisory AD20040210 -
• eEye Digital Security Advisory AD20040210-2
• Microsoft Security Bulletin MS04-007
• Microsoft Knowledge Base Article 252648
Basically, patch your box or unplug it. There is no exploit as I type this, but the day is young. Most alarming is there are really no mitigating factors. A firewall may not be the protection you think it is for this issue. This quote puts it in perspective. "The widespread use of ASN.1 has led many security researchers to label it a possible "monoculture" -- a population so homogeneous that a single threat could destroy it." :shocked!:
Why are you still reading this? You should be patching!
