That MS Critical Patch

To add to all the coverage of the extra special (and critical) MS patch released yesterday, for the benefit of my three (that many?) regular readers:

My first reading of the various links about this vulnerability and patch (see below) indicate that, although the rating is critical, and the patch should be installed immediately, there is less exposure to Vista and Server 2008 and XP SP2+ systems because their default settings enable the firewall and block ports 139 and 445. (You can check if those ports are blocked by using the ShieldsUp test at www.grc.com.)

Note that this vulnerability has the potential for the same impact as the Blaster and Sasser worms (the blocking of those ports and default firewall enable XP SP2 and Vista is one of the results of learning from the Blaster worm). That blocking will help with external attacks, but an internal attack (behind the firewall) may be possible. For instance, our organization was severely impacted by an internal attack of the Blaster worm, which caused a Denial of Service (DoS) type of attack on network traffic.

The initial takeaway is that the MS patch, and probable (already released now) upcoming AV patches will be very important for all users, even if a ShieldsUp test shows that you are blocking ports 139/445.

Corporate/network users are strongly advised to get this one installed on all external and internal systems, even if their firewalls are blocking those ports. And home users are especially urged to install the patch.

There are reports of some limited attacks using this vulnerability; I suspect the hacker community is frantically working on exploits.

A typical exploit might be to install spyware/malware on your computer to gather confidential information. It is less likely, I think, that an exploit would try to just do a DoS-type (Blaster) attack; most hackers are now targeting systems for confidential information for financial gain.

More general info here: http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx From the MS SDL (Security Development Lifecyle) blog http://blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx ; an explanation of "why didn't we catch this".

Just remember safe computing practices: install updates, don't click on links in emails alerting you to an update, pop-up messages while surfing the 'net that alert you to malware are bogus and should be ignored, etc.

Adobe Flash Update

Adobe has released their latest update to Flash (for multimedia on web pages) to fix the "clickjacking" bug. (This allows an evil hacker to place a hidden 'button' on a web page that will do nefarious things when you think you are just clicking on a link on a page. This exploit is not widespread, and not terribly easy to do, but is rather sneaky.)

You can check their Flash version by going to this Adobe page: http://www.adobe.com/products/flash/about/ . You'll get your current version, and a list of versions for Windows, Mac/OSX, Linuz, and Solaris operating systems.

Notice that this update is not just an Internet Explorer vulnerability, but also affect Firefox, Opera, etc.

All users should ensure they have this update.

Keeping Children Safe On-Line

Our children are constantly on-line. Even down to pre-schoolers. A great resource for parents (and grandparents) to help understand the proper precautions for children (and to understand the things that are available for children), is the Keep Safe Coalition site called www.ikeepsafe.org .

There are resources for parents and children to understand how to keep safe on the 'net. This is a place that every parent should look at with and for their children.