EFS Network Management - Security

Virus Wars

A Virus War is occurring between two rival virus authors. As a result, they are generating variants of viruses to exploit the newly discovered Windows Security issue. The antivirus companies are not able to keep up with the rapid deployment of the variants. Security firms are asking everyone to apply the critical patch as quickly as they can to stop the security leak.

To update your system go to Microsoft’s Update site. In Internet Explorer, click on Tools and Windows Updates, follow the prompts, select the defaults, and apply all critical updates. Symptoms of the new variants are constant reboots of a computer. If you have a lot of updates to apply, then as a minimum focus on Microsoft Security Bulletin MS05-039 Exploit critical update to stop the variants from slipping past your antivirus software.

Resources:

Microsoft Security Bulletin MS05-039 Exploit

CNET News - Virus Knocking Out Computers

Two New Level 3 Viruses W32.Zotob.E and W32.Esbot.A

Two new Level 3 viruses are spreading rapidly. They are is taking advantage of a new security hole in Microsoft Windows operating systems. This security hole was just made public last week. Microsoft has a critical update available to plug the hole. We have not fully tested this update, but it is advised that the critical update be applied as soon as possible. Both new level three viruses W32.Zotob.E and W32.Esbot.A exploit this security issue.

The viruses open back doors on infected systems and causes system instability. They also launch denial of service attacks against other companies like, Microsoft, CNN, New York Times, and other media centers. The threats are easily contained by applying the latest critical updates and ensuring your antivirus software is up to date with at least August 16, 2005 definitions.

More information about these issues at:

Level 3 Virus W32.Zotob.E

Level 3 Virus W32.Esbot.A

Microsoft Security Bulletin MS05-039 Exploit

Microsoft's Security Updates for August

Microsoft has released six security updates for this month. Three are critical updates that if not patched could allow malicious code full access to your system. There are no known issues with these updates at this posting. For more information, see Microsoft Security web site at http://www.microsoft.com/security.

Windows Not Completing Booting Sequence

Recently it has been discovered that Windows Servers and Desktops of all versions will not complete the booting process. It has been determined that systems that are running certain versions of the APC PowerChute UPS auto shutdown software are the root cause of this problem. The immediate fix is to disable the software under Windows Services. The software can also be uninstalled and that will fix the problem. APC has released a update to the software and it can be downloaded and installed to replace the APC software that is failing on Windows Startup. More information can be found at APC’s Website.

Microsoft's Security Updates for July

Microsoft has released three security updates for this month. They are critical updates that if not patched could allow malicious code full access to your system. There are no known issues with these updates at this posting. For more information, see Microsoft Security web site at http://www.microsoft.com/security .

Microsoft's Security Updates for June

Microsoft has released ten security updates for this month. Three are critical updates that if not patched could allow malicious code full access to your system. There are no known issues with these updates at this posting. For more information see Microsoft Security web site at: http://www.microsoft.com/security .

Windows 2003 Server Service Pack One

Windows 2003 Server Service Pack One is now available from Microsoft downloads. This is a very large 400 meg Service Pack. It is advised to check with the server’s vendor and update all drivers, BIOS, Back Plane, RAID Firmware, Tape System Firmware, and systems files prior to applying this update. Call the server vendors tech support before updating the server. Also check with all third party software vendors like Symantec, Veritas, and any server base software for any updates that may need to be applied before and/or after the Windows 2003 Service Pack One is applied. Some software may require to be upgraded and may result in additional software cost.

There are many field reports that this service pack has caused the blue screens of death to occur. Ensure that the recovery console is enabled, and that there is a most recent backup prior to installing Service Pack 1. Updates to the server are recommended to only be preformed on the weekends after hours in the event of a complete system failure.

It is also advised to read the pre-install instructions for the service pack as a number of the default behaviors of the operation system are changed.

Microsoft's Security Updates for May

There was only one security update released by Microsoft for the month of May. There are no known issues with the update at this time. It is safe to update your systems with the security update. To obtain more information about the update go to Microsoft’s Security web site.

Sober.O Virus Making it way around the Internet

A new Sober variant has been discovered today called the Sober.O. W32.Sober.O@mm is a mass-mailing worm that sends itself as an email attachment to addresses gathered from the compromised computer. It uses its own SMTP email engine to spread. The email may be in either English or German.

Symantec has rated this as a Level 3 Virus Threat.

It is also known as W32/Sober.p@MM [McAfee], W32/Sober-N [Sophos], WORM_SOBER.S [Trend Micro]

It is recommended that your anti-virus software be force updated to retrieve the latest virus definitions for your protection. Only anti-virus definitions dated May 2, 2005 or later will detect and stop the virus.

More information can be found about the virus at SARC.

Microsoft April Security Updates

On April 12th, Microsoft released the latest batch of critical security updates for Exchange, Windows Operating Systems, Office Suites, and Windows Messenger. All patches have been reported safe to download and install. No issues have been reported. A total of 8 critical updates have been released. We have tested the updates in our lab and have not experienced any issues with the critical updates.

Microsoft also released Windows 2003 Server Service Pack One. There are numerous reports that this update will blue screen the server and prevent it from booting. It has been advised by Microsoft prior to installing the service pack is to apply all the latest server vendors hardware driver updated for Dell, Compaq, HP and Gateway servers. Not applying the updates may result in the server failing to boot and may require a reload of the Operating System. It is advised to contact the server vendor prior to doing the updates to ensure that the server has all the needed updates to prevent the server upgrade from crashing.

More infromation can be found at the Microsoft Security Web Site.