MS Patch MS03-039

jimmm33 · September 15th, 2003, 06:56 PM

My store got a call from a Microsoft rep today. He ask to talk to the tech. He told me to note the MS03-039 patch and start patching machines. He said there was already code exploiting the vulnerability. I asked if it had a name yet and he said no.

After I hung up, I considered social engineering so I ask the person who answered the phone. She said that it was "Mike" the same MS rep that calls all the time. He normally talks to the sales people.

I have been watching SARC all day but no mention.

Did anyone else get a call?

Garak · September 15th, 2003, 07:34 PM

I found this with a google search,

thanks for the heads up

jimmm33 · September 15th, 2003, 08:51 PM

I just got an email from MS. Here is part of it:

"As you know, Microsoft released Security Bulletin MS03-039 on September
10, 2003. This bulletin details three critical vulnerabilities in the
Windows operating system and provides instructions for applying the
corresponding patch.

Yesterday, Saturday, September 13th, it came to our attention that a
research company called Immunity published a paper providing guidance on
how to exploit the vulnerabilities patched by Microsoft Security
Bulletin MS03-039. To date we've had no reports of actual exploit code
being publicly available or being used actively in a worm or virus.

If you have applied the patch as advised in Microsoft Security Bulletin
MS03-039, you are protected from exploit code developed using the
guidance provided in this paper. If you have not deployed the patch or
taken additional mitigating actions to protect your environment, you
should be aware that the existence of sample code does make it easier
for an active exploit to be developed. "

The guy on the phone said there was already code out exploiting the vulnerability. Maybe he was refering to "existance of sample code".

It seems they really want to get the message out. I'm guessing that that the warnings will be ignored and that I'll have a very busy few days cleaning up the mess.

I wonder if the virus will get a cool name...

Garak · September 15th, 2003, 10:14 PM

well i've emailed the family and friends... less chance of me getting roped into repairing that way

Pinnacle · September 15th, 2003, 10:30 PM

Quote:

Originally Posted by jimmm33

I just got an email from MS. Here is part of it:

"As you know, Microsoft released Security Bulletin MS03-039 on September
10, 2003. This bulletin details three critical vulnerabilities in the
Windows operating system and provides instructions for applying the
corresponding patch.

Yesterday, Saturday, September 13th, it came to our attention that a
research company called Immunity published a paper providing guidance on
how to exploit the vulnerabilities patched by Microsoft Security
Bulletin MS03-039. To date we've had no reports of actual exploit code
being publicly available or being used actively in a worm or virus.

If you have applied the patch as advised in Microsoft Security Bulletin
MS03-039, you are protected from exploit code developed using the
guidance provided in this paper. If you have not deployed the patch or
taken additional mitigating actions to protect your environment, you
should be aware that the existence of sample code does make it easier
for an active exploit to be developed. "

The guy on the phone said there was already code out exploiting the vulnerability. Maybe he was refering to "existance of sample code".

It seems they really want to get the message out. I'm guessing that that the warnings will be ignored and that I'll have a very busy few days cleaning up the mess.

I wonder if the virus will get a cool name...

Really good information. Thanks for the heads up.

Archangel42069 · September 15th, 2003, 10:42 PM

am I the only one who has had problems with this patch on xp?

It seems that my system will hang when I first boot, then resume normal operation after opening all of the applications I have vainly attempted to open.....started right after I applied the patch, but this was at the same time I was installing the stupid tango manager for alltel dsl - now I have about 10 connections or so that I can't figure out how to get rid of, so that may be the problem as well.

CeeBee · September 17th, 2003, 10:31 AM

Quote:

Originally Posted by Archangel42069

am I the only one who has had problems with this patch on xp?

It seems that my system will hang when I first boot, then resume normal operation after opening all of the applications I have vainly attempted to open.....started right after I applied the patch, but this was at the same time I was installing the stupid tango manager for alltel dsl - now I have about 10 connections or so that I can't figure out how to get rid of, so that may be the problem as well.

I have about 80 machines here, from NT4 to XP, all patched, none with problems.

*NooNoo* · September 17th, 2003, 12:32 PM

Quote:

Originally Posted by Archangel42069

am I the only one who has had problems with this patch on xp?

Yup!

CeeBee · September 17th, 2003, 12:37 PM

The exploit is already on the net!

machineman · September 17th, 2003, 02:50 PM

Quote:

Originally Posted by CeeBee

The exploit is already on the net!

Just sent the notice to the boss. Bet we get hit before he responds.......

scott · September 17th, 2003, 04:34 PM

We just finished applying this patch on all machines. From NT, 2000, XP, no problems. Can't wait until we get SMS.

September 15th, 2003, 06:56 PM	#1
jimmm33 Registered User Join Date: Sep 2000 Location: Knoxville, TN. Posts: 534	MS Patch MS03-039 My store got a call from a Microsoft rep today. He ask to talk to the tech. He told me to note the MS03-039 patch and start patching machines. He said there was already code exploiting the vulnerability. I asked if it had a name yet and he said no. After I hung up, I considered social engineering so I ask the person who answered the phone. She said that it was "Mike" the same MS rep that calls all the time. He normally talks to the sales people. I have been watching SARC all day but no mention. Did anyone else get a call? __________________ Indeterminism. There's nothing you can do about it.

September 15th, 2003, 07:34 PM	#2
Garak Senior Member Join Date: Jun 2001 Location: Hebburn, Tyne & Wear, North East England Posts: 2,448	I found this with a google search, thanks for the heads up __________________ All sorts of wonderful things in life.

September 15th, 2003, 08:51 PM	#3
jimmm33 Registered User Join Date: Sep 2000 Location: Knoxville, TN. Posts: 534	I just got an email from MS. Here is part of it: "As you know, Microsoft released Security Bulletin MS03-039 on September 10, 2003. This bulletin details three critical vulnerabilities in the Windows operating system and provides instructions for applying the corresponding patch. Yesterday, Saturday, September 13th, it came to our attention that a research company called Immunity published a paper providing guidance on how to exploit the vulnerabilities patched by Microsoft Security Bulletin MS03-039. To date we've had no reports of actual exploit code being publicly available or being used actively in a worm or virus. If you have applied the patch as advised in Microsoft Security Bulletin MS03-039, you are protected from exploit code developed using the guidance provided in this paper. If you have not deployed the patch or taken additional mitigating actions to protect your environment, you should be aware that the existence of sample code does make it easier for an active exploit to be developed. " The guy on the phone said there was already code out exploiting the vulnerability. Maybe he was refering to "existance of sample code". It seems they really want to get the message out. I'm guessing that that the warnings will be ignored and that I'll have a very busy few days cleaning up the mess. I wonder if the virus will get a cool name... __________________ Indeterminism. There's nothing you can do about it.

September 15th, 2003, 10:14 PM	#4
Garak Senior Member Join Date: Jun 2001 Location: Hebburn, Tyne & Wear, North East England Posts: 2,448	well i've emailed the family and friends... less chance of me getting roped into repairing that way __________________ All sorts of wonderful things in life.

September 15th, 2003, 10:42 PM	#6
Archangel42069 Registered User Join Date: Sep 2002 Location: Malebolge, 8th Level of Hell Posts: 607	am I the only one who has had problems with this patch on xp? It seems that my system will hang when I first boot, then resume normal operation after opening all of the applications I have vainly attempted to open.....started right after I applied the patch, but this was at the same time I was installing the stupid tango manager for alltel dsl - now I have about 10 connections or so that I can't figure out how to get rid of, so that may be the problem as well. __________________ --Those who think they know everything annoy those of us that do.

September 17th, 2003, 12:37 PM	#9
CeeBee Registered User Join Date: Nov 2002 Location: USA Posts: 2,022	The exploit is already on the net! __________________ Protected by Glock. Don't mess with me!

September 17th, 2003, 04:34 PM	#11
scott Registered User Join Date: Feb 2003 Posts: 57	We just finished applying this patch on all machines. From NT, 2000, XP, no problems. Can't wait until we get SMS.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode