MS Patch MS03-039

**jimmm33** · September 15th, 2003, 05:56 PM

My store got a call from a Microsoft rep today. He ask to talk to the tech. He told me to note the MS03-039 patch and start patching machines. He said there was already code exploiting the vulnerability. I asked if it had a name yet and he said no.

After I hung up, I considered social engineering so I ask the person who answered the phone. She said that it was "Mike" the same MS rep that calls all the time. He normally talks to the sales people.

I have been watching SARC all day but no mention.

Did anyone else get a call?

**Garak** · September 15th, 2003, 06:34 PM

I found this with a google search,

thanks for the heads up

**jimmm33** · September 15th, 2003, 07:51 PM

I just got an email from MS. Here is part of it:

"As you know, Microsoft released Security Bulletin MS03-039 on September
10, 2003. This bulletin details three critical vulnerabilities in the
Windows operating system and provides instructions for applying the
corresponding patch.

Yesterday, Saturday, September 13th, it came to our attention that a
research company called Immunity published a paper providing guidance on
how to exploit the vulnerabilities patched by Microsoft Security
Bulletin MS03-039. To date we've had no reports of actual exploit code
being publicly available or being used actively in a worm or virus.

If you have applied the patch as advised in Microsoft Security Bulletin
MS03-039, you are protected from exploit code developed using the
guidance provided in this paper. If you have not deployed the patch or
taken additional mitigating actions to protect your environment, you
should be aware that the existence of sample code does make it easier
for an active exploit to be developed. "

The guy on the phone said there was already code out exploiting the vulnerability. Maybe he was refering to "existance of sample code".

It seems they really want to get the message out. I'm guessing that that the warnings will be ignored and that I'll have a very busy few days cleaning up the mess.

I wonder if the virus will get a cool name...

**Garak** · September 15th, 2003, 09:14 PM

well i've emailed the family and friends... less chance of me getting roped into repairing that way

**Pinnacle** · September 15th, 2003, 09:30 PM

Originally Posted by jimmm33

I just got an email from MS. Here is part of it:

"As you know, Microsoft released Security Bulletin MS03-039 on September
10, 2003. This bulletin details three critical vulnerabilities in the
Windows operating system and provides instructions for applying the
corresponding patch.

Yesterday, Saturday, September 13th, it came to our attention that a
research company called Immunity published a paper providing guidance on
how to exploit the vulnerabilities patched by Microsoft Security
Bulletin MS03-039. To date we've had no reports of actual exploit code
being publicly available or being used actively in a worm or virus.

If you have applied the patch as advised in Microsoft Security Bulletin
MS03-039, you are protected from exploit code developed using the
guidance provided in this paper. If you have not deployed the patch or
taken additional mitigating actions to protect your environment, you
should be aware that the existence of sample code does make it easier
for an active exploit to be developed. "

The guy on the phone said there was already code out exploiting the vulnerability. Maybe he was refering to "existance of sample code".

It seems they really want to get the message out. I'm guessing that that the warnings will be ignored and that I'll have a very busy few days cleaning up the mess.

I wonder if the virus will get a cool name...

Really good information. Thanks for the heads up.

**Archangel42069** · September 15th, 2003, 09:42 PM

am I the only one who has had problems with this patch on xp?

It seems that my system will hang when I first boot, then resume normal operation after opening all of the applications I have vainly attempted to open.....started right after I applied the patch, but this was at the same time I was installing the stupid tango manager for alltel dsl - now I have about 10 connections or so that I can't figure out how to get rid of, so that may be the problem as well.

**CeeBee** · September 17th, 2003, 09:31 AM

Originally Posted by Archangel42069

am I the only one who has had problems with this patch on xp?

It seems that my system will hang when I first boot, then resume normal operation after opening all of the applications I have vainly attempted to open.....started right after I applied the patch, but this was at the same time I was installing the stupid tango manager for alltel dsl - now I have about 10 connections or so that I can't figure out how to get rid of, so that may be the problem as well.

I have about 80 machines here, from NT4 to XP, all patched, none with problems.