As Blaster spreads, patching accelerates

Article

As Blaster spreads, patching accelerates

Lawrence M. Walsh, Managing Editor TechTarget Security Media Group

Enterprises are accelerating their patching of the RPC-DCOM vulnerability following the rapid spread of a worm exploiting the well-publicized Windows flaw.

Blaster, also known as Lovsan and the RPC worm, started slowly circulating Monday and quickly picked up speed, infecting Windows machines around the world. Symantec's Security Response Team says it has identified more than 167,000 infected hosts that are continuing to attempt to spread the worm.

Microsoft provided a workaround immediately following the vulnerability's discovery three weeks ago. Shutting down ports 135, 139, 445 and 593 blocked systems from infection. Many enterprises were rolling out the patch that corrects the RPC flaw, but the fast-spreading Blaster caught many off guard.

"Enterprises were still on a two week roll out plan, and many enterprises were planning to be halfway rolled out by now," says Eric Schultze, executive director of product research and development at Shavlik Technologies. "Now, they're accelerating plans."

The RPC-DCOM vulnerability primarily affects Windows 2000 and XP, but may also affect Windows NT 4.0 and Windows Server 2003. Schultze says many enterprises are upgrading to Windows 2000 SP3, since Microsoft hasn't tested and doesn't support the patch for SP2.

Home and remote office users were particularly hard hit, since many don't have personal firewalls or install patches. Worst, infected machines brought into corporate environments allowed

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Blaster to circumvent the workarounds and infect corporate networks.

As of Tuesday night, Symantec and others say Blaster's propagation is slowing, but remains dangerous.

"The patch for the vulnerability is effective, and it's important to apply the patch," says Dee Liebenstein, group product manager for Symantec Security Response. "Just because Blaster is slowing down doesn't mean that the threat is gone. There's a chance for future variants."

For those infected, the CERT Coordination Center has also released steps for recovering from the worm's infection.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top