Insufficient data from Andrew Fryer

The place where I page to when my brain is full up of stuff about the Microsoft platform

Update Tuesday – good for your health

1st of April could well see the resurgence of the infamous Conflicker or downadup worm which some experts reckoned had infected over 3.5 million computers by January.  This is because Conflicker will use a new algorithm to work out which domains to attack. 

Many of the problems that have been reported were simply because so many systems were not kept up to date, the critical security update being MS08-67  released on 23rd October 2008.  So if you want a quiet relaxing time this week can I suggest that you check the following resources and ensure your systems are in compliance with the advice in them:

  • Microsoft Conficker guidance page for IT Professionals.  The advice on proetection is to :
    • Apply the security update associated with MS08-067. View the security bulletin for more information about the vulnerability, affected software, detection and deployment tools and guidance, and security update deployment information.
    • Make sure you are running up-to-date antivirus software from a trusted vendor, such as Microsoft’s Forefront Client Security or Windows Live OneCare. Antivirus software may also be obtained from trusted third parties such as the members of the Virus Information Alliance.
    • Check for updated protections for security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. The Microsoft Active Protection Program (MAPP) provides partners with early access to Microsoft vulnerability information. For a list of partners and links to their active protections, please visit the MAPP Partners page.
    • Isolate legacy systems using the methods outlined in the Microsoft Windows NT 4.0 and Windows 98 Threat Mitigation Guide.
    • Implement strong passwords as outlined in the Creating a Strong Password Policy whitepaper.
    • Disable the AutoPlay feature through the registry or using Group Policies as discussed in Microsoft Knowledge Base Article 967715. Microsoft released Security Advisory 967940 to notify users that the updates to allow users to disable AutoPlay/AutoRun capabilities have been deployed via automatic updating channels.
      NOTE: Windows 2000, Windows XP, and Windows Server 2003 customers must deploy the update associated with Microsoft Knowledge Base Article 967715 to be able to successfully disable the AutoRun feature. Windows Vista and Windows Server 2008 customers must deploy the security update associated with Microsoft Security Bulletin MS08-038 to be able to successfully disable the AutoRun feature.

There is also advice on the page on how to clean up the mess if you are too late, and the various variants of Conflicker and what to do about them.

It might also be good to let your friends and family know about this so that you can also relax when you get home and the resources they need are here.