Trimmed down a bit, here’s an alert I just got about yet another Microsoft security exploit. Even if you installed the patch last month, you WILL need another patch:
IMMEDIATE ACTION REQUIRED
NOTE This vulnerability IS different from that previously advised in Microsoft Security Bulletin MS 03-0026 and requires patching action.
Patching action required by: September 12, 2003
Microsoft Security Bulletin MS03-039 - RPCSS DCERPC Vulnerability - Patch Testing and Implementation
On 10 September 2003, Microsoft released security bulletin MS03-039 announcing three vulnerabilities in their operating systems that could be exploited. Only one of these vulnerabilities was addressed in previous patching efforts in relation to Microsoft Security Bulletin MS 03-0026. The two remaining vulnerabilities, one providing remote system privileged access and the other crashing the RPC service, affect ALL systems previously affected and ARE NOT addressed by previous patching efforts.
These vulnerabilities pose significant threat to the Internet and <us> and our customers.
This vulnerability exists in the following Microsoft operating systems:
Windows NT 4.0
Windows NT 4.0 Terminal Server
Windows Server 2003
NOTE: Windows 9x systems are not impacted by these vulnerabilities.
A “patch” is available from Microsoft, which has been successfully tested in the above operating systems by <us>.
The CIS Security Operations Center (SOC) believes that existing exploits and worms can easily be modified to take advantage of the newly discovered vulnerabilities, therefore the 3 week time lag that was present when the MS 03-0026 vulnerability was discovered to the release of the BLASTER worm DOES NOT EXIST. ** is extremely likely that a modified worm targeting these vulnerabilities will be developed and released within the next few days. **
To insure continued “high” availability of our systems to customers, and the protection of <our> assets, the following actions must be taken:
BY END OF DAY, Friday September 12 , 2003
Determine the service pack level of all devices running any of the above operation systems.
Review the Microsoft security bulletin as there are specific service pack requirements listed in the security bulletin.
If any systems under your control do not have antivirus installed, INSTALL IT AS SOON AS POSSIBLE
Ensure antivirus signatures are up-to-date and auto-update is enabled to update signatures daily.
Have all devices patched as quickly as possible, and no later then Friday, September 12, 2003.