“Blaster” Worm Aftermath
In our last newsletter we warned about a fault in Windows NT/2000/XP and the potential for a virus or worm which exploits it. Sure enough, the “Blaster” worm (a.k.a. W32/Lovsan.worm.a) has ripped through the Internet; fortunately it doesn’t do much except infect other systems and clog traffic. However, since then, new faults have been announced which make the original patch obsolete — the latest fix is called MS03-039 (824146). The simplest way to get the update is go to http://windowsupdate.microsoft.com. Broadly speaking, everything under “Critical Updates” is important but MS03-039 is particularly critical so unselect the other patches listed if you don’t have time or bandwidth to download all of them. You may also need to apply a Service Pack before the patch will appear. Please contact us or your IT provider if you need assistance.
If you have a firewall you can’t be attacked by worms exploiting this vulnerability, but the big problem for many businesses will be unpatched and un-firewalled laptops which connect to the Internet via modem when off the network, become infected, and then infect the network from behind the firewall. Thus it is still important that all your machines are patched to prevent attacks from within.
It’s also important to note that simply keeping your antivirus system up to date will not block an attack, although your A/V system may detect any files the worm “drops” and may detect it once it is in memory. But by then it may be too late — and some viruses disable AV systems anyway. So in this instance the best and only protection is prevention: in other words, install the patch.
Update 14/04/2004 - this patch has been replaced by MS04-012 (828741).