"The beta version of Windows 7 is also affected."

What Beta? It's not even out of Milestone builds yet, closest thing to Beta is the soon to come PDC release which will still be Alpha.

So if I understand this right, it's a vulnerability in the RPC handling.

Now, assuming I have a half-way decent firewall set up that disallows incoming requests from outside my domain, that neutralises the attack entirely?

At first I thought they deleted the coments

"You're not going to see a worm on Vista or Server 2008."

Is it a technical statement or more a marketing statement? Obviously, to those who've actually been around, what was probably meant was: "You're going to see fewer worms on Vista or Server 2008 (than on earlier versions).".

There are many reasons what MS has failed to do (or chose to ignore/sacrifice) over the years, but I'll point out one: the way the user and (3rd party) software interacts w/ the OS. Giving user admin-level account does makes things easier for users, but also makes this easier to screw-up (I don't think I would need to evaluate on this). Vista did made some changes, such as UAC, to make sure the user actually vetted and wanted certain actions done. But there are already known easy ways to bypass such "security" features, all widely and readily available.

As for the software, do some really need such deep access to the OS/system? The majority doesn't need to install drivers or services just to operate. Heck, they even be able to operate on the own context of the user w/ needing to tamper the whole system. Take for example some messenger software, where (at least one) installs a service. What for? For the Shared Folders feature? That can be done w/n the (security) context of the user. Not only are they prime target for exploitation, but successfully exploitation (and there is little doubt about it) means the attacker has system-level access to the system. With the current trend, it just compounds the former problem: users wants to run admin-level since their "favorite" software requires system access, sometimes frequent access.

Arrggghhh... I'm rambling again...

Workaround #3 from the advisory

>> Block TCP ports 139 and 445 at the firewall

So, unless you already stand in the streets with your pants down, there is nothing to see here ?

Have you read the blog post? UAC does block the problem hence why it is an important update (one that gets patched automatically through Windows Update) and not a critical update (runs code without user intervention).

Also what does this even have to do with IE? It is a worm, you don't do anything. Also most home users should find their router protects them from attack, unless an infected computer comes inside the network.

UAC does sort that shite out. That's why it doesn't affect Vista and 2k8 devices. Its actually quite clearly stated in the article, but we wouldn't want to let that get in the way of your rabid fanboyism.

Though arguably, I should have just ignored your post the second I saw you'd used the term "M$". It is quite useful though. It allows me to distinguish between people using other OS's because they suit them better, and people using other OS's to stick it to the man.

"Bet you it's because IE is still running at the kernel level instead of being a "normal" app which has restrictions on what it can do."

Bet you it isn't, because that is an urban myth. IE has never been anything more than a normal app. Of course, since nearly every Windows user runs as administrator, the distinction is not terribly important.

"So if I understand this right, it's a vulnerability in the RPC handling. Now, assuming I have a half-way decent firewall set up that disallows incoming requests from outside my domain, that neutralises the attack entirely?"

Yes. The vulnerability appears to be in the "RPC over SMB" code path used by file sharing (CIFS) and such a firewall is one of the workarounds.

If you're internet connection is a router with either NAT or a half-way decent firewall then the ports aren't visible from the internet, so the vast majority of domestic users (and surely *all* business users) are safe. If your router has an inadequately secured wireless connection, you might be vulnerable to the bloke parked outside in the street.

Any home user without a router, whose Windows box enjoys the IP address provided by their ISP, is probably at risk, but such machines are almost certainly part of a botnet already and presumably their local rootkit would block any further invasion.

All in all, it is hard to see why MS are making such a fuss.

To remind yourself that Microsoft is allegedly the greatest software provider on the planet with the best brains in the industry...

Best that is, for producing a complete pile of utter, worthless shite

If there stuff was free, downloaded from the Internet, wed chuck it away and laugh the tossers out of court, but its the exact opposite, its f**king horrendously expensive and their ability to shaft their customers with the 'next load of bollox' is beyond belief.

Not much one for study, eh? MSIE is definitely NOT a "normal" application by any stretch of the imagination. Just ask Microsoft ... "Internet Explorer has been an integral part of the Windows operating system for over a decade" ... this during arguments about whether it is able to "unbundle" MSIE from the Windows operating system. They cannot "unbundle" it because it is "an integral part of the Windows operating system", just like Microsoft Media Player.

Everyone saying "I have firewall therefore I am safe" is also blocking every single other vector for zero-day malicious code to maintain that "safety", right?

Never underestimate the capability of a user to do something stupid and, thanks to the nature of this bug, it only takes a very small amount of user-stupid to cause a serious amount of harm.

"Google: linux remote code exploit"

Remind me how many of those remote exploits allow the attacker to run code as root? Then could you please do a comparison of how many remote Win exploits allow an attacker to execute something with admin privileges.

"MSIE is definitely NOT a "normal" application by any stretch of the imagination. Just ask Microsoft ... "Internet Explorer has been an integral part of the Windows operating system for over a decade" ...

I repeat, MSIE is a normal application. It runs in user space. It no more demands kernel privileges to do its work than firefox. Obviously it is an integral part of the *product*, but you are just being stupid if you think every part of Windows is part of the operating system.

i hate to admit this but...what do i know?

i downloaded and ran the patch as suggested. it seems i no longer have control of Outlook -- no preview pane and am unable to send outgoing mail. i've re-started multiple times to no avail...

...suggestions?!?!?

thx in advance for any help