If you don’t already know, Microsoft is releasing an out of band critical update today. Rumor is it is not related to the TCP DoS issue, and may involve an 0day with remote code execution.
Here’s the link to the webcast where they will detail what’s going on.
We don’t normally jump on a bandwagon like this, but it sounds like a big one you’ll want to fix ASAP.
It’s a nasty vulnerability in the Server service that allows remote code execution without authentication. You should already be blocking TCP ports 139 and 445 at the perimeter, so nothing unusual to change on the firewall.
But this is totally wormable, requires no authentication, and allows arbitrary code execution. It’s the evil trinity of vulnerabilities.
You should pay extra attention to your mobile users and friends and family- have them update ASAP since the odds are they aren’t blocking those ports. Don’t get too cocky if you have a firewall- like Slammer it will only take one infected sales dude to plug back in at the office and ruin your day. These are the kinds of vulns NAC is made for.
Also, don’t forget about those virtual versions of Windows running on your Mac.
It looks so easy to exploit, that by the time you read this it’s probably too late 🙂