Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2013-04-11 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

KB2823324 causing boot issues in Brazil and some other locales

Published: 2013-04-11
Last Updated: 2013-04-11 02:13:03 UTC
by Mark Hofman (Version: 1)
13 comment(s)

An article in Linha Defensiva (http://www.linhadefensiva.com/2013/04/brazilian-users-unable-to-boot-windows-after-botched-update/) reports that after applying the update machines were no longer able to boot.  According to the article Microsoft has recognised that there is an issue with the Brazillian version of the OS, but the links in the article do point to other locales having a similar issues. 

I wasn't able to find any futher reference on the microsoft site, but in the mean time if you do approve this KB for deployment make sure you test it thouroughly prior to a production implementation.

If you've had issues with this KB please let us know.

Mark H

Keywords:
13 comment(s)

Windows XP end of life, 12 months to go.

Published: 2013-04-11
Last Updated: 2013-04-11 02:00:23 UTC
by Mark Hofman (Version: 1)
1 comment(s)

The Microsoft Security Response Center put up a little note reminding people that windows XP will be out of extended support in 12 months time (http://blogs.technet.com/b/msrc/archive/2013/04/09/out-with-the-old-in-with-the-april-2013-security-updates.aspx).  From April next year there will be no more security patches or updates to the operating system.  Reality teaches us that that many organisations will still have Windows XP running within their networks at that time.  So as security professionals we should probably put the risk of an unsupported operating system in the environment in the risk register. 

How big a problem will it be? That will depend on the issues that will no doubt be released in May 2014. With the XP install base still being quite large it is likely that there are vulnerabilities that people are sitting on and may not release until after Microsoft has stopped support.  So we should work on the assumption that:

  1. we wiill still have XP in the environment
  2. there are going to be vulnerabilities that exploit the OS. 

Some of the common techniques that we use today may help address the issue.  Application whitelisting should help protect the operating system, assuming the products will support XP going forwards. Network segmentation will help contain any issues in the environment.  But essentially we are going to have to look at the problem of having known compromised machines in the network that we may not be able to do much about. 

I've put up a poll asking "What are your plans when XP is no longer supported" feel free to provide additional comments in the poll or here. How will your organisation deal with this?

Mark H

Keywords:
1 comment(s)
ISC StormCast for Thursday, April 11th 2013 http://isc.sans.edu/podcastdetail.html?id=3239
Diary Archives