I have a post sitting in my ‘drafts’ section, in which I ramble on about why we’re forced to patch like a bunch of sheep once a month. That post might take a while because I keep having to edit it for rants to keep it concise and on point.

In the meantime, as much as we might hate it, it is still important that we all patch, audit, patch, verify, and start all over again. The uber-smart fellas over at Matasano Chargen are saying that this one has all the fixins to rival SQL-Slammer (I’m not sure why ‘utilizes UDP’ isn’t on their list, that made Slammer fast as hell!):

What a vulnerability needs to rival the Slammer worm:

A vulnerable population of more than 50,000 hosts (check!)

A pre-auth vulnerability that provides remote code execution (check!)

A reliable exploit (one that doesn’t need to know specific stack or code offsets in the binary, and that isn’t heavily data or timing dependent). (check!)

So friggin’ patch your systems already, so we can get back to our debates about the death of IDS technology, the panacea known as UTM, and why NAC doesn’t work. =)

For more information about this topic

• No Related Post