ms08067网络入侵微点报警! 我们的微点保卫我们,抵御微软最新漏洞ms08067攻击

Nblock

微软4年来最强漏洞来了!  当年的RPC漏洞重现 危害类似"冲击波"

微软在2008年12月24日清晨 太平洋标准时间下午1点举行网络直播会议紧急发布一个最高级别为严重的安全补丁ms08-067,用以修复已发现的Windows Server service 的漏洞并可能被利用于远程攻击或散播蠕虫. 攻击成功者可能获取系统的完全控制权限.

微软系统这一安全漏洞可影响包括Ｗｉｎｄｏｗｓ　ＸＰ、Ｗｉｎｄｏｗｓ　２０００、Ｗｉｎｄｏｗｓ　Ｓｅｒｖｅｒ　２００３、Ｗｉｎｄｏｗｓ　Ｖｉｓｔａ等几乎所有主流操作系统。黑客可以利用此漏洞发动大规模远程攻击，实际效果可与“冲击波”“震荡波”等病毒类似。

“冲击波”病毒于２００３年８月首次爆发，１小时内就造成全球上百万台电脑瘫痪。中毒电脑的系统资源被大量占用，有时会弹出ＲＰＣ服务终止的对话框，并且系统反复重启，不能收发邮件、不能正常复制文件、无法正常浏览网页，复制粘贴等操作受到严重影响。








Our Micropoint protect us against Microsoft Security Hole-MS08067

微点试用版预升级应该都可以硬防 还记的当年的“冲击波”病毒吗？ 在不安装更新微软Windows漏洞补丁的情况下，第一时间 微点主动防御软件同样能够抵挡威胁！

有兴趣的朋友可自行测试 MS08-067溢出环境：
lanmanworkstation服务开启（默认）
server服务开启（默认）
Browser服务开启（默认）
windows默认防火墙禁用。。。貌似装了某些杀毒软件会自动禁用的，所以不说了。。。。

对于未使用微点主动防御软件的用户，个人建议：
1、开启windows自动更新，及时打好漏洞补丁 应用更新:http://bbs.micropoint.com.cn/showthread.asp?tid=43026&fpage=1

2、不要在不明站点下载非官方版本的软件进行安装，避免病毒通过捆绑的方式进入您的系统。黑屏病毒专题报道：小心黑屏行动酿成黑客风暴：http://hi.baidu.com/micropoint/b ... 8b121790ef39f7.html  安装微点主动防御类软件，该软件是解决此类病毒最有效的方法。

Author:

Subject: Our Micropoint protect us against Microsoft Security Hole-MS08067

microsoft Infrequently Poster Credit 3 Totalpost 1 Registered 2008-10-28

#1 Our Micropoint protect us against Microsoft Security Hole-MS08067 NOTICE: October 23, 2008: Today the MSRC released Security Bulletin MS08-067. For more information on this bulletin, and to stay protected get the latest information from the MMPC here on our blog: http://blogs.technet.com/mmpc/ar ... -protected-now.aspx Get Protected, Now!      Thursday, October 23, 2008 10:00 AM by mmpc Microsoft released a security update today that fixes a vulnerability that affects all supported versions of Windows. On some versions of Windows, an unauthenticated attacker can remotely execute code on a vulnerable computer. Basically if file sharing is enabled and the security update is not installed yet, the computer is vulnerable. File sharing is enabled in several scenarios though it is disabled by default in XP SP2 and newer operating systems. See the "Security Vulnerability Research & Defense" blog for further information. Security Bulletin MS08-067 also provides more details. Microsoft strongly recommends that you update your computer(s) immediately. We are already seeing a small number of attacks using this vulnerability. The situation can change now that the security update is public. We have seen cases in the past where information on how to exploit a newly updated vulnerability was posted to the web only a few days, or even hours, after a security update is released. Did we already mention that we recommend you quickly install the security update? We have detection for the current attacks. Its name is Exploit:Win32/MS08067.gen!A and it is included in VDM update version 1.45.1012.0 and higher. We released these VDMs this morning shortly after 10 AM PDT. These current attacks will be detected when the attack file is copied to the victim’s computer, for example, as part of its self replication. Note that we are not aware of any self replicating malware that is exploiting this vulnerability at the moment. This update can detect the current attacks and we will continue to update should more be created. Our team, the Microsoft Malware Protection Center, is on the alert and is closely monitoring the situation. Currently, attacks try to download a trojan named n2.exe to the victim’s computer and there are now two different versions of this binary. Our products are able to detect both files as TrojanSpy:Win32/Gimmiv.A. This trojan drops another DLL that we detect as TrojanSpy:Win32/Gimmiv.A.dll. The malware deletes itself after it executes so you may not find it even on systems that were previously infected. Our products provide real-time protection that will block that malware from being copied to the hard drive.  You can read more details about this malware in our encyclopedia write ups. Windows Live OneCare safety scanner, Windows Live OneCare and the various Forefront products include these detections. If you believe that you identified new malware that is exploiting this vulnerability, or other malware, please let us know by submitting that file to our portal. So get protected, and the sooner, the better. Ziv Mador Microsoft Malware Protection Center: :http://blogs.technet.com/mmpc/ar ... -protected-now.aspx Summary Exploit:Win32/MS08067.gen!A is a generic detection for code that attempts to exploit a vulnerability in SVCHOST.EXE. If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. On targeted hosts running Windows 2003, XP, 2000 or NT, this remote attack may be performed by an unauthenticated user. Successful exploitation of the vulnerability on systems with default installations of Windows Vista and Windows Server 2008 require authentication due to protections introduced as part of user access control (UAC) that enforce additional levels of integrity. Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately. Symptoms There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

[ 本帖最后由 Nblock 于 2008-11-1 20:32 编辑 ]

keiz

重点应该是防漏洞 而不是防这个exe吧

ms08067是个入侵漏洞吧

微点能防住这个exe没啥 这个exe行为那么多又那么明显说不定没三两下就被干掉了 出师未捷身先死 不准

重点是微点用户不打补丁 能不能不被入侵
有ms08067漏洞利用工具吗 谁用来试试微点

keiz

沒人 唉

simonfour

关注一下，没能力去试啊。。。

微点又要加白名单了。。。

keiz

还是那种无关痛痒的帖子才有人

Nblock

原帖由 keiz 于 2008-10-31 13:35 发表
重点应该是防漏洞 而不是防这个exe吧
ms08067是个入侵漏洞吧  重点是微点用户不打补丁 能不能不被入侵

溢出漏洞可允许执行远程代码  曾经试过PPStream的溢出漏洞 微点不反应  当漏洞被激活下载到本地的木马运行后 被微点行为判断干掉了

如果黑方利用08 067漏洞远程联接传个05版微点送给白方  我估计微点也不会有反应  不过要想控制对方机器还得下载运行事先准备好的攻击程序 谁去找个攻击模型试试咱们的微点呢？网上有很多 我补丁已经打好玩不来

微点的帮助文件说明微点具有溢出保护功能 微点能主防当年的“冲击波”病毒!    我也很想好奇微点能不能硬防08 067  这方面的保护能力到底到了什么程度  具体内容去问问微点的工程师吧 让他们爆下料     很好的讨论  建议版主给楼上加加分 这个问题很好很强大

keiz

我说的是入侵

说不定我利用漏洞入侵后 下net stop "mpsvc service"

微点就死了  还木马咧

[ 本帖最后由 keiz 于 2008-10-31 22:05 编辑 ]

Nblock

原帖由 keiz 于 2008-10-31 21:23 发表
我说的是入侵

说不定我利用漏洞入侵后 下net stop mpservice

微点就死了  还木马咧

在样本区有个08067攻击模型  另外请看图：


[ 本帖最后由 Nblock 于 2008-10-31 21:39 编辑 ]

黄金马甲出租

over

不知道还有什么好说的，别说我的ms08067不是真的就好。。。。。。。。。。。。。
其他的杀毒软件就不多说了吧。。。。。。。。

[ 本帖最后由 黄金马甲出租 于 2008-10-31 22:11 编辑 ]

keiz

图出太慢以致于没看到

[ 本帖最后由 keiz 于 2008-10-31 22:15 编辑 ]