Zotob, a hard and unfortunate lesson (again) for Enterprises
Unless you have been on vacation on the moon for the last few days, you know that there is new exploit in the wild that mainly affect Windows 2000 and pre SP2 Windows XP OS’s called Zotob (and variants). This worm is hitting some of the same big name companies that were crippled by CodeRed, Sasser and Blaster.
In the years since those nightmares, there have been a lot of great tools that have come out to help avoid these nightmares. I can’t believe that some of the big enterprises (some of them are my customers) don’t have a better strategy or mandatory policy to update desktops and servers with security updates quickly. Microsoft and others have been preaching for at least the last 3 years that it is only a matter of time for a 0 day exploit. While Zotob is not a zero day exploit, it is close.
Everyone knows about “patch Tuesday”, including malware authors. You absolutely have to have a patch strategy these days to push security updates immediately or within 24 hours. This means 1000’s of boxes in some cases.
If you are an enterprise, don’t just stand there, get something! Windows/Microsoft Update, SMS, SUS, WSUS, ONiPatch, Hercules, etc it doesn’t matter!! Some you pay for, some are free, but just do it. I guarantee this isn’t the last time, and the next one might be even bigger.
I don’t want to get into a debate about how many security flaws Microsoft has over distributions of Linux or IIS vs Apache. You need a strategy for all of these systems.
If you have a single PC, home network with a couple computers or if you have an enterprise with 10,000 of pc/servers get a plan on how you get and apply updates.
BTW, don't get me started on the Media. Every single time I watch the "tech" portion of our local news channels I want to call them up and make at least 3 corrections (most of the time non-Microsoft stuff). They can't even get mobile phones right.
A great blog to subscribe to is the Microsoft Security Response Center Blog!.
