[BESAdmin-Announcements] New worms

Tue Aug 16 16:30:17 PDT 2005

There have been a number of news stories talking about the new worms that
exploit Windows vulnerabilities from the latest patch release from
Microsoft. Because the worms began to appear very soon after the patches
were released (within 1-2 days), we have had a lot of customers inquiries
about the new patches and related worm activity. 

Due to the volume of inbound questions we are receiving, we are publishing
this announcement that contains information about the August patches and
worms in relation to BES.

The following applies to customers who have purchased the Patches for
Windows Fixlet sites:
-- The patches were released from Microsoft on August 9, 2005 at
approximately 10am Pacific Time. The bulletins were named MS05-038 through
MS05-043.
-- The Fixlet messages for this group of patches were released to the
Patches for Windows (English) at approximately 3pm Pacific Time. 
-- There were a total of 42 Fixlet messages released for the August patches
that cover all the different patches (this includes the Fixlet messages
different operating systems and the corrupt patch Fixlet messages). 
-- MS05-038, MS05-039, and MS05-043 have a maximum Microsoft severity rating
of 'Critical'.
-- Microsoft only released patches for Windows 2000 SP4 computers and not
for the earlier versions of Windows 2000 (SP3 and below). Any Windows 2000
computer pre-SP4 are vulnerable and you will only see a Fixlet messages for
many of the patches once you update to Windows 2000 SP4. You can use the
Fixlet messages on the Patches for Windows sites to update to Windows 2000
SP4. 
-- All the non-English patches are also available in their respective Fixlet
sites.
-- There were reports of exploits for these vulnerabilities soon after they
were released and today there are reports of widespread worms that exploit
these vulnerabilities.
-- Many of our customers have already completed their enterprise-wide
deployment of these patches and we have not heard any reports of issues
caused by these patches. We estimate that there have been over a million
computers patched so-far for the August vulnerabilities using BigFix with no
known issues.

The following applies to customers who have purchased the Client Manager for
AntiVirus Fixlet site:
-- We are continuing to publish updated virus definitions for the antivirus
products we support (Symantec, McAfee, eTrust, Trend Micro, and Sophos). As
the AntiVirus vendors update their definitions, we will release Fixlet
messages for the new updates.
-- Using the Analyses, Fixlet messages, and properties on the Client Manager
for AntiVirus Fixlet sites, you can see the current definition version of
the antivirus product as well as the status of the antivirus agent (running,
not running, not installed, etc.). You can also use BES to push updated
definitions to your antivirus agents.
-- We have heard that many of our customers are actively pushing the updated
definitions for all the antivirus products using BES with no known issues.
BES can be used to update the virus definitions in conjunction with the
normal antivirus definition update procedures with no issues.
-- Due to customer requests and due to the perceived widespread risk, we
have published Fixlet messages to detect the Zotob.A and Zotob.B worms. We
will soon update these Fixlet messages to include the ability to remove the
worms using a newly released tool from Symantec (which will work on
computers regardless of the actual antivirus vendor currently installed).

If you have any questions, please contact our support department.

BigFix Support Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20050816/c97d3ed3/attachment.html