Pop Up Message re Buffer Overrun in Messenger Service

[LindaTex]

I have twice received the following message in a popup,
and I want to know whether or not to respond to it. If you
can help me with this, I would appreciate it.

The message is in a gray box with a blue header. The
title on the header is Messenger Service. Below, on the
gray in black letters, is written the following:

Message from Mocrosoft Networks to Windows user on
(whatever the date and time).

Microsoft Security Bulletin MS03-043.

Buffer Overrun in Messenger Service Could Allow Code
Execution (828035).

Affected Software:

Microsot NT Workstation
Microsoft NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win 98
Miscosoft Windows Server 2003

Not affected software:

Microsoft Windows Millenium Edition

Your system is affected, download the patch from the
address below! FIRST TYPE THE ADDRESS BELOW INTO YOUR
INTERNET BROWSER, THEN CLICK ' O.K.' THE ADDRESS WILL
DISAPPEAR ONCE YOU HIT 'O.K.'

www.windows-patch.info

OK

 

[Oli Restorick [MVP]]

I don't know who is sending these messages and normally you should disregard
them, but in this case it's true.

What is happening is that when you dial up or connect to the Internet, your
machine is sitting theere exposing all its services to other people on the
Internet. This is a really bad thing.

Now, supposing these was a bug in one of these services, somebody out on the
Internet (in actual fact, more likely a virus/worm than a person) could take
control of your computer and run their own programs on it (for example to
wipe your hard disk, etc).

Anyway, there are two issues for you to deal with. First of all, you need
to get yourself a firewall. A firewall for a home user is normally a piece
of software. These range in cost from nothing to about $50 or so.

Head over to the Zone Alarm web site (www.zonelabs) and look for the free
version of Zone Alarm and download it.

Other than that, there's Kerio (www.kerio.com) and others.

The other option is that if you're using a cable or DSL connection you can
get a broadband router box that does NAT (network address translation).
This gives you immediate protection from unathorised traffic coming into
your machine. If doesn't prevent any outbound traffic, though, so if you
were infected with a virus it wouldn't prevent that going out.

My preference is for a NAT router *and* a piece of software.

The next issue for you to deal with is that Microsoft is releasing patches
for these vulnerabilities, but you're possibly not installing them. For the
most severe vulnerabilities (e.g. the one exploited by the Blaster worm last
year), a firewall will mitigate this. However, you should still try to keep
up to date with Microsoft patches.

For instance, the current Service Pack for Windows 2000 is SP4. If you
haven't got SP4, you should get it.

Once that's done, head over to the TechNet security bulletin search page
(link below), select Windows 2000, Service Pack 4, leave only "critical"
ticked and install the patches it lists.

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
current.asp

Regards

Oli

 

[NinjaGranny]

LindaTex wrote:


Its a known security vulnerability in MS messenging . It usually
autoruns some code ( the buffer overun exploit) but looks like in your
case it was a script kiddie who didn't know how to do it properly.

Block port outbound and inbound with a proper firewall ( like kerio
2.15) or just disable the messenger service. A lot of ISP'S are now
blobking this port at their end to stop this type of traffic. The MS
messenger service was never meant to be used over a WAN ( the internet)