On October 23, 2008, in a off cycle release, Microsoft announced a new vulnerability that could allow remote code execution. This vulnerability makes it possible for worms, trojans and hackers to remotely execute unwanted software. This vulnerability is considered critical by Microsoft and so was announced with a remediating patch that they strongly recommend applying. Microsoft has seen targeted attacks using this vulnerability to compromise otherwise fully-patched systems. Operating systems affected include Microsoft Windows 2000, Windows XP, and Windows Server 2003. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

Which platforms are at higher risk?
Systems that are mostly likely to be affected are those systems whose Windows Firewall is disabled OR those systems whose firewall is enabled, but also have file and print sharing enabled. If you are unsure if you computer is fully patched, or wish to wait until the patch has been tested and released, you can remediate the threat by simply enabling the Windows Firewall and turning off File and Print sharing. If you are running Windows Vista or Windows 2008 Server, the out-of-box configuration of the operating system will protect you as the RCP interface is secured via authentication, however there are a number of changes that can be made to these operating systems that will expose the computer to risk, so it is best to keep your operating system current and patched.

How to Remediate Vulnerabilities
Begin by applying the patch to all servers in your network environment. This patch should be applied during a maintenance window as it requires restarting the host operating system. When all servers have been patched, apply the security update to all nodes (workstations). Workstations and servers that have Windows update installed will receive the patch the next time the Windows Update runs a scan. If you are relying on this tool for patch deployment, be sure to check the scheduled runtime. You can always run windows update by going to http://update.microsoft.com/

If you have questions about this critical service patch or need assistance remediating this vulnerability on your system, please contact us via email at info@empiricpartners.com.

In a picture-perfect world, once your networkinfrastructure is installed and configured, the job is done. Hardware doesn't fail, power never goesout and packets are never dropped. Nice thought, huh? Back on Planet Earth, everyone knows that things go wrong. And the things that go wrong are often out of your hands. Sure, you can call a vendor, but the service won't come back online until someone else fixes it. We'd love to do it ourselves (sometimes) but it usually isn't possible.

But wait- Aren't we always talking about Maximum UptimeTM and application continuity? Redundancy, redundancy, redundancy. It's the reason the servers have two power supplies, RAID arrays for disk failure, and dual network interfaces. But we can't stop there. Think about the rest of your infrastructure. Network switches, firewalls, routers and finally, the internet connection itself.

So you're saying I should have two internet providers? If you're skeptical about your provider's claim of 99.9% uptime, you just passed the test (.1% still means over 8 hours of downtime a year). Sure, might not cause a big problem if the outages are every once in a while at 3am for 20 minutes at a time and your online backups (you do have off-site backup, right?) were running. Murphy decided that YOUR 8 hours of downtime are going to start on Mondays. At 8:45am.

So where am I going with this? Redundancy. Right. Two internet circuits are a good idea. Not just two internet circuits, but two internet circuits from different providers. Even better, two internet circuits from different providers that don't live in the same conduit because the backhoe operator trying to fix the sewer system is probably not precise enough to decimate one string of fiber without taking out the one sitting a few millimeters to the left. Think about a provider like Veroxity that will work with you to install your connection through a physically different location in the building. Also consider where THEIR infrastructure resides. If all roads lead to the same place, you still have a single point of failure. Ask them about which POPs are available to provide service to your location.

We can't eliminate outages, but we can stop them from affecting uptime. A little forethought goes a long way, and sometimes saying "I'm on the phone with Verizon right now" isn't enough to keep the CEO happy.