Patch practices fail Blaster test

The long list of casualties hit by the W32 Blaster Worm has once again proven IT managers are struggling to securely maintain their systems and keep patches up to date.

If Blaster was a test then IT managers failed miserably, but sadly the rampage was all too real as the victims of more than half a million computers running Windows will contest, especially some of Australia's largest companies which were crippled by the worm.

Astounded by the devastation of the aftermath considering Microsoft posted a software patch to fix the flaw on July 16, the Australian Computer Emergency Response Team (AusCert) general manager Graham Ingram said he was "surprised that IT managers were surprised".

He said there was plenty of warning with even the worst-case scenario of massive exploitation well articulated in advance of the attack.

"The whole nature of the threat was missed because the focus is on technical issues instead of security; patch models currently in use are not workable," Ingram said.

"IT professionals are responsible for maintaining security alerts, there is no shortage of information; it is not a difficult task and no one else is going to do it."

Information Security Interest Group (ISIG) chair Mark Ames agrees current practices are failing pointing out there are options other than patching 3000 desktops.

Ames said firewall and gateway controls can be used to block a particular string of packets.

He said complaints by IT managers that it takes time to test each patch before deployment is a "lame excuse".

Companies hit by the worm said patching hundreds of servers and thousands of workstations takes a lot of effort that involves scheduled downtime which is why the process needs to be reduced from hours to minutes.

Ironically, a new version of the W32.Blaster worm has emerged which cleans corrupted systems, then installs a software patch to prevent future infections.

Referred to as Worm_MSBLAST.D and Nachi it spreads by exploiting the same Windows security hole as the original.

However, unlike the original it is more concerned with fixing systems rather than exploiting their weaknesses by removing the Blaster worm file, downloading and installing a software patch and closing the security hole used by the worm. w - with Jaikumar Vijayan

Join the newsletter!

Error: Please check your email address.

More about AusCertAustralian Computer Emergency Response TeamComputer Emergency Response TeamGatewayMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sandra Rossi

Latest Videos

More videos

Blog Posts