Thursday, August 18, 2005

Zotob Worm

Microsoft paid us a visit yesterday, under the guise of a sales call, to ask questions and make statements that generally implied that they'd pay to have partners prop up MS software that competes with our current stacks to we could evaluate the two side-by-side.

After making several casts into our pool with no bites, they asked "What keeps you up at night?" My boss answered without being specific, that nothing related to technology keeps him awake - it's all about process, culture, and politics.

My answer was different. I said "I was sleeping pretty well until Monday."

"What happened Monday?", the salesperson asked.

"Zotob."

We're not affected, mainly because of strict firewall policies and limited exposure to travelling systems. But we sure didn't have much time to react to the August 9th advisory.

Despite every Microsoft assurance since 2001 or 2002 that every line of code in Windows is reviewed, etc., the Plug and Play vulnerability in MS05-039 is present and patchable in every version of Windows from 2000 to XP and Server 2003. Zotob also proves that you don't have a 30-day grace period from the announcement of a Windows vulnerability to the presence of an exploit attack. There were less than 6 days between the release of the patch by Microsoft, and the very public effect it had on news outlet websites. In Norman, Oklahoma, the York Air Conditioning plant reportedly sent 650 employees home after Zotob pounded their facility.

When is the next Microsoft Windows OS release due? 2007.

I say again. 2007.

Despite all that, our management systems work very well. We're fully patched at this hour - something I was able to accomplish by myself with little effort. In fact, if someone called now and said there's a new critical patch, I could download it, distribute it to my 30+ field servers (one per location), and deploy it to all of my nearly 500 users, in under an hour. No lie. I'd be happy to show anyone how. Do that with SMS. Or with PatchLink. We've tried, and we're not bad at what we do. There remains nothing better than a properly architected ZENworks solution for centrally managing remote PC's in a large enterprise.

No comments: