By now, you've probably heard about the "Blaster Worm" (also known as: Lovsan), it takes advantage of a buffer overrun vulnerability in the RPC (remote procedure call) interface on Windows 2000 and XP operating systems and has been causing problems since Monday.
A new worm isn't the most interesting news in the world, but this one is worth noting because of the severity of the vulnerability, an attacker can seize "complete control over a remote computer" and because MS released a patch for the vulnerability back in the middle of July, weeks before the worm started to spread.
That customers didn't rush to apply the patch is no surprise. Not only are administrators busy attending to other matters, but they're often loathe to apply a patch for a 'theoretical risk', one that isn't being exploited yet, for fear of 'breaking' working systems. Yet the results of not patching are now being felt by a number of consumers and enterprises. According to this eWeek article, "Blaster is also being blamed for some service problems on Comcast Corp.’s cable modem network."
This incident is yet another highlight of the fact that intelligent patching strategies are a critical component for enterprise network health. Whether it's subscribing to a service that offers the intelligence or putting in place a home-grown solution, the end point is still the same: whenever possible patch systems before vulnerabilities are exploited.
For more on the worm itself, check out:
Symantec Anti-Virus Research Center
McAfee Virus Information Center
TrendMicro Virus Encyclopedia
For more on intelligent patch management:
MS Whitepaper, "Improving Patch Management"
Computerworld's "Five Tips for Effective Patch Management"
And some vendors to explore:
Informed Security Patch Management
Ecora Patch Manager