Would like to bring Attention to all Users: It is advised, since the M.S.08-067 Patch vulnerability is High-Risk, that Users Block Ports 139 and 445 as soon as possible. These Ports can be employed to Exploit the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability remotely.
I will Update this Thread if more information becomes available.
If your behind a hardware firewall then it doesnt apply.
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Hey Red could you clarify this as it may cause panic?
mo wrote:
Hey Red could you clarify this as it may cause panic?
See the ThreatCon for more information. Also, click: Environment > Network Activity Spotlight from the drop-down list. The N.A.S. changes ever-few-hours depending on what is happening within the Threat Environment.
Thanks Red
Now I suppose my next question is...these ports on my pc are listed as disabled in my security log >in event viewer is this the same as being blocked???
You can go to www.grc.com use Shields Up and do the custom port probe to test these ports as well.
thanks Jimbo40
I have never used these tests before.Are you saying all you have to do is just click on the shields up and this site does it all??By the way where does NIS2009 come in with all this happening??Realistically I could run around like a headless chicken,what are others doing in response to this threat??I would really appreciate some thoughts on this.
mo wrote:Thanks Red
Now I suppose my next question is...these ports on my pc are listed as disabled in my security log >in event viewer is this the same as being blocked???
You're welcome, mo.!
No. Did you touch your Firewall Settings? What Norton Product and Version are you using, e.g. Norton Internet Security 2009?
You may want to do this:
01. Update Norton, via Norton LiveUpdate.
02. Do a Full System Scan in Safe Mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam).
03. You could double-check by doing this: Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html).
04. Install.
05. Update.
06. Run a Full Scan in Safe Mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam).
07. Let me know the Result of the Scan(s).
Shields Up tests your firewall. Its a very good site but remember if your behind a router/modem with a hardware firewall Shields Up will test that first. I can have no security installed and pass Shields Up with flying colors. Mo dont worry about cause your behind a hardware firewall.
https://www.grc.com/x/ne.dll?bh0bkyd2
Ok Red
I have NIS2009,I already have malwarebytes I use its quick scans at least once a day all clear,No I haven't touched NIS firewall(to unsure)The event viewer is the windows version in XP/SP3.
Thanks Diesel for your assurance.
It might seem silly but I don't want to do things that are unnecessary or knee jerk reactions,I'm new to this game and this would be the first "real" alert I would have faced.There are no signs of anything different on my PC,lost internet yesterday but that was through my ISP upgrading.This is my usual day for doing full system scans so today they will be done in safe mode will let you know when I do them.
Why are you creating unnecessary and harmful panic????????????? And why are you giving the wrong advice?
Users should apply the patch KB958644 given here for the various Windows versions, and then continue using their local network as they did before.
Most likely it has already been applied if they had set their Windows Update to Automatic.
By blocking port 139 you are disabling file and printer sharing in the local network, creating havoc for users who won't understand what is the problem suddenly with their LAN.
I'm really worried about how preposterous some 'advisers' are here.
Thank you Tom…
ALL USERS IGNORE THIS WARNING. SIMPLY RUN WINDOWS UPDATE IF YOU HAVENT ALREADY.
Hi All
Just checked TomiReds patch and I had all ready recieved it on the 24th oct.So this is sufficent that I am ok and anyone else for that matter who has that patch?.Thanks Tomi 
Hey Mo…you do not need to run daily scans in safe mode if thats what you do. Safe mode is only for when your infected. Also you only need to run MBAM about once a month or so. NIS 2009 does scans automatically. Quick scans run daily and full scans run about every 7-10 days. No need for such paranoia. Heck I surf p___n and warez all the time and still never been infected.
mo wrote:Hi All
Just checked TomiReds patch and I had all ready recieved it on the 24th oct.So this is sufficent that I am ok and anyone else for that matter who has that patch?.Thanks Tomi
Yes, that patch fixes the vulnerability described in the Microsoft Security Bulletin MS08-067.
Users can disable NetBIOS if they use Active Directory, but in my experience most home local networks still use NetBIOS and therefore these ports to communicate and share files and folders in the Local Network.
For an attacker to exploit this vulnerability it would also be necessary for him to obtain control over and (ab)use a client in your LAN.
Hi dieselman
Thanks for the scanning tip,No I don't scan in safe mode all the time,I have patience but not that much 
.Yeah I fall into the paranoid basket more often than not.but this time I thought I would rather ask the extra questions rather than doing a run here and there attitude,Thanks to you and Tomi and you to Red as you would have made a few people aware of something that they may not have been aware of and checked their updates.Just a personal thing to much info about your surfing habits!if I'm interpreting the sentence right.
About surfing habits its not personnal. I was merely trying to point out that its not that easy to get infected. Heck if it was I would get infected eveyr day. Just relax Mo. Your too tense.
This is the link to download this patch for Windows XP 32 bit (English),
I'm posting it here as most users have this version of Windows.
If you are using another supported version of Windows use the link I provided in post #11.
Since it appears Microsoft released a crital patch for this issue ( KB958644 ) for this issue was released 10/22/08 I'm going to close this thread.
Thanks everyone who particiapted! There is some great information and links here!
Thanks for the the Microsoft KB Reference TomiRed