SANS Raises the Warning Flag

In the diary today, SANS continues to warn that patching is needed. And they raise the alert level to yellow.

Infocon Yellow; Windows and Backup Exec exploits are out, where are the exploits, NIST drafts, Snort signatures
Infocon: Yellow
Due to a number of very well working Windows exploits for this weeks patch set, and the zero-day Veritas exploit, we decided to turn the infocon to yellow.
Advice: Use the weekend to patch ALL WINDOWS SYSTEMS. It may be worthwhile to consider accelerated deployment of the patches even to critical systems if the weekend is slow anyway. Backup Exec should be firewalled or disabled at this point.
Note: Consider unprotected internet facing machines infected at this point if they do not have this weeks patches applied. Patch and handle them with extra care.
Windows and Backup Exec exploits are out
In case you’re waiting to see whether it’s worth updating either Windows or Veritas’ Backup Exec, now’s the time to do so. Live exploits are out for both.
Specifically, MS05-039 appears to have 3 live exploits out for it already, and Backup Exec has at least one exploit out.
We’ve said it already, but it’s worth repeating – get those patches in soon…

There is one important indicator SANS has not considered in its warning. I will be out of the office Tuesday-Friday next week. Historically this often means major internet worm.
They also brought up an important point. Just because some of these vulnerabilities may make for a worm doesn’t mean we are going to see one. It is much more profitable for a bad guy to quietly compromise 100,000 systems than it is to release a major worm. Fame isn’t the motivating force any more, money is.