Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Conficker - Re-Booted from Windows Embedded - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Conficker - Re-Booted from Windows Embedded

Anyone with funny stories about Conficker infected Windows Embedded systems you can share please submit. I'll respond as resources allow. Thanks!

On a hopefully related note, contact your vendor - Windows Embedded January 2009 Security Updates for Runtimes Are Available

So far the site lists these updates, no mention of MS-08-067 yet;

KB 958687 - Vulnerabilities in SMB Could Allow Remote Code Execution. (MS09-001)

KB 952069 - Vulnerabilities in Windows Media Components Could Allow Remote Code Execution. (MS08-076)

Windows Embedded Products

Update - The Microsoft Windows Embedded December 2008 Updates included MS08-067 - KB 958644 Vulnerability in Server service could allow remote code execution, others and "security updates that were released from July onwards that are now available for (the) two newest versions of the product". Thanks for the pointer David!

Update;

Conficker Capable Crestron TPMC-8X Isys i/O™ 8.4" WiFi Touchpanel

Patrick

193 Posts
It's been two years since I worked there, but I used to work for a bank. The older ATMs ran Windows XP-E and were known to get infected with Blaster before we installed a centrally managed firewall on them (Sygate, what Diebold supported). I don't know how many ATMs are still vulnerable, but there you go. They were being upgraded to new models that ran Windows XP Pro when I left; regular XP was much easier to keep patched (we had a Windows Update Server specifically for the ATMs).
Anonymous

Sign Up for Free or Log In to start participating in the conversation!