[Slowhand] IF YOU ARE RUNNING MICROSOFT WINDOWS - READ THIS

Bryan Reid humblephoenix at comcast.net
Thu Aug 10 09:46:06 EDT 2006


New Microsoft patch prompts DHS warning
Robert McMillan
August 09, 2006 (IDG News Service)

The U.S. Department of Homeland Security warned Wednesday that a recently
patched Microsoft Corp. Windows vulnerability could put the nation's
critical infrastructure at risk.

The patch, described in Microsoft Security Bulletin MS06-040, relates to
Windows Server services. It was one of 12 updates issued Tuesday by the
software maker, but security experts are particularly concerned with the bug
because hackers have already exploited the vulnerability.

Microsoft is advising customers to give this update priority, said
Christopher Budd, a security program manager at Microsoft's security
response center. "The top thing that we're trying to help people understand
is we want them to take 06-040 and put it at the top of the stack," he said
late Tuesday.

The DHS statement echoed Microsoft's sentiments, warning that the
vulnerability "could impact government systems, private industry and
critical infrastructure, as well as individual and home users."

Attackers have already started exploiting the vulnerability in a limited
manner, Budd said. A sample exploit has been published within Immunity
Inc.'s security testing tool kit, and snippets of the malware are beginning
to circulate in public, security vendors said.

The bug is of particular concern because Windows Server services are
generally enabled by default on Windows systems, and a worm based on the
flaw could become widespread. Windows Server services are used for common
network applications such as file sharing and printing.

The fact that DHS has taken the rare step of warning about MS06-040
underscores the severity of the situation, said Jonathan Bitle, manager of
technical accounts at Qualys Inc.

But because security-conscious companies are blocking the Internet ports
used by this malware -- Ports 139 and 445 -- any worm will have a hard time
jumping from one corporate network to another, Bitle said. "It will probably
be the type of situation where if a worm does come out, it will hit
sporadically through different companies where they haven't been able to
apply the patches or put the controls in place," he said.

Story copyright 2006 International Data Group. All rights reserved.




More information about the Slowhand mailing list