Thursday, August 10, 2006

Homeland Security says patch your Windows (or else??)

The Department of Homeland Security released a special press release stating that everyone should apply the Microsoft MS06-040 security patch: Vulnerability in Server Service Could Allow Remote Code Execution (921883) released last Tuesday. You can also obtain that patch by ensuring you are updated via Microsoft's Express Update service.



"The Department of Homeland Security (DHS) is recommending that Windows Operating Systems users apply Microsoft security patch MS06-040 as quickly as possible. This security patch is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an affected system and install programs, view, change, or delete data, and create new accounts with full user rights.



Windows Operating Systems users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch. This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users."






Update 1

CNet reports: "Microsoft has seen a "very limited attack" that already used the newly disclosed flaw, the software maker said Tuesday.



Overnight, some hacker toolkits were updated with code that allows researchers to check for the flaw and exploit it, said Neel Mehta, a security expert at Internet Security Systems in Atlanta.



"This is a very serious vulnerability," Mehta said. "At the moment, this exploit is being used in targeted attacks to compromise specific systems. However, there is nothing about the nature of the vulnerability that prevents it from being used in a much more widespread fashion as part of a worm."






Update 2

It appears that Microsoft may be convinced that the next Really Big Worm - coming soon to a computer near you - will exploit this problem.



It's a good thing that many people now have firewalls that by default block ports 139 and 445. That will help reduce the propagation of any worm looking for this exploitable hole. We shall see . . .

No comments:

Post a Comment

Comments are welcome but moderated to prevent spam links. I usually check them at least once a day in the evenings - so please be patient with me if your comment does not appear quickly.

Thank you.