On BNET: Why work sucks (and how to fix it)
BNET Business Network:
BNET
TechRepublic
ZDNet
202 TalkBacks

By Joris Evers
Posted on ZDNet News: Aug 9, 2006 5:37:00 PM

In a rare alert, the U.S. Department of Homeland Security has urged Windows users to plug a potential worm hole in the Microsoft operating system.

The agency, which also runs the United States Computer Emergency Readiness Team (US-CERT), sent out a news release on Wednesday recommending that people apply Microsoft's MS06-040 patch as quickly as possible. The software maker released the "critical" fix Tuesday as part of its monthly patch cycle.

"Users are encouraged to avoid delay in applying this security patch," the Department of Homeland Security said in the statement. The patch fixes a serious flaw that, if exploited, could enable an attacker to remotely take complete control of an affected system, the agency said.

Microsoft on Tuesday issued a dozen security bulletins, nine of which were tagged "critical," the company's highest severity rating. However, the flaw addressed in MS06-040 is the only one among the updates that could let an anonymous attacker remotely commandeer a Windows PC without any user interaction.

The flaw has some similarities to the Windows bug that enabled the notorious MSBlast worm to spread in 2003. Both security vulnerabilities are related to a Windows component called "remote procedure call," which provides support for networking features such as file sharing and printer sharing.

"Blaster took advantage of a vulnerability in the same service. We recognize that this is something that is easily exploitable," said Amol Sarwate, the manager of vulnerability research lab at Qualys. "It is excellent that DHS sent out this alert, because I think a lot of people are vulnerable."

Microsoft has seen a "very limited attack" that already used the newly disclosed flaw, the software maker said Tuesday.

Overnight, some hacker toolkits were updated with code that allows researchers to check for the flaw and exploit it, said Neel Mehta, a security expert at Internet Security Systems in Atlanta.

"This is a very serious vulnerability," Mehta said. "At the moment, this exploit is being used in targeted attacks to compromise specific systems. However, there is nothing about the nature of the vulnerability that prevents it from being used in a much more widespread fashion as part of a worm."

Microsoft worked with the Department of Homeland Security on the alert, a company representative said. "Microsoft...encourages customers to deploy this update on their systems as soon as possible, given that we are aware of targeted exploitation of the vulnerability," the representative said.

Microsoft deems the vulnerability critical for all versions of Windows. However, users of Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1 should be protected by the Windows Firewall if they do not use file sharing and printer sharing, Christopher Budd, a security program manager at Microsoft, said in an interview Tuesday.

The Microsoft updates are available via the Windows Update and Automatic Updates tools as well as from Microsoft's Web site. Temporary workarounds are outlined in the security bulletins for those who can't immediately apply the patches.

  • Talkback
  • Most Recent of 202 Talkback(s)
About AutoUpDates
Whomever said M$ pushes RootKits is right on! And, if I'd left auto updating enabled I'd of had WGA foisted upon me & my unsuspecting PC & Notebook along with all it's associated nightmare problems. M... (Read the rest)
Posted by: jmillerjm@aol.com Posted on: 01/16/07 You are currently: Logged In as: a Guest  | Login | Terms of Use
Homeland Security: Lock up your Windows  Loverock Davidson | 08/09/06
the was very mike coxy  JoeMama_z | 08/09/06
But  Loverock Davidson | 08/09/06
But just read  999ad@... | 08/09/06
No (NT)  Loverock Davidson | 08/09/06
(heh-heh)  999ad@... | 08/09/06
I was thinking the same thing, Sprocket!  Zeppo9191 | 08/09/06
You are one deluded SOB.  Henaway | 08/09/06
*SIGH*..Why Do You Bother Responding To Him?  itanalyst | 08/09/06
Not a *total* waste of time  dragontiger | 08/09/06
I agree...  Zeppo9191 | 08/09/06
RE: *SIGH*..Why Do You Bother Responding To Him?  richdave | 08/09/06
No ignore Him ^^  Loverock Davidson | 08/09/06
Sigh?  cdgoldin | 12/21/06
So true itanalyst .  Intellihence | 08/10/06
"So true, itanalyst"  ddagolfr | 08/11/06
Falser words were never spoken!  cdgoldin | 12/21/06
Falser words were never spoken!  cdgoldin | 12/21/06
They're not a TOTAL waste of time, they're...  RUlistening | 08/10/06
More irrelevant nonsense  cdgoldin | 12/21/06
*SIGH*..Why Do You Bother Responding To Him  uM0p ap!sdn | 08/11/06
Not at all  Loverock Davidson | 08/09/06
LOL @ Lovey  Henaway | 08/09/06
RE: not at all  GreyGeek | 08/09/06
RE: not at all  Loverock Davidson | 08/09/06
Pertaining to dial-up  cashaww | 08/10/06
Dial-up vulnerability  cdgoldin | 12/21/06
Your Experience tells me a lot  slim-01 | 08/10/06
As does yours  Loverock Davidson | 08/10/06
Respect  Zeppo9191 | 08/10/06
MORE C*A*S*H* S*H*I*T* from lovec*ock  Intellihence | 08/10/06
A response to Love Rock  slim-01 | 08/10/06
hehe  uM0p ap!sdn | 08/11/06
Nobody but a fool thinks like that (nt)  uM0p ap!sdn | 08/11/06
But, you see, Loverock DOES stick to the truth...  Zeppo9191 | 08/10/06
the truth, just like M$, haha (nt)  uM0p ap!sdn | 08/11/06
Fallacy?  Trebor2510 | 08/10/06
I especially love the Windows Updates that force you to restart...  olePigeon | 08/10/06
Me too  Loverock Davidson | 08/10/06
It pops up out of nowhere and tells you it's going to restart...  olePigeon | 08/10/06
Now I know  Loverock Davidson | 08/10/06
2 minutes is 2 minutes  slim-01 | 08/10/06
Get real  shraven | 08/09/06
Microsoft is for MORONS (Starts with M)  talisman | 08/09/06
you're mixed up  shraven | 08/10/06
If this is true  mjmogo | 08/10/06
That's so insiteful...Woos...  mdsmedia | 08/10/06
um dude...  doas777 | 08/10/06
um dude...  uM0p ap!sdn | 08/11/06
Linux updates  boomchuck1 | 12/21/06
Uh Oh  jrhcod | 08/09/06
To:dumb-as-a-rock  oldradiojock | 08/09/06
4 Stars!!!  Still Lynn | 08/09/06
Thank you  Loverock Davidson | 08/09/06
Lynn, it's not satire. He's actually serious. [nt]  olePigeon | 08/10/06
Kinda scary to think about, ain't it? (nt)  Zeppo9191 | 08/10/06
Windows Update = MS Spyware  talisman | 08/09/06
Don't do it! It's a trick!  turbohawk | 08/10/06
Trick??? Heard the news this morning??  bart001fr | 08/10/06
What about the reported problems with this patch?  BitTwiddler | 08/09/06
Maybe SMB authentication?  Resuna | 08/09/06
Problems will abound  mypl8s4u2 | 08/14/06
WTF?  DaffyDuck | 08/09/06
now now  JoeMama_z | 08/09/06
At the rate the Govt works...  Cardinal_Bill | 08/09/06
Critical because...  shraven | 08/09/06
Then The Answer Should Be  DaffyDuck | 08/09/06
Shouldn't be on a notebook to begin with  mypl8s4u2 | 08/14/06
Rep was waving the flag...  Mike Cox | 08/09/06
-1  ksmith@... | 08/09/06
Made It Better  grincity2003 | 08/09/06
7 I chuckled a bit  WiredGuy | 08/09/06
OOooohh sorry,  Hrothgar - PCLinuxOS User | 08/09/06
How was this reasoned out  ron643@... | 08/09/06
Please respond  mypl8s4u2 | 08/14/06
As if anyone with a clue didn't already know Windoze SUCKS  realitycheck101 | 08/09/06
A Little More Creativity Would Be Appreciated  DaffyDuck | 08/09/06
DHS needs a distraction from this embarrassment  tic swayback | 08/09/06
CERT has litle to do with the rest of DHS.  Resuna | 08/09/06
understanding bidding contracts  mypl8s4u2 | 08/14/06
Don't worry MSFT will lock Windows for you  Chad_z | 08/09/06
This patch doesn't affect good Windows versions  LateBlt | 08/09/06
Why Windows 9x is not a good choice any more.  Wolfie2K3 | 08/09/06
Win9x is actually more secure  LateBlt | 08/09/06
Windows 98 Stable  slim-01 | 08/10/06
Try an Apple...  ladyirol | 08/10/06
Re: Try an Apple...  slim-01 | 08/10/06
Hogwash  PB_z | 08/10/06
Win98 RPC..  pahoo | 08/10/06
Because  mypl8s4u2 | 08/14/06
Which DHS spyware is in this patch?  tdhorlando | 08/09/06
Or Just How "In Bed" MS and DHS Are  DaffyDuck | 08/09/06
covert timing channels  jpump@... | 08/09/06
Suspicion  gestry@... | 08/10/06
To paraphrase....  cashaww | 08/10/06
Extremely suspicious indeed.........  btljooz | 08/10/06
I find it interesting that...  wade@... | 08/11/06
WhaT RIGHT THE us gOVT TO TRY TO RESTRICT FREEDOM OF INFORMATION  Tedscribe@... | 12/28/06
The best solution  Spacebug | 08/09/06
DHS alerts? LOL  alphawiz | 08/09/06
Too much work!  annieshouseofcats@... | 08/09/06
Too much work, but not if automated  gribblq | 08/09/06
How could MS Windwoes been proven time and again SO FLIMSY and USELESS?  michael_t | 08/09/06
TROLL..  Wolfie2K3 | 08/09/06
Good: admitting your "special condition" is the 1st step to recovery  michael_t | 08/09/06
MOM, HE'S LOOKING AT ME!  Zeppo9191 | 08/10/06
Homeland Security........  vrijen | 08/09/06
yeh, WAKE UP people!!!  btljooz | 08/10/06
An after thought  LightSpeed | 08/09/06
What about Windows 98?  ghastly | 08/09/06
Windows 98 doesn't run NT services so I doubt it's vulnerable  PB_z | 08/09/06
Win98 has NO file sharing or print services? How do you know  michael_t | 08/09/06
For crying out loud, read what I said.  PB_z | 08/09/06
OK OK the hole in Win98 has a different shape than the ones in supported  michael_t | 08/09/06
Very Good Point!  BigThunder1 | 08/09/06
Ya, what about 98, 98SE, and ME?  angels355 | 08/09/06
Black Ice  BigThunder1 | 08/09/06
Thanks  angels355 | 08/10/06
Your Welcome!...  BigThunder1 | 08/10/06
Should Windows 3.1 have been supported in 2000?  PB_z | 08/10/06
Not at all!  BigThunder1 | 08/10/06
So, what's a good strategery?  angels355 | 08/10/06
Wrong analogy...  Allstar_z | 08/11/06
Thanks for speaking up  angels355 | 08/10/06
Your Welcome! eof:  BigThunder1 | 08/11/06
The ZDNet article does NOT say 9x is affected  PB_z | 08/09/06
Antiques  GypsyMoonStars | 08/09/06
Accelerated obsolesence???  angels355 | 08/10/06
Replace a computer for more disk space?  uberpinguin | 08/10/06
Vista doesn't require specific types of hard drives  PB_z | 08/10/06
Referring to average user  angels355 | 08/10/06
Re: Antiques  slim-01 | 08/10/06
Thanks for the clarification  angels355 | 08/10/06
Exactly ...  ghastly | 08/10/06
Applying the patches  null | 08/09/06
Download the patch manually then.  PB_z | 08/09/06
Here is an alternative.  Hrothgar - PCLinuxOS User | 08/09/06
Slight factual error in article...  PB_z | 08/09/06
System Administrators Dilemma  jmusto@... | 08/09/06
That's why Microsoft provides workarounds  PB_z | 08/09/06
i.e., lip service from nincompoops  michael_t | 08/09/06
Firewall  JStedman | 08/11/06
HowTo secure your Windows machine  TripleII | 08/09/06
Question...  ladyirol | 08/10/06
get real - get a Mac  Gene(ius):) | 08/09/06
Apple patches vulnerabilities, too  PB_z | 08/09/06
None of which Homeland Security deemed serious ,,,  Intellihence | 08/10/06
Of course they're not as serious because so few people run OSX  PB_z | 08/10/06
Ignorant Mac Users  xxn1927 | 08/09/06
Then why does MS run Linux?  linuxiac | 08/09/06
xxn1927, you are the one  labarker | 08/09/06
Ignorant Mac Users  David Harker | 08/10/06
Ditto to Harker  elisabethmontgomery@... | 08/10/06
Ignorant PC users...  ladyirol | 08/10/06
Seriously  MCater728 | 08/12/06
Ignorant OS holes  Mr2560 | 08/10/06
Reason #150,021 to join MS, & run Linux!  linuxiac | 08/09/06
Homeland (in)Security want you to install a backdoor for them.  Mr. Roboto | 08/09/06
Funny  Linux User 147560 | 08/09/06
so,  btljooz | 08/10/06
You are funny!  Linux User 147560 | 08/10/06
Linux, being a newer OS than Windoze...  handydan918 | 08/10/06
Funny  Linux User 147560 | 08/09/06
Funny  Linux User 147560 | 08/09/06
Funny  Linux User 147560 | 08/09/06
Exactly!!!  btljooz | 08/10/06
Microsoft Sucks  prwexler@... | 08/09/06
Drone  xxn1927 | 08/09/06
sheep...  Monkey_MCSE | 08/09/06
Microsoft's last decent piece of software was  labarker | 08/09/06
Microsoft best ...was BASIC!!  Mr2560 | 08/10/06
How?  Media-Ted@... | 08/09/06
Death knell for M$ felons...  linuxiac | 08/09/06
Pirates of the Silicon Valley  IceTheNet@... | 08/09/06
Sleep well.  Userama | 08/09/06
And I'm sure...  Userama | 08/09/06
Those with useful and heartful hints to help  Boot_Agnostic | 08/09/06
OK, Boot. Here's my " useful and heartful" hint.  Userama | 08/09/06
You type that with such impunity  Boot_Agnostic | 08/10/06
Another VERY GOOD reason to use LINUX  jackofalltradesmasterofnone | 08/09/06
Party hacks  ernest@... | 08/09/06
MS Windows: Use samba and Mozilla for SAFE file/print and browsing services  michael_t | 08/09/06
Now On linux because windows BSOD'd 3 days after install.  Mr2560 | 08/10/06
LINUX EVERYONE  kevinh@... | 08/09/06
Homeland security already taps linux  Boot_Agnostic | 08/10/06
No, they tap the internet backbone.  Mr2560 | 08/10/06
fix your windows  GeriO | 08/10/06
........  mbicknell1@... | 08/10/06
NSA says this patch a MUST?...for WHAT?????  btljooz | 08/10/06
Find a "bug" in linux, then fix it yourself and tell us.  Mr2560 | 08/10/06
Can 98/SE/ME generally be adequately protected?,  angels355 | 08/11/06
No you're not out of line..  mdsmedia | 08/12/06
Thanks for taking time  angels355 | 08/13/06
DialUp Mayhem  gavin.hall@... | 08/11/06
Windows 98 second edition - YEA!  Ssirod@... | 08/11/06
There Are More Holes In The Borders...  IT_Guy_z | 08/11/06
All right for some  CeciLinux | 08/13/06
Homeland Security?  mypl8s4u2 | 08/14/06
Paranoia, You Betcha  eaglesedge | 08/31/06
ARREST THE CRIMINALS?  BALTHOR | 12/28/06
"ARREST THE CRIMINALS?"  Ole Man | 12/29/06
About AutoUpDates  jmillerjm@... | 01/16/07

What do you think?

advertisement