netdef (netdef) wrote,
netdef
netdef

Homeland Security says patch your Windows (or else??)

The Department of Homeland Security released a special press release stating that everyone should apply the Microsoft MS06-040 security patch: Vulnerability in Server Service Could Allow Remote Code Execution (921883) released last Tuesday. You can also obtain that patch by ensuring you are updated via Microsoft's Express Update service.

"The Department of Homeland Security (DHS) is recommending that Windows Operating Systems users apply Microsoft security patch MS06-040 as quickly as possible. This security patch is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an affected system and install programs, view, change, or delete data, and create new accounts with full user rights.

Windows Operating Systems users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch. This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users."



Update 1
CNet reports: "Microsoft has seen a "very limited attack" that already used the newly disclosed flaw, the software maker said Tuesday.

Overnight, some hacker toolkits were updated with code that allows researchers to check for the flaw and exploit it, said Neel Mehta, a security expert at Internet Security Systems in Atlanta.

"This is a very serious vulnerability," Mehta said. "At the moment, this exploit is being used in targeted attacks to compromise specific systems. However, there is nothing about the nature of the vulnerability that prevents it from being used in a much more widespread fashion as part of a worm."



Update 2
It appears that Microsoft may be convinced that the next Really Big Worm - coming soon to a computer near you - will exploit this problem.

It's a good thing that many people now have firewalls that by default block ports 139 and 445. That will help reduce the propagation of any worm looking for this exploitable hole. We shall see . . .

Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments