August 11, 2006 2:09 PM PDT
Microsoft on worm watch
- Related Stories
-
Homeland Security: Fix your Windows
August 9, 2006 -
Another hefty patch month for Microsoft
August 8, 2006 -
Hacking for dollars
July 6, 2005 -
Windows worm starts its spread
August 11, 2003
The release of the attack code, which exploits a security hole in a Windows component related to file and printer sharing, also raises the urgency to patch. Microsoft provided a fix for the problem on Tuesday with security bulletin MS06-040. Tens of millions of Windows users have already downloaded that fix, Microsoft's Security Response Team said on a corporate blog earlier this week.
While the vulnerability affects all versions of Windows, the published exploit code works only on Windows 2000 and Windows XP Service Pack 1, Microsoft said in a security advisory published on Friday.
"This code does not affect Windows XP Service Pack 2, Windows Server 2003 or Windows Server 2003 Service Pack 1," it said.
So far, Microsoft has only seen limited use of the flaw in cyberattacks. Security experts have said that it could be exploited by an Internet worm similar in scope to Blaster, which wreaked havoc three years ago.
Microsoft's emergency response team is on worm watch, the company said.
"We have not seen signs of widespread malicious activity so far. But be assured that, like we always do, we've got our emergency response process teams watching for any possible malicious activity," Christopher Budd, security program manager at Microsoft, wrote on the Microsoft blog Wednesday.
Some security experts, however, don't expect a high-profile worm attack. "A fully automated 'big bang' type worm is increasingly unlikely in an Internet world where under-the-radar attacks take place for criminal gain," said Ken Dunham, director of the rapid response team at security company iDefense.
Instead, Dunham predicts that we will see Trojan horses and semi-automated malicious code attacks that exploit the Windows flaw in such a way that attackers can profit.
"Hacker activity has been light for the MS06-040 exploitation to date but will likely increase with the advent of this coming weekend," Dunham said, adding that all computers connected to the Internet should be patched as soon as possible.
Meanwhile, Microsoft has also verified that the MS06-040 security update works and that patched computers are not at risk from the exploit code. The fix is available via the Windows Update and Automatic Updates tools as well as on Microsoft's Web site.
A day after Microsoft released its fixes, the U.S. Department of Homeland Security issued a rare alert urging Windows users to plug the potential worm hole in the operating system. "Users are encouraged to avoid delay in applying this security patch," the Department of Homeland Security said in the statement.
See more CNET content tagged:
worm attack,
emergency response,
worm,
Microsoft Windows XP Service Pack,
Microsoft Windows Server 2003
anti-symantec making money
anti-symantec existing
anti-cnet making money
anti-cnet existing
symantec only make money from worms
cnet only make money from worms
symantec only exist because of worms
cnet only exist because of worms
hackers don't make money out of worms
hackers don't exist because of worms
hackers don't want to give you what you want
this is 2006, not the old days when hacking was done for fun
hackers are against security vendors
microsoft is a security vendor now too
hackers don't want them to be rich while hackers are still left poor
there is no money to be made from a worm from a hacker point of view
hackers only care about money now
giving microsoft, cnet, symantec money isn't part of the hacker agenda in 2006
forever watch for worms, but no worm is coming
R.I.P Symantec
Two penetration testing companies, Immunity and Core Security Technologies, have already created and released "reliable exploits" for the flaw, which was deemed wormable on all Windows versions, including Windows XP SP2 and Windows Server 2003 SP1.
http://www.eweek.com/article2/0,1895,2002142,00.asp
Even if above article is wrong on it affecting SP2, didn't it come out in August of 2004? If you don't have SP2 installed by now then you are asking for security problems. If there are problems with your software vendor that doesn't work right with SP2, then you need to look elsewhere if they can't make it work in 2 years.
Enough said, pizza is here.
page.
If they acted responsibly within 24 hours to critical alerts and 74 hours for non-critical alerts... they wouldn't have to have such a watch!!!
Bottom Line: They don't want to patch with the rest of the security world if not required... this story only goes to prove MS's inevitable!!!
They won't patch unless forced... even though they should!
Says a lot about their security policy doesn't it?
Definately out of line with the rest of the security world... regardless of what they claim otherwise!
Walt
>Some security experts, however, don't expect a high-profile worm attack. "A fully automated 'big bang' type worm is increasingly unlikely in an Internet world where under-the-radar attacks take place for criminal gain," said Ken Dunham, director of the rapid response team at security company iDefense.<
Oh, about the Dept of Hopeless Stupidity; the sheeple 'patched' their Windoze boxes so the 'gov' got their [i]back door[/i] now, therefore the [b]real[/b] truth can now be told.
I'm so glad I don't fall for Mega$ux/the "gov's" brainwashing techniques any more!
"Internet Explorer 6 Service Pack 1 unexpectedly exits after you install the 918899 update"
http://support.microsoft.com/kb/923762/
Hopefully this saves people a some time & frustration - I spent most of the week hunting this down...
Some of the things that I would like to hear from all of you are: Doesn't everyone have "automatic updates" from MS? That and the "Genuine Disadvantage" programs were a part of MS's fixes somewhere back the line; so how is it that people don't have the magical fix installed on the day that it was put out?
Did something new get invented that was capable of digging a hole in windows, or was the problem there all along? And only after a hacker found it and used it; Ms takes a few months to figure out what a fifteen year old kid already knows and then they spend two months trying to make yet another patch. How many patches do I have now?
And how is it that Microsoft is in a position to even see "limited use of the flaw in cyberattacks?" "We have not seen signs of widespread malicious activity so far. But be assured that, """like we always do"", we've got our emergency response process teams watching for any possible malicious activity," -- OK OK, I'm assured. Thank God for Microsoft.
May my critics forgive me, but I just had to vent; I feel much better now.