August 9, 2006 10:37 AM PDT

Homeland Security: Fix your Windows

Related Stories

Another hefty patch month for Microsoft

August 8, 2006

Windows worm starts its spread

August 11, 2003
In a rare alert, the U.S. Department of Homeland Security has urged Windows users to plug a potential worm hole in the Microsoft operating system.

The agency, which also runs the United States Computer Emergency Readiness Team (US-CERT), sent out a news release on Wednesday recommending that people apply Microsoft's MS06-040 patch as quickly as possible. The software maker released the "critical" fix Tuesday as part of its monthly patch cycle.

"Users are encouraged to avoid delay in applying this security patch," the Department of Homeland Security said in the statement. The patch fixes a serious flaw that, if exploited, could enable an attacker to remotely take complete control of an affected system, the agency said.

Microsoft on Tuesday issued a dozen security bulletins, nine of which were tagged "critical," the company's highest severity rating. However, the flaw addressed in MS06-040 is the only one among the updates that could let an anonymous attacker remotely commandeer a Windows PC without any user interaction.

The flaw has some similarities to the Windows bug that enabled the notorious MSBlast worm to spread in 2003. Both security vulnerabilities are related to a Windows component called "remote procedure call," which provides support for networking features such as file sharing and printer sharing.

"Blaster took advantage of a vulnerability in the same service. We recognize that this is something that is easily exploitable," said Amol Sarwate, the manager of vulnerability research lab at Qualys. "It is excellent that DHS sent out this alert, because I think a lot of people are vulnerable."

Microsoft has seen a "very limited attack" that already used the newly disclosed flaw, the software maker said Tuesday.

Overnight, some hacker toolkits were updated with code that allows researchers to check for the flaw and exploit it, said Neel Mehta, a security expert at Internet Security Systems in Atlanta.

"This is a very serious vulnerability," Mehta said. "At the moment, this exploit is being used in targeted attacks to compromise specific systems. However, there is nothing about the nature of the vulnerability that prevents it from being used in a much more widespread fashion as part of a worm."

Microsoft worked with the Department of Homeland Security on the alert, a company representative said. "Microsoft...encourages customers to deploy this update on their systems as soon as possible, given that we are aware of targeted exploitation of the vulnerability," the representative said.

Microsoft deems the vulnerability critical for all versions of Windows. However, users of Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1 should be protected by the Windows Firewall if they do not use file sharing and printer sharing, Christopher Budd, a security program manager at Microsoft, said in an interview Tuesday.

The Microsoft updates are available via the Windows Update and Automatic Updates tools as well as from Microsoft's Web site. Temporary workarounds are outlined in the security bulletins for those who can't immediately apply the patches.

See more CNET content tagged:
Neel Mehta, alert, flaw, vulnerability, homeland security

44 comments

Join the conversation!
Add your comment
I am not sure.
I somehow don't think I have enough duct tape and plastic sheets to patch my windows up.
Posted by airwalkery2k (117 comments )
Reply Link Flag
Easy fix
See that black wire running from your computer's power supply to
the wall? Unplug it and throw it away.

It's the only successful method of securing Windows I've ever
found.
Posted by rcrusoe (1305 comments )
Link Flag
Suggestion
Check out Home Depot
They say "You can do it. We can help"
Posted by sneezy--2008 (53 comments )
Link Flag
Help
Check out Home Depot.
"You can do it. We can help"
Posted by sneezy--2008 (53 comments )
Link Flag
Homeland Security: Fix your Windows
You know it would be great if the DHS were one hundredth as concerned with the holes in our countrys borders as they seem to be about a problem that the solution to has already published by Microsoft.
Posted by kenfretz (2 comments )
Reply Link Flag
DHS
Don't be such a simpleton, if I saw your shoe laces unraveled wouldn't you want some one to point it out before you fell on your face.

Why take such an afront to their suggestion?

When we stop hiring illegals there might be a light at the end of the tunnel.
Who are cleaning, building and cutting our grass?
Posted by sneezy--2008 (53 comments )
Link Flag
Windows is a National Security risk. Duh.
One size fits all?
Posted by technewsjunkie (1265 comments )
Reply Link Flag
Dept of Homeland Stupidity
Homeland Stupidity now resorting to posting messages
<a class="jive-link-external" href="http://www.techknowcafe.com/content/view/603/43/" target="_newWindow">http://www.techknowcafe.com/content/view/603/43/</a>
in support of Microsoft. When did M$ buy the Dept. of Homeland Stupidity?
Posted by (156 comments )
Reply Link Flag
Duh.. when you voted Bush into office
Microsoft (as all big businesses do) love it when Republicans are in office. They reap the rewards. Shame on those who voted for him thinking he would help the people. The repubs don't care about the people, and they never have. Money money money...
Posted by btvsrcks (2 comments )
Link Flag
Stop spamming
don't put irrelevant links
Posted by The_Nirvana (104 comments )
Link Flag
Dept of Hopeless Stupidity? or Brainwashed Sheeple...
I think you have it a bit backwards. Think about the possibility that the 'Gov' and M$ are actually in CAHOOTS!!!!!

DoHS says, "Patch!...for 'your [i]safety[/i]!!!"

Brainwashed sheeple patch, then DoHS, NSA and [i]GOD[/i]...[b]OOOOOOOPS!!!![/b].......[u]GOP[/u] can spy inside of EVERYONE'S computers. Or at least those running Windoze platforms. ;)
Posted by btljooz (401 comments )
Link Flag
Last week, I was passing through LAX.
I got pulled for one of those 'random searches' the Customs guys like to do to pass the time. The search itself took about 30 seconds, then I stood around for 20 minutes while the Customs agent tried to get his computer to work so that it would accept my details.

After waiting and waiting for his PC to even recognize his mouse inputs, he called over three coworkers to stupidly gaze at the unresponsive screen. Finally, he said to them, "Huh! I guess we got another one of them viruses in the system. Better get that guy we had last week back in to fix it."

I piped up at this point that I was a bit uncomfortable having my passport details entered into a compromised system. All four bovine heads lifted and turned toward me at the same time, with the same look of uncomprehending incredulity on their faces that a mere Citizen had dared to speak to them. Finally, one of them said, "I suggest you leave this to us...sir."

Looks like the DHS isn't the only bunch who haven't clue one about how to do their jobs.
Posted by JFDMit (180 comments )
Reply Link Flag
The Shadow Government Needs Useful Idiots
The shadow government that is running things needs useful dolts at the bottom to blindly enforce policy and not think for themselves. For every Major Hochstetter there are 1,000 Sgt. Schultzs.
Posted by maxwis (141 comments )
Link Flag
The proper response
In this case is to say, politely, but firmly. I wish to speak to your supervisor. This gets you away from Sgt Schultz, and perhapsto Lt. Asch. In anycase you'll get to somone with a little real authority, who probably isn't suffering from 'Storm Trooper' syndrom. "These aren't the droids we want, you can go, Move along."
Posted by scwoods (1 comment )
Link Flag
August 10
Aren't you glad you were not in LAX today?
Don't be such a jackass..
Count you blessings instead of your inconveniences
Posted by sneezy--2008 (53 comments )
Link Flag
Just another reason to by a Mac.
You know, I don't want to stir anything up, but what good is
Windows without the ability to share computers and printers?

I'll tell you from a first person technological perspective that you
can't connect 2 computers effeciently in a Window's network
without turning off Windows Firewall. So then that leads me to
question's number 2 and 3: If you can't share Windows
computers unless the Firewall is turned off does that leave ALL
OF OUR GOVERNMENTS computers at risk of hacker's because of
Microsoft?

Maybe the Government should be talking to Steve Jobs with
Apple on how Apple and Mac can offer the Government a secure
computing environment. You know, an environment that leaves
"The People" with a sense of Technological Security.

I bet that Steve Jobs wouldn't let you out of the Building carrying
a Laptop with Confidentual Secure Information. Steve would tell
you that there are security measures, one specifically called a
VPN. You know, this type of security would ensure that "No
Laptops" are found with "personal information" on them.

VPN (Virtual Private Network) Allows someone to log into a
system remotely to work with files!

J Gund
Tech01
www.Tech01.net
Posted by OneWithTech (196 comments )
Reply Link Flag
Just another reason to talk to Steve Jobs
You know, I don't want to stir anything up, but what good is
Windows without the ability to share computers and printers?

I'll tell you from a first person technological perspective that you
can't connect 2 computers effeciently in a Window's network
without turning off Windows Firewall. So then that leads me to
question's number 2 and 3: If you can't share Windows
computers unless the Firewall is turned off does that leave ALL
OF OUR GOVERNMENTS computers at risk of hacker's because of
Microsoft?

Maybe the Government should be talking to Steve Jobs with
Apple on how Apple and Mac can offer the Government a secure
computing environment. You know, an environment that leaves
"The People" with a sense of Technological Security.

I bet that Steve Jobs wouldn't let you out of the Building carrying
a Laptop with Confidentual Secure Information. Steve would tell
you that there are security measures, one specifically called a
VPN. You know, this type of security would ensure that "No
Laptops" are found with "personal information" on them.

VPN (Virtual Private Network) Allows someone to log into a
system remotely to work with files!

J Gund
Tech01
www.Tech01.net
Posted by OneWithTech (196 comments )
Reply Link Flag
Steve would also tell you
that all Macs have the ability to create encrypted disk images, so
should you need to take confidential data with you, at least it can
have reasonable security if you use a strong password. MS
however, removed their "locked" folders feature at the request of IT
departments!
Posted by Macsaresafer (802 comments )
Link Flag
Just another reason to talk to Steve Jobs
You know, I don't want to stir anything up, but what good is
Windows without the ability to share computers and printers?

I'll tell you from a first person technological perspective that you
can't connect 2 computers effeciently in a Window's network
without turning off Windows Firewall. So then that leads me to
question's number 2 and 3: If you can't share Windows
computers unless the Firewall is turned off does that leave ALL
OF OUR GOVERNMENTS computers at risk of hacker's because of
Microsoft?

Maybe the Government should be talking to Steve Jobs with
Apple on how Apple and Mac can offer the Government a secure
computing environment. You know, an environment that leaves
"The People" with a sense of Technological Security.

I bet that Steve Jobs wouldn't let you out of the Building carrying
a Laptop with Confidentual Secure Information. Steve would tell
you that there are security measures, one specifically called a
VPN. You know, this type of security would ensure that "No
Laptops" are found with "personal information" on them.

VPN (Virtual Private Network) Allows someone to log into a
system remotely to work with files!

J Gund
Tech01
www.Tech01.net
Posted by OneWithTech (196 comments )
Reply Link Flag
Buggy Whips
When MicroSoft stops making buggy software Symantec will stop
making buggy whips.

Jim
Posted by (12 comments )
Reply Link Flag
Whaaaat?
Why is Homeland Security interested in Microsoft? This patch tuesday is no different than last months? There's always some hole that needs to be patch and they always provide the patch and we always apply the patch. Why does the DHS all of the sudden feel that they have to tell us to apply the patch?
Posted by thedreaming (573 comments )
Reply Link Flag
Sgt Schultz
It's my experience that the supervisor all too often is simply the Sgt Schultz who has been there the longest and thus was promoted.
The security forces at airports are some of the most indignant and self-righteous workers in America. They may as well have a sign that reads: "Have a complaint? Please fill out this 5 page form and file in the trash on your way out"
They don't have to care about what you think or want or whether or not they do their job well or efficiently. When you're with them there's only one person who gets an opinion.
Don't like it? You can always drive your car instead.
Posted by Fireweaver (105 comments )
Reply Link Flag
or use new technology notme.com
Fix your windows. People don't want to do the simplest updates and yet want total privacy and security. Now they can have it. A New US Patent is being launched soon www.notme.com Fix their windows, they are users, normal people who want to surf the internet in complete privacy and do nothing to attain complete privacy. I have 7 programs on my computer to protect me yet I still get all that junk mail on anything I look at on the internet...

NO MORE !!!
Simply put:
Any person, from any PC, can visit any website... even purchase from that website, completely anonymous, completely secure, leaving absolutely no history nor tell tale information anywhere, with one click.

The NotMe "Patented Indirect Portal" Advantage:

Complete privacy and security at the website visited, they have no way of identifying you, nor any way to pass Cookies, Trojans, a Virus or any kind of Spyware to you.

Complete privacy and security from any PC or device connected to the internet that you happen to be using at the time with absolutely no way for the PC to track where you have been.

Complete privacy and security on your credit card statement.

And, there is absolutely no software needed, it is ISP based, so it works from any and all PC's today!

The US Patent is Located:
<a class="jive-link-external" href="http://portal.uspto.gov/external/portal/!ut/p/_s.7_0_A/7_0_CH/.cmd/ad/.ar/sa.getBib/.ps/N/.c/6_0_69/.ce/7_0_3AB/.p/5_0_341/.d/5?selectedTab=detailstab&#38;isSubmitted=isSubmitted&#38;dosnum=09753714" target="_newWindow">http://portal.uspto.gov/external/portal/!ut/p/_s.7_0_A/7_0_CH/.cmd/ad/.ar/sa.getBib/.ps/N/.c/6_0_69/.ce/7_0_3AB/.p/5_0_341/.d/5?selectedTab=detailstab&#38;isSubmitted=isSubmitted&#38;dosnum=09753714</a>

And all information regarding this technology is located at www.notme.com, its brand name soon to launch.

Solves all the problems and the user does nothing... because users want to do nothing... the user wants all kind of protection but wants to do nothing to attain that. Now they can.


Privacy whenever or wherever an internet user deems appropriate, is what NotMe provides.One click and forget about.


Disclaimer...If a user utilizes NotMe to break or circumvent national or international law,
NotMe will cooperate fully with any and all law enforcement agencies. We will enjoy catching you and assisting in your prosecution. Think G-Mail.
Posted by Steve Hirst (21 comments )
Reply Link Flag
NOTME.COM
Disclaimer...If a user utilizes NotMe to break or circumvent national or international law,
NotMe will cooperate fully with any and all law enforcement agencies. We will enjoy catching you and assisting in your prosecution. Think G-Mail.WHAT does this mean? how can the help?If you surf annonymusly and people and maybe them to are claiming they dont keep any records.I READ you can use your credit card securely how is that ? If they can help the law they can tell about your credit and where you been surfing.How can they claim you can surf annoymusly?What does Think gmail mean? thanks
Posted by ausburn (1 comment )
Link Flag
The real deal
From our local governments to our local neighbors everyone is always pointing fingers at Microsoft and their software. The honest truth is that more incompetent IT staff and uneducated computer users are behind these keyboards. Take a good look at our educational system from the very begging we are victims of these digital lines. I see students at high college levels that cant even use or open a piece of software like Power Point. Yet they get government jobs and even become IT graduates. The sanity of a nation has to be looked at its roots, in our case education. From that we can fix many of our flaws and learn to close the door to our friend the robber.
Posted by Kublaitrain (2 comments )
Reply Link Flag
Dear Homeland Security
I'd love to "Fix my windows".

But no one, including Microsoft, knows how to make the OS secure.
Posted by rcrusoe (1305 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.