- Related Stories
-
Another hefty patch month for Microsoft
August 8, 2006 -
Windows worm starts its spread
August 11, 2003
The agency, which also runs the United States Computer Emergency Readiness Team (US-CERT), sent out a news release on Wednesday recommending that people apply Microsoft's MS06-040 patch as quickly as possible. The software maker released the "critical" fix Tuesday as part of its monthly patch cycle.
"Users are encouraged to avoid delay in applying this security patch," the Department of Homeland Security said in the statement. The patch fixes a serious flaw that, if exploited, could enable an attacker to remotely take complete control of an affected system, the agency said.
Microsoft on Tuesday issued a dozen security bulletins, nine of which were tagged "critical," the company's highest severity rating. However, the flaw addressed in MS06-040 is the only one among the updates that could let an anonymous attacker remotely commandeer a Windows PC without any user interaction.
The flaw has some similarities to the Windows bug that enabled the notorious MSBlast worm to spread in 2003. Both security vulnerabilities are related to a Windows component called "remote procedure call," which provides support for networking features such as file sharing and printer sharing.
"Blaster took advantage of a vulnerability in the same service. We recognize that this is something that is easily exploitable," said Amol Sarwate, the manager of vulnerability research lab at Qualys. "It is excellent that DHS sent out this alert, because I think a lot of people are vulnerable."
Microsoft has seen a "very limited attack" that already used the newly disclosed flaw, the software maker said Tuesday.
Overnight, some hacker toolkits were updated with code that allows researchers to check for the flaw and exploit it, said Neel Mehta, a security expert at Internet Security Systems in Atlanta.
"This is a very serious vulnerability," Mehta said. "At the moment, this exploit is being used in targeted attacks to compromise specific systems. However, there is nothing about the nature of the vulnerability that prevents it from being used in a much more widespread fashion as part of a worm."
Microsoft worked with the Department of Homeland Security on the alert, a company representative said. "Microsoft...encourages customers to deploy this update on their systems as soon as possible, given that we are aware of targeted exploitation of the vulnerability," the representative said.
Microsoft deems the vulnerability critical for all versions of Windows. However, users of Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1 should be protected by the Windows Firewall if they do not use file sharing and printer sharing, Christopher Budd, a security program manager at Microsoft, said in an interview Tuesday.
The Microsoft updates are available via the Windows Update and Automatic Updates tools as well as from Microsoft's Web site. Temporary workarounds are outlined in the security bulletins for those who can't immediately apply the patches.
See more CNET content tagged:
Neel Mehta, alert, flaw, vulnerability, homeland security
the wall? Unplug it and throw it away.
It's the only successful method of securing Windows I've ever
found.
They say "You can do it. We can help"
"You can do it. We can help"
Why take such an afront to their suggestion?
When we stop hiring illegals there might be a light at the end of the tunnel.
Who are cleaning, building and cutting our grass?
What a joke America has become.
You've got to love Bush and his DHS.
called the Democrats Tax and Spenders!
The funniest part is, DHS computers will be easy for cyber terrorists
to hack. You'd think that department wouldn't have chosen to use
the world's least secure OS, but they did.
praise Bush, and his dept of human services...
deal?
you know my e-mail address Joris...
i look forward to it
http://www.techknowcafe.com/content/view/603/43/
in support of Microsoft. When did M$ buy the Dept. of Homeland Stupidity?
stoopid dhs indeed
DoHS says, "Patch!...for 'your [i]safety[/i]!!!"
Brainwashed sheeple patch, then DoHS, NSA and [i]GOD[/i]...[b]OOOOOOOPS!!!![/b].......[u]GOP[/u] can spy inside of EVERYONE'S computers. Or at least those running Windoze platforms. ;)
After waiting and waiting for his PC to even recognize his mouse inputs, he called over three coworkers to stupidly gaze at the unresponsive screen. Finally, he said to them, "Huh! I guess we got another one of them viruses in the system. Better get that guy we had last week back in to fix it."
I piped up at this point that I was a bit uncomfortable having my passport details entered into a compromised system. All four bovine heads lifted and turned toward me at the same time, with the same look of uncomprehending incredulity on their faces that a mere Citizen had dared to speak to them. Finally, one of them said, "I suggest you leave this to us...sir."
Looks like the DHS isn't the only bunch who haven't clue one about how to do their jobs.
Don't be such a jackass..
Count you blessings instead of your inconveniences
Windows without the ability to share computers and printers?
I'll tell you from a first person technological perspective that you
can't connect 2 computers effeciently in a Window's network
without turning off Windows Firewall. So then that leads me to
question's number 2 and 3: If you can't share Windows
computers unless the Firewall is turned off does that leave ALL
OF OUR GOVERNMENTS computers at risk of hacker's because of
Microsoft?
Maybe the Government should be talking to Steve Jobs with
Apple on how Apple and Mac can offer the Government a secure
computing environment. You know, an environment that leaves
"The People" with a sense of Technological Security.
I bet that Steve Jobs wouldn't let you out of the Building carrying
a Laptop with Confidentual Secure Information. Steve would tell
you that there are security measures, one specifically called a
VPN. You know, this type of security would ensure that "No
Laptops" are found with "personal information" on them.
VPN (Virtual Private Network) Allows someone to log into a
system remotely to work with files!
J Gund
Tech01
www.Tech01.net
Windows without the ability to share computers and printers?
I'll tell you from a first person technological perspective that you
can't connect 2 computers effeciently in a Window's network
without turning off Windows Firewall. So then that leads me to
question's number 2 and 3: If you can't share Windows
computers unless the Firewall is turned off does that leave ALL
OF OUR GOVERNMENTS computers at risk of hacker's because of
Microsoft?
Maybe the Government should be talking to Steve Jobs with
Apple on how Apple and Mac can offer the Government a secure
computing environment. You know, an environment that leaves
"The People" with a sense of Technological Security.
I bet that Steve Jobs wouldn't let you out of the Building carrying
a Laptop with Confidentual Secure Information. Steve would tell
you that there are security measures, one specifically called a
VPN. You know, this type of security would ensure that "No
Laptops" are found with "personal information" on them.
VPN (Virtual Private Network) Allows someone to log into a
system remotely to work with files!
J Gund
Tech01
www.Tech01.net
should you need to take confidential data with you, at least it can
have reasonable security if you use a strong password. MS
however, removed their "locked" folders feature at the request of IT
departments!
Windows without the ability to share computers and printers?
I'll tell you from a first person technological perspective that you
can't connect 2 computers effeciently in a Window's network
without turning off Windows Firewall. So then that leads me to
question's number 2 and 3: If you can't share Windows
computers unless the Firewall is turned off does that leave ALL
OF OUR GOVERNMENTS computers at risk of hacker's because of
Microsoft?
Maybe the Government should be talking to Steve Jobs with
Apple on how Apple and Mac can offer the Government a secure
computing environment. You know, an environment that leaves
"The People" with a sense of Technological Security.
I bet that Steve Jobs wouldn't let you out of the Building carrying
a Laptop with Confidentual Secure Information. Steve would tell
you that there are security measures, one specifically called a
VPN. You know, this type of security would ensure that "No
Laptops" are found with "personal information" on them.
VPN (Virtual Private Network) Allows someone to log into a
system remotely to work with files!
J Gund
Tech01
www.Tech01.net
making buggy whips.
Jim
The security forces at airports are some of the most indignant and self-righteous workers in America. They may as well have a sign that reads: "Have a complaint? Please fill out this 5 page form and file in the trash on your way out"
They don't have to care about what you think or want or whether or not they do their job well or efficiently. When you're with them there's only one person who gets an opinion.
Don't like it? You can always drive your car instead.
NO MORE !!!
Simply put:
Any person, from any PC, can visit any website... even purchase from that website, completely anonymous, completely secure, leaving absolutely no history nor tell tale information anywhere, with one click.
The NotMe "Patented Indirect Portal" Advantage:
Complete privacy and security at the website visited, they have no way of identifying you, nor any way to pass Cookies, Trojans, a Virus or any kind of Spyware to you.
Complete privacy and security from any PC or device connected to the internet that you happen to be using at the time with absolutely no way for the PC to track where you have been.
Complete privacy and security on your credit card statement.
And, there is absolutely no software needed, it is ISP based, so it works from any and all PC's today!
The US Patent is Located:
http://portal.uspto.gov/external/portal/!ut/p/_s.7_0_A/7_0_CH/.cmd/ad/.ar/sa.getBib/.ps/N/.c/6_0_69/.ce/7_0_3AB/.p/5_0_341/.d/5?selectedTab=detailstab&isSubmitted=isSubmitted&dosnum=09753714
And all information regarding this technology is located at www.notme.com, its brand name soon to launch.
Solves all the problems and the user does nothing... because users want to do nothing... the user wants all kind of protection but wants to do nothing to attain that. Now they can.
Privacy whenever or wherever an internet user deems appropriate, is what NotMe provides.One click and forget about.
Disclaimer...If a user utilizes NotMe to break or circumvent national or international law,
NotMe will cooperate fully with any and all law enforcement agencies. We will enjoy catching you and assisting in your prosecution. Think G-Mail.
NotMe will cooperate fully with any and all law enforcement agencies. We will enjoy catching you and assisting in your prosecution. Think G-Mail.WHAT does this mean? how can the help?If you surf annonymusly and people and maybe them to are claiming they dont keep any records.I READ you can use your credit card securely how is that ? If they can help the law they can tell about your credit and where you been surfing.How can they claim you can surf annoymusly?What does Think gmail mean? thanks
- Dear Homeland Security
- by rcrusoe August 11, 2006 4:35 PM PDT
- I'd love to "Fix my windows".
- Like this Reply to this comment
-
(50 Comments)But no one, including Microsoft, knows how to make the OS secure.