Microsoft Issues New Warning

WASHINGTON

Microsoft has issued another warning regarding new flaws that leave its Windows software vulnerable to Internet attacks similar to the Blaster virus that infected hundreds of millions of computers last month.

Microsoft urges customers to immediately apply a free repairing patch from its Web site, www.microsoft.com. Products affected by this update include Windows NT 4.0, Windows 2000, Windows XP and Windows Server 2003.

The company cautions that hackers could seize control over a victim’s computer by attacking these flaws, which affect Windows technology that allows computers to communicate with others across a network.

“We definitely want people to apply this one,” said Jeff Jones, Microsoft’s senior director for trustworthy computing. Outside researchers and Microsoft’s own internal reviews discovered the new flaws after the Blaster infection, he said.

Some flaws are nearly identical to problems exploited by the Blaster worm, which spread last month with devastating damage. Computer users who applied an earlier patch in July to protect themselves still must install the new patch from Microsoft.

Experts speculate that because of the similarities, hackers could launch attacks against unprotected systems as early as day’s end on Sept. 10.

A vice president at Network Associates Inc., Robin Matlock, agrees that corporations, government agencies and home users will race the clock before the next attack. “Without a doubt, this is a nasty vulnerability. It could easily be exploited,” she said. “Administrators are under more pressure here to move quickly.”

Microsoft Senior Security Strategist Phil Reitinger, told lawmakers on the House Government Reform technology subcommittee about the new flaws and said Microsoft is considering changing Windows to install software repairs automatically. Currently, computer users are notified when updates are available and reminded to manually click to install them.

Microsoft said Windows users who follow the company’s new security guidelines on its Web site at www.microsoft.com/protect should be safe until they install the latest patch. The company plans a Webcast on Friday to discuss the latest threat.

The July announcement from Microsoft about the earlier software flaw in the same Windows technology was deemed so serious it led to separate warnings from the FBI and Homeland Security Department. About three weeks later, unidentified hackers unleashed the earliest version of the Blaster infection.

To view the actual warning, go to Microsoft Warning or http://www.microsoft.com/security/security_bulletins/ms03-039.asp.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters