Network News

X My Profile
View More Activity

Microsoft Issues Emergency Patch

Microsoft Corp. today issued an emergency software update to plug a critical security hole in its Windows operating system. The free update is available either from the Microsoft Update site or via the company's automatic updates feature. Alternatively, Windows users can download and manually install the standalone patch directly from the Microsoft security advisory.

Windows users should install this update immediately, as an increasing number of criminal groups are targeting one of the vulnerabilities fixed by this patch to silently install software when users visit a malicious Web site or open a specially crafted e-mail.

Microsoft had been slated to release the update a week from today, but issued the fix earlier due to a marked increase in the number of attackers currently exploiting the flaw. In addition, today's patch also fixes six other security holes present within nearly all versions of Windows.

This is the third time since January 2006 that Microsoft has deviated from its monthly patch cycle to plug security holes that hackers were actively exploiting. The company typically issues patches on the second Tuesday of each month.

If you've taken my oft-uttered advice and are running Windows under a limited user account, you will need to log in using the administrator account to install the patch.

By Brian Krebs  |  April 3, 2007; 3:58 PM ET
Categories:  Latest Warnings , New Patches , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft Rushes Out a Security Update
Next: Yoo-Hoo! Do You Yahoo?


Windows is sooo vulnerable. It's sick how much crudy and buggy software people are willing to stand these days. My advice is don't install the update, switch to Linux or Mac

Posted by: Dweeberkitty | April 3, 2007 11:14 PM | Report abuse

Security through obscurity...If Linux or Mac distributions were the most popular operating systems in the world we would see just as many vulnerabilities. Interesting note - Linux vulnerabilities have nearly doubled every year since 2002. Reportedly 100+ in 2005 compared to 11 in 2002. As Linux becomes more popular at home and in the enterprise the number of vulnerabilities will continue to grow.

Posted by: T | April 3, 2007 11:29 PM | Report abuse

Ah, typical work from RipYouOffSoft. Windows Vista-- same typical bugs and security flaws you've come to dread, but w/ "eye-candy" (Aeroglass) that isn't worth the inflated price. Nice.

Posted by: Jacob Kasza | April 4, 2007 12:26 AM | Report abuse

Oh... and is there a reason _why_ The Washington Post neglected to mention this very potent security flaw _also_ affects Vista users, like other sites (Google News) have been stating?

Posted by: JacobKasza - London, Ontario, Canada | April 4, 2007 12:29 AM | Report abuse


Most "Linux" vulnerabilities have nothing to do with the actual operating system. Unlike Windows or Linux, most distros come with a wide variety of applications in addition to the base system. Any time there's a vulnerability in one of these applications, it gets noted as a "Linux" vulnerability even though the vast majority of the software is also available with Windows and Macs and even though the vulnerability is not nearly as severe as a problem with Windows (especially since Linux users don't run with administrator priveleges, generally speaking).

Posted by: CD | April 4, 2007 1:11 AM | Report abuse

You mentioned that I would need to move to the administrative account to install this patch. When I went to restart the computer in admin mode, the limited user shut down screen said that it would install a MSFT patch if I pushed turn of the computer button.

To test whether this worked, I later restarted in admin, and used the MSFT update screen to check for critical updates. It said none were available. MSFT may have found a way to install at least some of its patches from the limited user account.

Posted by: Mike | April 4, 2007 1:35 AM | Report abuse

T and others:

I thought this might interest you...
It's a vulnerability study.

To sum it up: windows=very vulnerable, linux=not to vulnerable!
(remotely accessible vulnerabilities)

check out the paper, its very interesting!

~ Jeff

Posted by: Jeff | April 4, 2007 1:43 AM | Report abuse

Curious that two XP systems automatically downloaded the patch without any problem; not so for the Vista System. Vista had to be done by manual download. Is that connected with Vista's so-called security enhancments I wonder.

Posted by: Steve | April 4, 2007 1:44 AM | Report abuse

Jeff, that article is a joke. Even the slashbots thought as much.

Scanning some operating systems with Nmap and Nessus is not a comprehensive study of the relative security of those operating systems.

The article also compares the latest versions of various Linux distros to XP and 2003 RTM versions which are several years old and not even supported/sold anymore. The article then goes on to admit that up-to-date instances of XP and 2003 are secure (according to the weak methodology).

Symantec recently published a report showing that Windows has significantly less days of risk than any other OS (Linux or OS X) in the last six months of 2006, meaning that Microsoft fixes vulnerabilities faster than the others. Windows also had less total vulnerabilities than all others.

Posted by: Matt | April 4, 2007 2:27 AM | Report abuse

It's the speed at which a OS provider (or any software provider for that matter) reacts and provides a fix for a problem which is important - there will always be bugs/problems, in any OS.

The peurile copy-cat line that we unfortunately keep hearing about Mac/Linx being universally better regarding security is, as we know, an old myth. Sure, sometimes it's true, but please stop pointless generalising.

Posted by: tallsandwich | April 4, 2007 5:38 AM | Report abuse

Since downloading the two patches yesterday, several of my usual visited sites are not rendering correctly; both under Opera and IE7. Please don't tell me I'm the only one!

Posted by: Bartolo | April 4, 2007 7:48 AM | Report abuse


April 03, 2007 ~ "Contrary to other reports, Mozilla's Firefox 2.0 is vulnerable to attackers armed with the Windows animated (ANI) cursor exploit... Alexander Sotirov, the vulnerability researcher at Determina who discovered the ANI flaw last December and notified Microsoft of it later that month, yesterday posted a demonstration of an ANI exploit that hijacks a PC when Firefox users are conned into visiting a malicious site..."


Posted by: J. Warren | April 4, 2007 8:42 AM | Report abuse

Automatic updates on Windows XP will work under the limited account, but going to Windows/Microsoft Update won't work. That's why your machine updated. If you want the updates before the Automatic Updates check for them, you have to go over to the admin account and manually check for them at Microsoft's website.

I like BK's idea from his last post that MS should release an initial patch for "home users" or those who don't worry about interference with 3rd-party apps, then follow up with a final patch, which would replace the initial one if it needed to. Why not?

Posted by: michael | April 4, 2007 11:54 AM | Report abuse

After installing the patch, I started getting an Illegal System DLL Relocation warning when WIN-XP starts that says RTHDCPL.EXE will not run properly. Anyone else?

Posted by: Justin Emalius | April 4, 2007 12:15 PM | Report abuse

For those of you recommending to switch to Linux, you have no idea what you are talking about. Recent studies concluded that in the last years, Linux had had more vulnerabilities than Windows. On top of that, Linux community does not get it right, Linux software is buggy and does not offer still good GUI for regular users. Windows is the best solution for most of the people. The basic problem is that programmers are "human beings", they make mistakes, and it does not matter where they work (Microsoft or open source), they will keep making mistakes and thus providing buggy and vulnerable software.

So you Linux advocates, for once, understand this fact.


Posted by: Fred | April 4, 2007 12:23 PM | Report abuse

After installing the patch, I started getting an Illegal System DLL Relocation warning when WIN-XP starts that says RTHDCPL.EXE will not run properly. Anyone else?

Been there. Got the T-Shirt.

Apply the hotfix here:

Posted by: FreewheelinFrank | April 4, 2007 1:18 PM | Report abuse

Interesting to talk about Linux having vulnerabilities without mentioning their severity relative to windows ones. The recent comparison of windows, osX and Linux vulerabilities showed that MS had the fewest overal but the highest number of severe ones. 12 high priority for windows, 2 for Linux, 1 for OSX.

Posted by: Stu | April 4, 2007 3:40 PM | Report abuse

On the network I'm supporting, all users run Windows with limited user access rights. There are, from time to time some issues, with some applications trying to access protected parts of the registry, or needing write privileges in their install folder (usually if under Program Files), but largely, everything is OK. I have NEVER had popups, spyware, malware or adware problems on that network. I know there are some exploits which can escalate their privileges to admin, but personally, I've never been faced with one.
On my home computers, I like to run Windows with admin rights. However, I run all three browsers I'm using (Firefox, Opera and Internet Explorer), as a separate user with limited access rights. I don't run any anti spyware application, because I found all of them to be too much a burden for the computer. However, when I scan my computers, from time to time, with Spyware Doctor, the only threats it finds are cookies.
Windows 95, 98, Millenium, didn't have file level security, and they were/are very vulnerable to the malware-adware-spyware threats. Since Windows NT though, running the OS as a user with limited access rights can prevent 95% of the these particular kind of problems. I don't think it is Windows fault that its built-in protections are not largely used.

Posted by: Alan | April 4, 2007 4:31 PM | Report abuse

After installing the patch, RTHDCPL.EXE will not run properly. Anyone else?
- Justin Emalius
Been there. Got the T-Shirt. Apply hotfix kb935448.
- FreewheelinFrank

Hey, thank you!

Posted by: Justin Emalius | April 4, 2007 5:10 PM | Report abuse

There is a problem with today's security update KB925902 - after installation my Toshiba comes up with a warning the a .dll library has been changed, and the vendor should be notified.
I'm not going to install this on my other PC until this update gets fixed.

Posted by: sfmaster | April 4, 2007 8:30 PM | Report abuse

Thanks for the explanation Michael.

Posted by: Mike | April 4, 2007 11:55 PM | Report abuse

"There is a problem with today's security update KB925902 - after installation my Toshiba comes up with a warning the a .dll library has been changed, and the vendor should be notified.
I'm not going to install this on my other PC until this update gets fixed."

It has been. See above.

Posted by: FreewheelinFrank | April 5, 2007 2:27 AM | Report abuse

I will reserve my profanities for Microsoft. Read Brian's Security Fix yesterday and immediately allowed the OS update.
I got the stupid, obtuse message about the illegal dll, RTHDCPL.exe and tried to find an answer - much wasted time.
Today I came back to Brian's column and there it was!
Brian - you and your posters are the best!

Posted by: Emilie | April 5, 2007 11:55 AM | Report abuse


Apr 9 2007 ~ "...Now... there are more than 2000 unique sites that are hosting exploit code and/or are compromised and are pointing to machines that host exploit code..."


Posted by: J. Warren | April 9, 2007 5:01 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company