Microsoft Plugs Three Windows Security Holes
Microsoft today issued a critical software update to plug at least three security holes in its Windows operating systems. The patch, which applies to all supported versions of Windows, is available from the Microsoft Update Web site, or via Automatic Updates.
All three security vulnerabilities relate to a weakness in the "Server Message Block" (SMB) protocol, a component of Windows used to provide shared access to files, printers, and other communications over a network.
Blueprints showing would-be attackers how to exploit one of the flaws were posted online back in October; Microsoft said the other two vulnerabilities were privately reported.
SMB threats can generally be stopped by a decent firewall, as they rely on the attacker or malicious software having direct access to a network hosting vulnerable systems. However, businesses typically test patches before deploying them to make sure they don't interfere with custom software, and in the meantime infected laptops brought in from the outside and plugged into the internal network can very quickly spread a worm designed to attack the flaw.
Eric Schultze, chief technology officer at Shavlik Technologies, a patch management firm, said he fully expects to see a worm emerging at some point to exploit one or more of these SMB vulnerabilities.
"If a worm is released, and that worm makes it into a corporate network, it will make Swiss cheese of that network relatively quickly," Shultze said.
Microsoft also added two new strains of malware to its "malicious software removal tool" (MSRT), an optional component updated once a month that can scan for and remove some of the most prevalent threats in circulation today. If installed and updated, the MSRT will run once a month when the computer is idle.
Added to the MSRT this month is "Downadup," a relatively new computer worm that attacks another Windows networking flaw Microsoft patched in October. Microsoft also threw in detection for the prolific "Bancos" family of data-stealing Trojan horse programs.
January 13, 2009; 4:33 PM ET
Categories: From the Bunker , Latest Warnings , New Patches , Safety Tips
Save & Share: Previous: Meet the New Bots: Will We Get Fooled Again?
Next: Tricky Windows Worm Wallops Millions
Posted by: eiverson1 | January 14, 2009 2:15 PM | Report abuse
Posted by: jjjdavidson | January 14, 2009 2:51 PM | Report abuse
The comments to this entry are closed.