Microsoft Issues Stopgap Fix for Windows Flaw
Microsoft this week released a stopgap security fix for a critical flaw present in some Windows PCs that could let attackers remotely seize control of vulnerable systems. But as scary as this vulnerability sounds, it may actually be better for some Vista users to wait until Microsoft issues an official update.
Microsoft issued the emergency workaround after reports that security researchers were publishing proof-of-concept exploits that attackers might use to figure out how to attack the flaw. The workaround Microsoft released doesn't fix the problem so much as disable the vulnerable component. In the meantime, Redmond says, it is working on developing a more precise, official patch.
The flaw resides in the file-sharing capability of Windows Vista and Windows Server 2008 systems. It does not affect Windows XP, Windows 2000 or Windows Server 2003 computers. Microsoft says the vulnerability does not exist in the version of Windows 7 that the company has released to PC makers, but that it is present in the first release candidate of Windows 7 (ZDNet.com reports that Microsoft fixed the bug in Windows 7 build 7130).
This stopgap patch may not be suitable for all users. For one thing, this flaw is mainly a threat for organizations that run large numbers of affected systems in a network, as it would most likely be exploited by a computer worm designed to spread to other vulnerable hosts once it has wiggled inside a network. It is less of a threat to consumer systems, provided those users are protected with some kind of firewall (such as the built-in Windows Firewall), which should by default block file-sharing traffic coming from the Internet.
Also, this interim fix may disable the ability to share files or printers on a network, so if you're a Vista user and don't want to lose this capability, it might be best to just wait for an official update from Redmond -- which could be issued as early as next month.
If you're a Vista user and you don't share files or printers across a home network, you should consider deploying this simple fix. Installing this fix should not impact Windows users' ability to install the official patch, whenever it is made available.
To install this fix, click on the "Fix It" icon at the left on this page here, then save and run the supplied file. If for whatever reason you'd like to undo this setting, click the "Fix It" icon on the right at that same page.
September 22, 2009; 11:13 AM ET
Categories: Latest Warnings , New Patches , Safety Tips | Tags: 0day, microsoft
Save & Share: Previous: Data Breach Highlights Role Of 'Money Mules'
Next: Maine Firm Sues Bank After $588,000 Cyber Heist
The comments to this entry are closed.