Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
DHS urges all Windows user to patch
Published: 2006-08-11

In an unusual move, the U.S. Department of Homeland Security has issued a statement urging all Windows users to apply Microsoft's latest set of critical patches.

In a statement issued this week, the DHS has recommended that all users and system administrators apply Microsoft security patch MS06-040 as soon as possible. "This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users."

While the criticality of Microsoft patches is nothing new, the move is unusual in that the government rarely issues such statements. The U.S. Computer Emergency Readiness Team (US-CERT) warned that attackers had already started using the Windows Server service flaw (MS06-040) to attack systems. The advice to patch may suggest the government or US-CERT members may have additional information about pending or potential attacks against critical infrastructure that has not been made public.

Already, some security experts are anticipating that an Internet worm, an attack form that has become rare, will appear using the Windows Server service flaw. Exploit code from several penetration testing companies and open-source frameworks appeared shortly after the patch was released, and it appears the vulnerability is relatively easy to exploit. Exploits based on the flaw can affect Windows XP/SP2 systems patched with all by the latest fixes, even with the default Windows firewall enabled, according to one researcher.

Microsoft recently released patches for 23 flaws, including ten critical security holes. Most users will receive these updates automatically through Microsoft's Automatic Updates functionality for Windows XP, 2000 and 2003. Users, however, should verifiy that the patches have been installed correctly and that their PC is up to date.

Posted by: Kelly Martin
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus