August 09, 2006
DHS warning on latest Microsoft patch
Hackers have already exploited a Windows Server service, one of the 12 vulnerabilities patched just recently
Recommend ThisThe U.S. Department of Homeland Security (DHS) warned Wednesday that a recently patched Microsoft Corp. Windows vulnerability could put the nation's critical infrastructure at risk.
The patch, described in Microsoft Security Bulletin MS06-040, relates to Windows Server services. It was one of 12 updates issued Tuesday, by the software giant, but security experts are particularly concerned with the bug because hackers have already exploited the vulnerability. The vulnerability is described on Microsoft's Web site.
Microsoft is advising customers to give this update priority, said Christopher Budd, a security program manager with Microsoft's security response center. "The top thing that we're trying to help people understand is we want them to take 06-040 and put it at the top of the stack," he said late Tuesday.
The DHS statement echoed Microsoft's sentiments warning that the vulnerability "could impact government systems, private industry and critical infrastructure, as well as individual and home users."
Attackers have already started exploiting the vulnerability in a limited manner, Budd said. A sample exploit has been published within Immunity Inc.'s security testing toolkit and snippets of the malware are beginning to circulate in public, security vendors said.
The bug is of particular concern because Windows Server services are generally enabled by default on Windows systems, and a worm based on the flaw could end up being widespread. Windows Server services are used for common network applications like file sharing and printing.
The fact that DHS has taken the rare step of warning about MS06-040 underscores the severity of the situation, said Jonathan Bitle, manager of technical accounts with Qualys Inc.
But because security conscious companies are blocking the Internet ports used by this malware -- ports 139 and 445 -- any worm will have a hard time jumping from one corporate network to another, Bitle said. "It will probably be the type of situation where if a worm does come out, it will hit sporadically through different companies where they haven't been able to apply the patches or put the controls in place."
White Paper
D2D Virtual Tape Library Replication Primer
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
White Paper
An Alternative to Virtualization for Datacenter Cost Savings
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
White Paper
Why Your Firewall, VPN, and IEEE 802.11i Aren't Enough to Protect Your Network
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
White Paper
Bringing the Edge to the Data Center
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
- How Zscaler Tackles Emerging Web Threats with High Speed, Real-Time Content Inspection in the Cloud | White Paper
- Upgrading to VMware vSphere with vWire | White Paper
- Removing Barriers To Better Server Virtualization Efficiency | White Paper
- Windows Phones and Unified Communications | White Paper
- Lower the Cost and Complexity of a Mobile Workforce through Automation | Webcast
Sign up to receive Platforms Resource Alerts
Make IT work as one. Register for Novell BrainShare 2010. Complimentary Energy Efficiency Kit - Cut Energy Costs NowSuper Multi NAS devices from LG
See how AT&T can help protect your network. Make IT Work As One at novell.comHP ProLiant G6 Servers. Perform like a superstar, Save like an accountant.HP ProLiant G6 Servers. Perform like a superstar, Save like an accountant.Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.Increase UPS efficiency without sacrificing protectionIn less than 45 minutes, Palisade Systems protects your data
Return on Information: Google Enterprise Search pays you back. Get the facts.Analytics: Use your data to drive insights that enable better decisions.Restrict internet access with GFI WebMonitor™. Now 30% Off! www.gfi.com/web-filterToday’s IT means business. New eBook shows you how to align your IT investments.A new level of interoperability. Make IT Work As One at novell.comLimited-time offer: Save up to $100 on Polycom phones. 64-page prescriptive guide to security, compliance, and IT operations.Learn about Foundations of Green IT, from CTO Marty Poniatowski802.11n Drives an Architectural EvolutionSee IBM CloudBurst's self-service user interface in action
