Microsoft issues new security alert

  • Email a Friend
  • Print Page
Microsoft issues new security alert
By Shaun Nichols
Oct 24, 2008 3:03 PM
Tags: windows | microsoft | security | update | vulnerability | attacks

Microsoft is issuing a critical fix for Windows users. The company issued the alert following reports of targeted attacks against a vulnerability in the server component for all currently supported versions of Windows and Windows Server.

An attacker can exploit the flaw by sending the user a specially-crafted Remote Procedure Call packet. A successful exploit would allow the attacker to remotely execute code on the target system.

Though the reported attacks were believed to be targeted and not widespread, Microsoft is releasing a fix for the flaw through its automatic update services.

The bulletin is rated as critical for all versions of Windows and Windows server with the exception of Windows Vista and Server 2007, which have been issued a less severe "important" risk rating due to protections which limit the attack to authenticated users.

Normally, the company prefers to release all security updates as a single download on the second Tuesday of each month. When in-the-wild attacks occur, however, Microsoft will sometimes release unscheduled "out of cycle" security fixes.

Part of the risk, say experts, comes from the dangerous nature of the vulnerability. Because the vulnerability can be exploited without any user interaction, a malware infection could silently be spread amongst millions of computers without detection.

Security firm Lumensia issued a statement urging users and administrators to update their systems as soon as possible.

"An exploit designed around this vulnerability can propagate without user interaction from machine to machine, similar to worms from years ago such as Code Red and Nimda," said the company.

"As this security update addresses a vulnerability that is currently being exploited, IT administrators should take immediate action to patch this vulnerability."

Users can obtain the fix via the Microsoft Update or Windows Update components, or through the company's direct download site.

Copyright © 2009 vnunet.com


 
Comments

Be the first to comment on this article.
Thoughts on this article? Add a comment below.
Comment:
Want to participate in the discussion?
Or log in now to comment
 
 
Top Stories
Conroy opens NBNCo regulation debate
Part two of the regulatory reforms paper.
 
Utilities wise up to smart grids
Power to the people?
 
Sydney Water turned off wrong pipe
Admits error with Macquarie Telecom data centre.
 
Exclusive Data Centre - Sponsored Content by Microsoft

Latest Comments

"I turn bluetooth off on my mobile to save the battery. Looks like now I've got another reason. "
by Slatts Jul 4, 2009 1:09 PM
 
"I'm kind of assuming that the water was used in water cooled condensers for the air-conditioning...."
by Slatts Jul 2, 2009 8:54 PM
 
"Why do we have to listen to Nick Minchin's comments? He is just about irrelevant in his opinions ..."
by ngo Jul 2, 2009 8:35 PM
 
" It's not very surprising that the Chinese junta still wants to impose the 'Green Dam - Youth ..."
by anonymous Jul 2, 2009 3:49 PM
 
"I would suggest for anyone wanting to join in the BOINC projects such as SETI@home, World ..."
by wolfgang8741 Jul 2, 2009 5:37 AM

Polls

What will you do when your iPhone contract comes up for renewal?




   |   View results
Retain my current service provider
  12%
 
Switch to a cheaper plan
  18%
 
Switch to a better network
  17%
 
Switch to whoever offers free tethering
  18%
 
Change handset altogether
  36%
TOTAL VOTES: 193

Vote