Homeland Security: Fix your Windows
August 9, 2006
In a rare alert, the U.S. Department of Homeland
Security has urged Windows users to plug a potential
worm hole in the Microsoft operating system.
The agency, which also runs the United States Computer
Emergency Readiness Team (US-CERT), sent out a news release
on Wednesday recommending that people apply Microsoft's
MS06-040 patch as quickly as possible. The software maker
released the "critical" fix Tuesday as part
of its monthly patch cycle.
"Users are encouraged to avoid delay in applying
this security patch," the DHS (Department of Homeland
Security) said in the statement. The patch fixes a serious
flaw that, if exploited, could enable an attacker to
remotely take complete control of an affected system,
the agency said.
Microsoft on Tuesday issued a dozen security bulletins,
nine of which were tagged "critical," the company's
highest severity rating. However, the flaw addressed
in MS06-040 is the only one among the updates that could
let an anonymous attacker remotely commandeer a Windows
PC without any user interaction.
The flaw has some similarities to the Windows bug that
enabled the notorious MSBlast worm to spread in 2003.
Both security vulnerabilities are related to a Windows
component called "remote procedure call," which
provides support for networking features such as file
sharing and printer sharing.
"Blaster took advantage of a vulnerability in the
same service. We recognize that this is something that
is easily exploitable," said Amol Sarwate, the manager
of vulnerability research lab at Qualys. "It
is excellent that DHS sent out this alert, because I
think a lot of people are vulnerable."
Microsoft has seen a "very limited attack" that
already used the newly disclosed flaw, the software maker
Overnight, some hacker toolkits were updated with code
that allows researchers to check for the flaw and exploit
it, said Neel Mehta, a security expert at Internet Security
Systems in Atlanta.
"This is a very serious vulnerability," Mehta
said. "At the moment, this exploit is being used
in targeted attacks to compromise specific systems. However,
there is nothing about the nature of the vulnerability
that prevents it from being used in a much more widespread
fashion as part of a worm."
Microsoft worked with the Department of Homeland Security
on the alert, a company representative said. "Microsoft...encourages
customers to deploy this update on their systems as soon
as possible, given that we are aware of targeted exploitation
of the vulnerability," the representative said.
Microsoft deems the vulnerability critical for all versions
of Windows. However, users of Windows XP with Service
Pack 2 and Windows Server 2003 with Service Pack 1 should
be protected by the Windows Firewall if they do not use
file sharing and printer sharing, Christopher Budd, a
security program manager at Microsoft, said in an interview
The Microsoft updates are available via the Windows
Update and Automatic Updates tools as well as from Microsoft's
Web site. Temporary workarounds are outlined in the security
bulletins for those who can't immediately apply the patches.