Homeland Security: Apply MS06-040 Patch

By Ryan Naraine  |  Posted 2006-08-09 Email Print this article Print
 
 
 
 
 
 
 

In an unusual move, the Department of Homeland Security releases a firm notice to Windows users: Pay special attention to a gaping worm hole in Windows. Proof-of-concept exploits have already been created.

Less than 24 hours after Microsoft shipped security fixes for 23 serious software vulnerabilities, the U.S. government's Department of Homeland Security issued a firm notice to Windows users: immediately apply the patches in the MS06-040 bulletin.

In a somewhat unusual move, the DHS warned that the patches cover a remote code execution vulnerability that could be used in a network worm attack similar to Blaster, Slammer of Sasser.

"Windows users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch," the agency said in an public advisory.

The department warned that a successful attack could be launched remotely to take control of an affected system and install programs, view, change or delete data, and create new accounts with full user rights.

Read more here about Microsoft's efforts to patch a vulnerability.

"This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users," the DHS added.

The DHS recommended that home users opt for Microsoft's Windows Update to automatically download and apply all the appropriate security fixes.

The MS06-040 bulletin addresses a buffer overflow in Server Service, which is used to provide RPC (remote procedure call) support, file print support and named pipe sharing over a network.

Because the flaw presents a remote, unauthenticated attack vector, an anonymous attacker could send specially rigged network packets over the Internet to launch malicious code on vulnerable systems.

Read the full story on eWEEK.com: Homeland Security: Apply MS06-040 Patch



 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters



















 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date