JIMINATOR
09-10-2003, 06:50 PM
...Posted in OT so that more of you will see it....
September 10, 2003 02:12 PM EDT
WASHINGTON - Just moments before a top Microsoft executive told Congress
about efforts to improve security, the company warned customers
Wednesday of serious new flaws that leave its flagship Windows software
vulnerable to Internet attacks remarkably similar to the Blaster virus
that infected hundreds of millions of computers last month.
Microsoft urged customers to immediately apply a free repairing patch
from its Web site, www.microsoft.com. It cautioned that hackers could
seize complete control over a victim's computer by attacking these
flaws, which affects Windows technology that allows computers to
communicate with others across a network.
Outside experts said the new flaws were nearly identical to problems
that were exploited by the so-called Blaster infection, which spread
last month with devastating damage. Computer users who applied an
earlier patch in July to protect themselves still must install the new
patch from Microsoft.
"They're as close as you can be without being the same," said Marc
Maiffret, an executive at eEye Digital Security Inc. of Aliso Viejo,
Calif., one of three research groups credited with discovering the new
problems. "It's definitely a big oversight on Microsoft's part that they
missed these."
The embarrassing disclosure by Microsoft came just moments before its
senior security strategist, Phil Reitinger, told lawmakers on the House
Government Reform technology subcommittee about the company's efforts to
help consumers defend themselves against viruses and other Internet
attacks.
"Microsoft is committed to continuing to strengthen our software to make
it less vulnerable to attack," said Reitinger, a former deputy chief in
the Justice Department's cybercrime division. Still, he acknowledged,
"There is no such thing as completely secure software."
The July announcement from Microsoft about the earlier software flaw in
the same Windows technology was deemed so serious it prompted separate
warnings from the FBI and Department of Homeland Security. Roughly three
weeks later, unidentified hackers unleashed the earliest version of the
Blaster infection.
---
On the Net:
Microsoft warning:
http://www.microsoft.com/security/security...ns/ms03-039.asp (http://www.microsoft.com/security/security_bulletins/ms03-039.asp)
September 10, 2003 02:12 PM EDT
WASHINGTON - Just moments before a top Microsoft executive told Congress
about efforts to improve security, the company warned customers
Wednesday of serious new flaws that leave its flagship Windows software
vulnerable to Internet attacks remarkably similar to the Blaster virus
that infected hundreds of millions of computers last month.
Microsoft urged customers to immediately apply a free repairing patch
from its Web site, www.microsoft.com. It cautioned that hackers could
seize complete control over a victim's computer by attacking these
flaws, which affects Windows technology that allows computers to
communicate with others across a network.
Outside experts said the new flaws were nearly identical to problems
that were exploited by the so-called Blaster infection, which spread
last month with devastating damage. Computer users who applied an
earlier patch in July to protect themselves still must install the new
patch from Microsoft.
"They're as close as you can be without being the same," said Marc
Maiffret, an executive at eEye Digital Security Inc. of Aliso Viejo,
Calif., one of three research groups credited with discovering the new
problems. "It's definitely a big oversight on Microsoft's part that they
missed these."
The embarrassing disclosure by Microsoft came just moments before its
senior security strategist, Phil Reitinger, told lawmakers on the House
Government Reform technology subcommittee about the company's efforts to
help consumers defend themselves against viruses and other Internet
attacks.
"Microsoft is committed to continuing to strengthen our software to make
it less vulnerable to attack," said Reitinger, a former deputy chief in
the Justice Department's cybercrime division. Still, he acknowledged,
"There is no such thing as completely secure software."
The July announcement from Microsoft about the earlier software flaw in
the same Windows technology was deemed so serious it prompted separate
warnings from the FBI and Department of Homeland Security. Roughly three
weeks later, unidentified hackers unleashed the earliest version of the
Blaster infection.
---
On the Net:
Microsoft warning:
http://www.microsoft.com/security/security...ns/ms03-039.asp (http://www.microsoft.com/security/security_bulletins/ms03-039.asp)