Welcome Guest [Log In] [Register]

Welcome to Technology Chat Corner. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Plus, members will have all ads on the board removed. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: Username:   Password: Log In

Microsoft Releases Emergency Critical Patch
Topic Started: Oct 23 2008, 05:48 PM (92 Views)
Speedy	Oct 23 2008, 05:48 PM Post #1
Google Whore Posts: 2,767 Group: Admin Member #8 Joined: January 27, 2007	Microsoft Releases Emergency Critical Patch http://www.crn.com/security/211600229 Microsoft (NSDQ:MSFT) issued an emergency critical update Thursday addressing a malicious Internet worm that could allow attackers to infiltrate systems remotely and take control over users' computers without any user interaction. The critical update is one of a handful of out-of-band patches released in the past few years, experts say. Microsoft issues regularly scheduled updates on the second Tuesday of every month, which has become known in IT security circles as "Patch Tuesday." The fact that Microsoft has released what is known as an "out-of-band" patch indicates that the vulnerability is pretty severe, experts say. "They are not afraid to go out of band if this is something extremely important. This is something that couldn't wait," said Jason Miller, security and data team manager for Shavlik Technologies. The vulnerability, which affects almost every Windows operating system, is rated critical for multiple versions of Windows 2000, XP and Server 2003, but is given the less severe rating of "important" for Vista and Server 2008. The error, if left unpatched, allows remote attackers to infiltrate systems in order to take control of users' computers and steal data without any user interaction or social engineering lures. What makes this bug particularly nasty is that it has the ability to rapidly spread to other vulnerable computers within the network, experts say. "You're talking about the ability to take full control of the system without any user interaction," said Miller. "You don't have to put in login credentials and you don't have to 'trick' somebody." Security experts maintain that an exploit is loose in the wild, meaning that there is evidence that an attacker has already used the exploit code to conduct attacks on unsuspecting users. Miller said that Microsoft suspects that the code has been used in targeted attacks. "Somebody in the world knows about this vulnerability. They know how to exploit the vulnerability," said Miller. "This (exploit code) is a money generator. People look to buy this stuff." While Microsoft has provided possible workarounds for the vulnerability, experts advise users to simply apply the patch as soon as possible. "Typically you want to test these updates because you don't want to break anything," said Miller. "I just want to get this thing and deploy it." Security updates are available on the Microsoft Update, Windows Update and office Update sections of the Microsoft Download Center.
	Sometimes I lie awake at night, and I ask, "Where have I gone wrong?"/ Then a voice says to me, "This is going to take more than one night." - Charles M. Schulz Software Reviews
trewert	Oct 23 2008, 06:32 PM Post #2
Wanderer in the Fog Posts: 731 Group: Members Member #10 Joined: January 28, 2007	Was it the CAPICOM update?
Dark Knight	Oct 23 2008, 08:58 PM Post #3
Admin Posts: 4,395 Group: Admin Member #1 Joined: January 24, 2007	I'll have to remember to install that tomorrow. Thanks for posting that Speedy.
	I can't wait for the I'm an iPad/I'm a Maxi-Pad commercials
Speedy	Oct 23 2008, 10:32 PM Post #4
Google Whore Posts: 2,767 Group: Admin Member #8 Joined: January 27, 2007	It might be. It's some kind of flaw that allows for remote takeover. Here's another link. http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=211600270 Edited by Speedy, Oct 23 2008, 10:32 PM.
	Sometimes I lie awake at night, and I ask, "Where have I gone wrong?"/ Then a voice says to me, "This is going to take more than one night." - Charles M. Schulz Software Reviews
Corum	Oct 27 2008, 10:19 AM Post #5
Sphincter Posts: 125 Group: Members Member #33 Joined: November 2, 2007	What? Mircrosoft has security flaws? I did not know that. Thanks for the info, Speedy. I haven't seen this anywhere else.
1 user reading this topic (1 Guest and 0 Anonymous)

« Previous Topic · Microsoft · Next Topic »

Speedy's Software Reviews     Software Review Discussion         The Fabled Lands Project     Computer and Networking Help     Linux+ Exam Technology Chat     General Technology Articles and Discussions         Microsoft         Apple         Linux     The Game Room General     The Cafe Go