http://www.digitalworldtokyo.com/2006/08/microsoft_patchs_sparks_homela.php
Microsoft patch sparks Homeland Security alert 060810_DHS_MS.jpg The U.S. Department of Homeland Security (DHS) warned Wednesday that a recently patched Microsoft Windows vulnerability could put the nation's critical infrastructure at risk. The patch, described in Microsoft Security Bulletin MS06-040, relates to Windows Server services. It was one of 12 updates issued Tuesday, by the software giant, but security experts are particularly concerned with the bug because hackers have already exploited the vulnerability. The vulnerability is described: http://www.microsoft.com/technet/security/Bulletin/ms06-040.mspx. Microsoft is advising customers to give this update priority, said Christopher Budd, a security program manager with Microsoft's security response center. "The top thing that we're trying to help people understand is we want them to take 06-040 and put it at the top of the stack," he said late Tuesday. The DHS statement echoed Microsoft's sentiments warning that the vulnerability "could impact government systems, private industry and critical infrastructure, as well as individual and home users." The statement can be found: http://www.dhs.gov/dhspublic/display?content=5789 Attackers have already started exploiting the vulnerability in a limited manner, Budd said. A sample exploit has been published within Immunity's security testing toolkit and snippets of the malware are beginning to circulate in public, security vendors said. The bug is of particular concern because Windows Server services are generally enabled by default on Windows systems, and a worm based on the flaw could end up being widespread. Windows Server services are used for common network applications like file sharing and printing. The fact that DHS has taken the rare step of warning about MS06-040 underscores the severity of the situation, said Jonathan Bitle, manager of technical accounts with Qualys. But because security conscious companies are blocking the Internet ports used by this malware - ports 139 and 445 - any worm will have a hard time jumping from one corporate network to another, Bitle said. "It will probably be the type of situation where if a worm does come out, it will hit sporadically through different companies where they haven't been able to apply the patches or put the controls in place." [Non-text portions of this message have been removed] -------------------------- Want to discuss this topic? Head on over to our discussion list, [EMAIL PROTECTED] -------------------------- Brooks Isoldi, editor [EMAIL PROTECTED] http://www.intellnet.org Post message: osint@yahoogroups.com Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/