Race is On to Patch Critical Windows Flaw

Tagged: Microsoft Windows, Software
Source: Pcworld - Read the full article
Posted: 4 years 51 weeks ago

Security experts are concerned about the potential impact of a new security hole affecting the Windows operating system. The potential exists to create a worm that would allow an attacker to take complete control of vulnerable systems without any user interaction--a jackpot for malware developers.

This past Tuesday was Microsoft's big patch release day for the month of September. Microsoft released a total of five new Security Bulletins, all of them rated Critical. Microsoft quickly followed the regularly scheduled patch release with a Security Advisory warning of the new unpatched flaw.

The flaw impacts Windows Vista and Windows Server 2008 systems. Windows Server 2008 R2 is not affected, and Microsoft resolved the flaw in the RTM version of Windows 7, but systems using Windows 7 RC are vulnerable as well.

The issue lies in the Windows network file sharing protocol, SMB (server message block). Initial proof-of-concept attacks simply resulted in system crashes- the infamous (or is it notorious?) Blue Screen of Death. However security experts have determined that it is possible to leverage this flaw to execute malicious code remotely on vulnerable systems. Microsoft updated the Security Advisory to acknowledge the potential threat.

Microsoft will certainly be rushing to develop, test, and release a patch for affected systems. That means the clock is ticking and the race is on. Malware developers have a window of opportunity to take advantage of this vulnerability and develop a Conficker-like worm able to spread and infect systems without any user intervention.