[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

Over 100 leftist groups organize coalition to rebuild morale and resist MAGA after Trump win

Mainstream Media Cries Foul Over Musk Meeting With Iran Ambassador...On Peace

Vaccine Stocks Slide Further After Trump Taps RFK Jr. To Lead HHS; CNN Outraged

Do Trump’s picks Rubio, Huckabee signal his approval of West Bank annexation?

Pac-Man

Barron Trump

Big Pharma-Sponsored Vaccinologist Finally Admits mRNA Shots Are Killing Millions

US fiscal year 2025 opens with a staggering $257 billion October deficit$3 trillion annual pace.

His brain has been damaged by American processed food.

Iran willing to resolve doubts about its atomic programme with IAEA

FBI Official Who Oversaw J6 Pipe Bomb Probe Lied About Receiving 'Corrupted' Evidence “We have complete data. Not complete, because there’s some data that was corrupted by one of the providers—not purposely by them, right,” former FBI official Steven D’Antuono told the House Judiciary Committee in a

Musk’s DOGE Takes To X To Crowdsource Talent: ‘80+ Hours Per Week,’

Female Bodybuilders vs. 16 Year Old Farmers

Whoopi Goldberg announces she is joining women in their sex abstinence

Musk secretly met with Iran's UN envoy NYT

D.O.G.E. To have a leaderboard of most wasteful government spending

In Most U.S. Cities, Social Security Payments Last Married Couples Just 19 Days Or Less

Another major healthcare provider files for Chapter 11 bankruptcy

The Ukrainians have put Tulsi Gabbard on their Myrotvorets kill list

Sen. Johnson unveils photo of Biden-appointed crossdressers after reporters rage over Gaetz nomination

sted on: Nov 15 07:56 'WE WOULD LOSE' War with Iran: Col. Lawrence Wilkerson

Israeli minister says Palestinians should have no voting or land rights

The Case For Radical Changes In US National Defense: Col. Douglas Macgregor

Biden's Regulations Legacy Costs Taxpayers $1.8 Trillion, 800 Times Larger than Trumps

Israeli Soldiers are BUSTED!

Al Sharpton and MSNBC Caught in Major Journalism Ethics Fail in Accepting Kamala's Campaign Money

ABC News in panic mode to balance The View after anti-Trump panel misses voter sentiment

The Latest Biden Tax Bomb

Republicans Pass New Anti-Woke Law: Ohio Senate Bans Transgender from Womens School Bathrooms

Gaetz, who would oversee US prisons as attorney general, thinks El Salvador’s hardline lockups are a model


Science/Tech
See other Science/Tech Articles

Title: Homeland Security: Apply MS06-040 Patch
Source: eWeek.com
URL Source: http://www.eweek.com/article2/0,1895,2001412,00.asp
Published: Aug 9, 2006
Author: Ryan Naraine
Post Date: 2006-08-12 21:27:35 by Red Jones
Keywords: None
Views: 160
Comments: 8

Homeland Security: Apply MS06-040 Patch

August 9, 2006

By Ryan Naraine

Less than 24 hours after Microsoft shipped security fixes for 23 serious software vulnerabilities, the U.S. government's Department of Homeland Security issued a firm notice to Windows users: immediately apply the patches in the MS06-040 bulletin.

In a somewhat unusual move, the DHS warned that the patches cover a remote code execution vulnerability that could be used in a network worm attack similar to Blaster, Slammer of Sasser.

"Windows users are encouraged to avoid delay in applying this security patch. Attempts to exploit vulnerabilities in operating systems routinely occur within 24 hours of the release of a security patch," the agency said in an public advisory.

The department warned that a successful attack could be launched remotely to take control of an affected system and install programs, view, change or delete data, and create new accounts with full user rights.

Read more here about Microsoft's efforts to patch a vulnerability.

"This vulnerability could impact government systems, private industry and critical infrastructure, as well as individual and home users," the DHS added.

The DHS recommended that home users opt for Microsoft's Windows Update to automatically download and apply all the appropriate security fixes.

The MS06-040 bulletin addresses a buffer overflow in Server Service, which is used to provide RPC (remote procedure call) support, file print support and named pipe sharing over a network.

Because the flaw presents a remote, unauthenticated attack vector, an anonymous attacker could send specially rigged network packets over the Internet to launch malicious code on vulnerable systems.

To read more about the Sasser worm, click here.

A worm attack exploiting this bug would affect unpatched versions of Windows 2000, Windows XP (SP1 and SP2) and Windows Server 2003 (SP1 inclusive).

The use of the built-in Internet Connection Firewall in Windows XP and Windows Server 2003 would help block network-based attempts to exploit the vulnerability.

Microsoft also recommends that TCP ports 139 and 445 be blocked at the firewall.

The US-CERT (U.S. Computer Emergency Readiness Team) has already warned that the flaw has been used in active attacks, even before Microsoft released the patch.

Immunity, a Miami-based security company that sells penetrating testing tools, on Aug. 9 released proof-of-concept exploits for MS06-040 to customers in its Partner Program.

Check out http://eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at http://eWEEK.com Security Center Editor Larry Seltzer's Weblog.

Copyright (c) 2006 Ziff Davis Media Inc. All Rights Reserved.

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: Neil McIver (#0)

we'd appreciate your expert advice. I know what you'll say - use Linux.

Red Jones  posted on  2006-08-12   21:32:16 ET  Reply   Trace   Private Reply  


#2. To: All (#0)

I guess there's several links on the source url that helps you update your computer. I think all Windows users should do this. at least according to the article.

Red Jones  posted on  2006-08-12   21:34:57 ET  Reply   Trace   Private Reply  


#3. To: Red Jones (#2)

I think all Windows users should do this. at least according to the article.

Could be legit.. But then again, with Homeland Security telling us to do it.... Kinda makes me wonder. Will this "patch" give NSA easier access to our puters?

Surgeon General's Warning: Society's problems must be solved. We have the solutions and you must buy them from us. No unauthorized solutions will be permitted.

Le Liban Restera

innieway  posted on  2006-08-12   21:47:19 ET  Reply   Trace   Private Reply  


#4. To: All (#0)

here's a related article:

http://www.hackinthebox.org/modu les.php?op=modload&name=News&file=article&sid=20938

The 'big one' is coming. A major worm attack is just days away. It's no drill, say the security experts. As the spotlight on a dangerous Windows vulnerability grows brighter by the hour, security analysts Thursday said that it's not hype driving the alarms, but genuine fear that a major worm attack is just days away. "This is no drill," said Mike Murray, director of research at vulnerability management vendor nCircle. "And no, this isn't an overreaction. We've always said that some day there would be another big, serious vulnerability. "Well, this is the one."

Red Jones  posted on  2006-08-12   21:52:22 ET  Reply   Trace   Private Reply  


#5. To: Red Jones. all WinBlows users here (#4)

Mine is set to Auto-Update, so I guess/hope/hate that I will get this one.

Good luck, everyone.

Please Wake Up Before It's Eternally too Late

Lod  posted on  2006-08-12   22:06:09 ET  Reply   Trace   Private Reply  


#6. To: Red Jones (#0)

Well MS again pokes their customers in the eye. Not only do they write bug prone software but then they have the nerve to require you to use their "update" that calls home to make sure you have a legitamte copy of XP. If you turn this update off by not letting it call home then the Windows update site will no longer work for you. I have had it with MS!!! I am installing Linux ASAP.

God is always good!
"It was an interesting day." - President Bush, recalling 9/11 [White House, 1/5/02]

RickyJ  posted on  2006-08-12   22:31:54 ET  Reply   Trace   Private Reply  


#7. To: Red Jones (#4)

Well like a good little servant of the republic I just downloaded the update directly and installed it. I don't really have time to figure out if it is really needed or not, I plan on using Linux to connect to the Internet from now on though.

God is always good!
"It was an interesting day." - President Bush, recalling 9/11 [White House, 1/5/02]

RickyJ  posted on  2006-08-12   22:43:34 ET  Reply   Trace   Private Reply  


#8. To: Red Jones (#1)

we'd appreciate your expert advice. I know what you'll say - use Linux

Sounds like you don´t really need my expert advice! ;^)

Pinguinite.com

Neil McIver  posted on  2006-08-12   23:29:13 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]