Subscribe to this blog
I urge you to install this superpatch as soon as possible. Here's why: Last month, I reported that the lag time between the release of a patch and when crackers come up with code to exploit the hole has shrunk dramatically (see "Worms Come Faster: Are You at Risk?"). Two of the critical holes illustrate this trend.
The recent Sasser worm, created in less than two weeks, employs one of the six critical holes to infect PCs. Users reported that their systems were rebooting unexpectedly after infection. The hole is in a part of Windows XP and 2000 called the Local Security Authority Subsystem Service, or LSASS, which verifies who should be allowed to use your PC locally and, in some cases, remotely over the Internet (see "Sasser Infections Hit Hard" for details). What makes Sasser and its variants so worrisome is that you don't have to do anything, such as click a link, to be infected. Merely failing to protect yourself in the first place puts you in harm's way.
Microsoft has also patched a weakness in its version of Secure Sockets Layer, or SSL--the main technology that is used to keep online transactions private. Crackers took less than a week to create exploitative code based on the patch. Again, you don't have to click anything to unleash the attack. In fact, you don't even have to be in the middle of an online transaction.
So far, only a small number of "break-ins" have occurred (see "Attack Code Targets Windows"). But it's only a matter of time before someone attaches the attack code to a worm.
Jump to Microsoft Security Bulletin MS04-0118 to grab Microsoft's big patch. This is a case where the early bird just may be lucky enough not to get a worm.
However, as if Sasser and the other threats weren't bad enough, there's a problem with the big patch itself: Some Windows 2000 users have had trouble logging onto their machines after installing the update. Visit Microsoft Knowledge Base Article - 841382 for a link to Microsoft's hot fix--and for specifics on when you should apply it.
