WiFi Finder

Locate wireless services by a specific address, city, state, country, airport, or zip code.

Get Connected Now

RSS Feeds

Get our latest content via convenient RSS feeds.

See All RSS Feeds

Become a PCW Member

Join the community and start enjoying the benefits:

Get tech advice from thousands of PC World Members
Rate and recommend the latest tech products
Share your thoughts in blog and article comments
Get free excerpts and exclusive discounts on Super Guides

Signing up is free and easy.

Latest Microsoft Patch Prompts Government Warning

The Department of Homeland Security says Windows vulnerability could threaten critical infrastructure.

Robert McMillan, IDG News Service

The U.S. Department of Homeland Security warned this week that a recently patched Microsoft Windows vulnerability could put the nation's critical infrastructure at risk.

The patch, described in Microsoft Security Bulletin MS06-040, relates to Windows Server services. It was one of 12 updates issued by the software giant Tuesday, but security experts are particularly concerned with the bug because hackers have already exploited the vulnerability.

The vulnerability is described in Microsoft's security bulletin.

Microsoft is advising customers to give this update priority, said Christopher Budd, a security program manager with Microsoft's security response center. "The top thing that we're trying to help people understand is we want them to take 06-040 and put it at the top of the stack," he said late Tuesday.

DHS Statement

The DHS statement echoed Microsoft's sentiments warning that the vulnerability "could impact government systems, private industry and critical infrastructure, as well as individual and home users." The statement can be found online.

Attackers have already started exploiting the vulnerability in a limited manner, Budd said. A sample exploit has been published within Immunity's security testing toolkit and snippets of the malware are beginning to circulate in public, security vendors said.

The bug is of particular concern because Windows Server services are generally enabled by default on Windows systems, and a worm based on the flaw could end up being widespread. Windows Server services are used for common network applications like file sharing and printing.

The fact that DHS has taken the rare step of warning about MS06-040 underscores the severity of the situation, said Jonathan Bitle, manager of technical accounts with Qualys.

But because security conscious companies are blocking the Internet ports used by this malware--ports 139 and 445--any worm will have a hard time jumping from one corporate network to another, Bitle said. "It will probably be the type of situation where if a worm does come out, it will hit sporadically through different companies where they haven't been able to apply the patches or put the controls in place."

"Latest Microsoft Patch Prompts Government Warning" Comments

Microsoft Office Home and Student 2007

Get the holiday-helping tool for the season. Find great deals now.

Laptop Showcase

Balance Performance and Portability with Lenovo IdeaPads and Thinkpads. Visit the Resource Center.

Featured APC Accessories

APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.