Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Find a Review
Dads & Grads Gift Guide Audio & Video Business Center Cameras Cell Phones & PDAs Communications Components & Upgrading Desktop PCs DVD & Hard Drives Gaming Hardware & Software HDTV Laptops Macs & iPods Monitors Printers Spyware & Security The PCW Test Center Windows Vista & XP
Resource Centers
Asus Notebook Center
CDW Solution Center
HP Ink Center
Intel Technology Center
Lenovo Laptop Showcase
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Free Newsletters
Receive the latest reviews, how-to's, news, and more.
Weekly Brief
Daily Downloads
Daily Technology News
Go
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
RSS Feeds
Get our latest content via convenient RSS feeds.
Latest News
Today @ PC World
Become a PCW Member
Join the community and start enjoying the benefits:
  • Get tech advice from thousands of PC World Members
  • Rate and recommend the latest tech products
  • Share your thoughts in blog and article comments
  • Get free excerpts and exclusive discounts on Super Guides
Signing up is free and easy.
Read More About: Windows BugsViruses & WormsNetwork Security

Microsoft Warns of Dial-Up Bug

If you haven't updated Windows recently, your PC could be vulnerable.

Robert McMillan, IDG News Service

Monday, June 26, 2006 4:00 PM PDT
Recommend this story?
Yes
No

Microsoft is warning users about malicious software that could be used to attack Windows systems not protected by the company's latest security updates.

The exploit code targets a vulnerability in the Remote Access Connection Manager (RASMAN) service, which Windows uses to create network connections over the telephone. Microsoft rates the bug, which was patched on June 13, as critical, the most severe rating available.

Hackers published the code on Web sites late last week, and it is now included in Metasploit, a hacking toolkit that both security researchers and criminals use.

The malicious software is less dangerous than it might have been. Most firewalls will block it, and it requires that the hacker be authenticated on the computer before it will work.

Older Windows Versions More Susceptible

Windows 2000 and Windows XP Service Pack 1 users need to be especially wary, however, because they could be victimized by particularly nasty attacks that do not require authentication, Microsoft said.

"The current exploit code...requires authentication, but the underlying vulnerability does not," said Stephen Toulouse, a security program manager with Microsoft's security response center.

For any attack to work on the latest versions of other Windows systems, such as XP or Windows Server 2003, the attacker would have to be able to log on to the victim's machine, Microsoft said.

Hackers are likely to use the malicious software in criminal attacks now that it is in Metasploit, said Ken Williams, director of vulnerability research with CA Inc.

Dial-up Patch Problems

Complicating matters is the fact that some dial-up users have been having problems with the patch.

Computers that use Window's dial-up scripting or terminal windows to make connections may find that their dial-up connections no longer work, according to Microsoft's alert.

Users who cannot install the patch immediately should disable the RASMAN service, Microsoft said.

Over the past two weeks, Microsoft has been contending with a number of unpatched vulnerabilities in its Office and Excel software as well. Microsoft hasn't yet patched the bugs, but it said late last week that one of them should be patched in the company's next round of security updates, due July 11.

Here is the text of Microsoft's advisory on the malicious code.


Recommend this story?
Yes
No
Related Searches: microsoft microsoft windows bug windows bug dialup bug dialup windows bug

Comments
Related Content
Latest News
EDS Buy Could Give HP Edge Over Dell, Analysts Say
Hewlett-Packard's acquisition of Electronic Data Systems won't hurt Dell in the next few years, but it could affect Dell's... 16-May-2008
Microsoft Pulls Windows Home Server Backup Feature
Microsoft confirms that it has yanked parts of a backup feature from a major upgrade to its Windows Home Server. 16-May-2008
HP Confirms XP SP3 Endless Reboot Snafu, Promises Patch
HP confirms that some users of its AMD-based desktops have had problems after installing Windows XP Service Pack 3. 16-May-2008
Say Goodbye to Muni-Fi
The days of imagining Wi-Fi blanketing a city are over with the exit of the last major municipally focused Wi-Fi service provider. 16-May-2008
Microsoft: Don't Misunderstand UAC, Other Vista Features
In its continued attempt to convince business customers to adopt Vista, Microsoft has outlined and tried to explain some of... 16-May-2008
Sony Reveals 2008-2009 PlayStation Software List
Sony Friday revealed a list of 15 upcoming games for the PlayStation 3, PS2 and PSP. 16-May-2008
HP-EDS Buy, Icahn Strikes Again, China Quakes
This was a big IT news week, with the massive earthquake in China on Monday showing once again the role that the Internet... 16-May-2008
Universal Battery Charger Debuts for Apple Laptops
FastMac on Friday announced its new U-Charge. It's a universal battery charger for Apple laptops and it costs US$69.95; it... 16-May-2008
Optimizing Windows on Your Mac
The June 2008 issue of Macworld includes a feature article on running Windows on your Mac--and how to do it in the most... 16-May-2008
Review: TapDex 3.3.2
Apple's Address Book utility is a handy place to store information for your contacts, especially since it integrates so well... 16-May-2008

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)