|
Virus Information SASSER
Worm - High Risk
Several variants of the SASSER worm started to spread/propogate over the weekend. Those worms do NOT propagate via email but rather over the Internet. They exploit a vulnerability in the Windows 2000 and XP operating systems. Vulnerable PCs are those who haven't been patched with the latest Critical Updates and Service Packs posted by Microsoft on April 14th. I circulated an e-mail to that effect on April 14th with the subject "Microsoft issues CRITICAL security updates". If you haven't already done so, please close all your applications right away, run Windows Update and apply all the Critical Updates and Service Packs available there for your system. More information, including a removal tool, is available at http://www.symantec.com/avcenter/venc/data/w32.sasser.c.worm.html Your anti-virus software will NOT protect you from such worms.
Microsoft
Issues CRITICAL Security Updates
Please be advised that yesterday Microsoft released software updates -- three are rated as "CRITICAL" and one as "IMPORTANT" -- targeting more than 20 flaws or vulnerabilities in its Windows operating systems. The 3 CRITICAL updates cover a series of remote access and denial of service-type attacks that could be carried out within various aspects of Windows XP, 2000, NT4, Windows 98 and Server 2003, as well as an update for a flaw in Outlook Express 5.5 and 6. One of the most serious holes takes advantage of a weakness in the "Remote Procedure Call" mechanism -- a part of the operating system designed to allow a program running on one computer to execute code on another computer. Legitimately used, the tool allows desktops to access a network server, or central computer, for files. A flaw in the Microsoft Outlook Express email system could let a hacker seize files on a hard drive, according to Microsoft. The 1 IMPORTANT update affects the same versions of Windows, but plugs a remote code execution hole in the Jet Database Engine. (I don't have a clue what that means but trust that plugging the hole is a good thing.) These latest releases bring the number of updates since Microsoft began releasing its patches on a monthly basis last year to 14. Of these, seven have been identified as critical. None of the new vulnerabilities are being exploited YET but the patch for Outlook Express is cumulative and does include previously published fixes for vulnerabilities that are in the wild. Microsoft advises users to download and install the updates IMMEDIATELY! More information is available on the Microsoft site at this pinpoint URL:
back to Technology Content Index
Events
Calendar What's
New
|
|