| By Susan Bradley |
I feel like telling everyone to print out today’s Windows Secrets Newsletter and read it while you’re deploying this month’s patches.
Not only do we have a busy patch month, but the very first patch has many in the industry thinking that we might see a full-scale, MSBLAST-like incident again.
Top priority: install the 921883 Patch
Our first patch of August, MS06-040, looks to turn this summer into potentially a repeat of 2003. You may recall that MSBLAST that year created havoc on the Internet in less than a month. (For those who need a refresher on this infamous vulnerability, my SBSLinks Web site charts the worm, which hit the Web only 26 days after Microsoft released MS03-026.)
This year, the flaw is equally bad but the problem is much worse. Exploit code is already out on the Web. US-CERT, the government computer warning entity, indicates on its site that the exploit has already been used in targeted attacks on specific companies.
The server service that’s involved, which is also called by RPC, is heavily used in both corporate and home networks. Basic file and printer sharing is dependent on this process. Even if you have an external firewall that will keep port scans out, once this critter gets inside your network it will potentially run wild.
When I began to do my initial patch testing on a server and a workstation, I was surprised to see an additional warning from Microsoft in bright red type. This very much highlights the urgency of this patch. You can see in Figure 1 the warning displayed in Microsoft Update for Windows XP. Figure 2 displays the warning for Windows Server 2003.
Figure 1: The red warning to install MS06-040 on Windows XP.
Figure 2: The red warning on Windows Server 2003.
If you’re running Windows 2000, due to its weaker security platform, I would make installing this patch even more of a priority. While industry pundits like Dave Aitelare predicting that Windows 2000 will be an easy target, Windows 2003 and XP SP2 are expected to become targets as well.