Windows security flaw could lead to another worm
Associated Press
WASHINGTON — Moments before a top Microsoft executive told Congress about efforts to improve security, the company warned computer users Wednesday of new flaws that leave its flagship Windows software vulnerable to Internet attacks similar to the Blaster virus that infected hundreds of millions of computers last month.
Microsoft urged customers to immediately apply a free repairing patch from its Web site, www.microsoft.com.
The company cautioned that hackers could seize control over a victim’s computer by attacking these flaws, which affect a Windows technology that allows computers to communicate with others across a network.
“We definitely want people to apply this one,” said Jeff Jones, Microsoft’s senior director for trustworthy computing. Outside researchers and Microsoft’s own internal reviews discovered the new flaws after the Blaster infection, he said.
Outside experts said some flaws were nearly identical to problems exploited by the Blaster worm, which spread last month with devastating damage. Computer users who applied an earlier patch in July to protect themselves still must install the new patch from Microsoft.
“They’re as close as you can be without being the same,” said Marc Maiffret, an executive at eEye Digital Security Inc. of Aliso Viejo, Calif., one of three research groups credited with discovering some of the new problems. “It’s definitely a big oversight on Microsoft’s part that they missed these.”
Maiffret speculated that because of the similarities, hackers could launch attacks against unprotected systems as early as day’s end.
“It’s going to be trivial,” he said. “This is an instant replay of a few weeks ago.”
A vice president at Network Associates Inc., Robin Matlock, agreed that corporations, government agencies and home users will race the clock before the next attack.
“Without a doubt, this is a nasty vulnerability. It could easily be exploited,” she said. “Administrators are under more pressure here to move quickly.”
The disclosure by Microsoft came moments before its senior security strategist, Phil Reitinger, told lawmakers on the House Government Reform technology subcommittee about the company’s efforts to help consumers defend themselves against viruses and other Internet attacks.
“Microsoft is committed to continuing to strengthen our software to make it less vulnerable to attack,” said Reitinger, a former deputy chief in the Justice Department’s cyber-crime division. Still, he acknowledged, “There is no such thing as completely secure software.”
More Stories
Meet the Team
Oracle EditorProfile
USF gives it away in Memphis 34-33
At the half, a 14-point lead meant USF was on track to win its first conference game in over a calendar year. That energy was kept up even with under five minutes to go when the Bulls were up 33-20. Then USF watched as its lead went from comfortable, to slim, to nonexistent in the […]
Club teams missing competition, friendship due to COVID-19
Under normal circumstances, Grant Nolder, president of the USF flag football team would be preparing for the club’s biggest competition of the year, the Swamp Bowl. The annual tournament, hosted at UF, typically takes place during the fall semester and features some of the best club flag football teams in the country. Winners of the […]
Bulls battle with ECU in OT win
Coach Brian Gregory said Tuesday the Bulls didn’t play complete, 40-minute games in their two losses last week. It’s debatable if they did Wednesday night against East Carolina (11-18, 5-11) at the Yuengling Center, but it was more than enough to put up a 73-68 overtime win. “It’s funny. There were stretches where we played […]
First SG scholarship rewards student leaders
Student Government (SG) launched the first-of-its-kind, merit-based scholarship to students Nov. 5 on USF’s Tampa campus. As a part of Student Body President Britney Deas and Student Body Vice President Travis McCloskey’s platform, Bull S.H.I.F.T., — Success, Health, Innovation, Finance and Tradition — the SG’s Student Leadership Scholarship consists of two merit-based scholarships which will […]
On-campus Jabil institute sparks anticipation from students
A plan drafted on a bar napkin two years ago has now become the USF Jabil Innovation Institute, a multi-million dollar institute combining the College of Engineering and the Muma College of Business. Senior Vice President of Advancement and CEO of the USF Foundation Joel Momberg and Jabil CEO Mark Mondello jotted the idea down […]