Computer security experts were grappling with the threat of a newweakness in Microsoftâ€™s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.
The news marks the latest security setback for Microsoft, the worldâ€™s biggest software company, whose Windows operating system is a favourite target for hackers.
â€œThe potential [security threat] is huge,â€ said Mikko HyppÃ¶nen, chief research officer at F-Secure, an antivirus company. â€œItâ€™s probably bigger than for any other vulnerability weâ€™ve seen. Any version of Windows is vulnerable right now.â€
â€œWe havenâ€™t seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability,â€ Mr HyppÃ¶nen said. He said that every Windows system shipped since 1990 contained the flaw.
As you might imagine, the FT article is short on technical details. You can find those details at the Internet Storm Center.
I think it really is telling that one guy in Belgium was able to get a patch out faster than the huge, powerful company that wrote the program and has access to the source code. Hmm.
The patch is for Windows 2000, Windows XP, (SP1 and SP2), Windows 2003.
Note: If you’re still running on Win98/ME, this is a watershed moment: we believe (untested) that your system is vulnerable and there will be no patch from MS. Your mitigation options are very limited. You really need to upgrade.
Well, I still have an old laptop runing Windows 98. Maybe I’ll switch it over to Windows 3.1.
My main computer runs Linux. If you don’t want to worry about this sort of thing, use Linux. (Or Mac, or BSD, or …)