Different River

”You can never step in the same river twice.” –Heraclitus

January 3, 2006

Serious Windows Security Vulnerability

Filed under: — Different River @ 3:00 am

Matt Drudge is red-lining an article in the Financial Times reporting:

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.

The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers.

“The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”

“We haven’t seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability,” Mr Hyppönen said. He said that every Windows system shipped since 1990 contained the flaw.

As you might imagine, the FT article is short on technical details. You can find those details at the Internet Storm Center.

Microsoft does not have a patch available. But, Ilfak Guilfanov, a Russian programmer in Belgium, wrote a patch himself. Download it, and get instructions, here.

I think it really is telling that one guy in Belgium was able to get a patch out faster than the huge, powerful company that wrote the program and has access to the source code. Hmm.

The patch is for Windows 2000, Windows XP, (SP1 and SP2), Windows 2003.

ISC says:

Note: If you’re still running on Win98/ME, this is a watershed moment: we believe (untested) that your system is vulnerable and there will be no patch from MS. Your mitigation options are very limited. You really need to upgrade.

Well, I still have an old laptop runing Windows 98. Maybe I’ll switch it over to Windows 3.1. ;-)

My main computer runs Linux. If you don’t want to worry about this sort of thing, use Linux. (Or Mac, or BSD, or …)

Leave a Reply

Powered by WordPress