Sunday, October 26, 2008

Emergency Patch released by Microsoft

Microsoft Says Windows Flaw Could Bring Worm Attack

Microsoft fixed a critical bug in its Windows operating system Thursday, saying that it is being exploited by online criminals and that it could eventually be used in a widespread "worm" attack.

Microsoft took the unusual step of issuing an emergency patch for the flaw, several weeks ahead of its regularly scheduled November security updates, saying that it is being exploited in "limited targeted attacks."

Please refer here to read full article on CIO.

I quote from Microsoft's Security Vulnerability Research & Defense website:

Most perimeter firewalls will block exploit attempts from outside your organization

If you are behind a perimeter firewall that filters inbound connections to TCP ports 139 and 445, you will not be reachable from the Internet. This is a common home user scenario. In this scenario, only the machines in your local LAN will have the ability to exploit this vulnerability.

This basically means, if you have strong filtration at firewall you are still safe from this exploit but this doesn't mean we should take vulnerability easy. I recommend all my readers and especially home users to deploy this patch as soon as possible.

More useful links can be found on Roger Halbheer's blog.

No comments: