new microsoft patch
 

You need to download it.

http://news.bbc.co.uk/1/hi/technology/3477899.stm

Microsoft has warned that a "critical" flaw in the latest versions of its Windows operating system could leave computers vulnerable to hackers.
The flaw affects systems running Windows NT, Windows 2000, Windows XP or Windows Server 2003 software.

It has urged all home users and firms to download a software repairing patch free from its website to fix it.

The flaw was found by a net security firm in July 2003. Microsoft announced it in its monthly security bulletin.

'Extremely deep problem'

Experts have warned that if home users and companies with these operating systems do not download the fix, hackers could, in theory, break into computers and take files, delete or steal valuable data, or snoop on what that user is doing.

It could also leave systems open to worm and virus threats.

"It does affect all [current] versions of Windows," said Stephen Toulouse, security program manager for Microsoft's Security Response Center.

He added the problem was "an extremely deep and pervasive technology in Windows" which affects the language standard that computers use to communicate with each other.

Marc Maiffret of US company eEye Digital Security, who informed Microsoft of the vulnerability over six months ago, has criticised Microsoft for taking so long to come up with a patch to fix it.

"This is one of the most serious Microsoft vulnerabilities ever released," said Mr Maiffret.

"The breadth of systems affected is probably the largest ever." He added that, unusually, even the most secure Windows networks would be vulnerable.

But Sal Viveros, security expert with McAfee Security, told BBC News Online this delay was standard practice within the industry.

"Typically if someone identifies a flaw, they give the vendor a certain amount of time to fix it. If people don't know about it, virus writers are less likely to write something to take advantage of it."

If Microsoft had announced the flaw without having a fix for it, the potential damage would have been much much worse, he added.

Steven Philippsohn, who chairs a government fraud and cybercrime panel, said the delay could be a headache for Microsoft.

"I have no doubt that if manufacturers in cases like this know about a flaw in their system and don't inform at earliest opportunity possible, they could be liable for losses," Mr Philippsohn told BBC News Online.

"It has been made more serious by the fact Microsoft have accepted that they were told about the flaw months ago.

"If a company can prove they suffered losses because of this, they have a good chance of making a claim," he said.

Microsoft said it took months because it wanted to ensure a single patch solved any related problems.

Open to worms

According to security experts, many home users are not aware they should fix flaws and download patches when they are identified.

This leaves computers vulnerable to attack from malicious software. Historically, Mr Viveros said, net security firms have seen an increase in mass-mailing worm and virus attacks which try to take advantage of unpatched systems after flaws are discovered.

"There is no evidence that the recent worms [Mydoom and its variants] took advantage of this flaw," he said.

"But historically, what we have seen is that computer users do not patch their systems, which is why we continue to see such worm attacks."

He urged computer users to download the patch and to make sure they keep anti-virus software and firewalls up-to-date.

Already did :)

whats fucked up is it took them 200 days to come out with the patch

http://story.news.yahoo.com/news?tmp...h_microsoft_dc

Microsoft Warns: Critical Flaw in Windows

SEATTLE/SAN FRANCISCO (Reuters) - Microsoft Corp. (Nasdaq:MSFT - news) said on Tuesday a "critical" flaw in most versions of its flagship Windows operating system could allow hackers to break into personal computers and snoop on sensitive data.



Although no computers were reported to have been compromised, the world's largest software maker warned that Windows NT, Windows 2000 (news - web sites), Windows XP (news - web sites) and Windows Server 2003 were at risk. Microsoft announced the flaw in its monthly security bulletin.


The company offered software updates to fix the software flaw, which it assigned its most severe rating of "critical."


"It does affect all (current) versions of Windows," said Stephen Toulouse, security program manager for Microsoft's Security Response Center. "We're not aware of anyone affected by this at this time."


Marc Maiffret, co-founder of eEye Digital Security, the company that discovered the flaw, criticized Microsoft for taking more than six months to come up with a patch to fix the problem.


The flaw could allow a hacker to break into a computer running Microsoft's Windows operating system in several ways and then use the compromised machine to run malicious programs and steal or delete key data, Maiffret and other experts said.


Last year Microsoft adopted a new monthly patch release program, which it said would let customers more easily apply software fixes for security bugs.


"We contacted Microsoft about these vulnerabilities 200 days ago, which is insane," he said. "Even the most secure Windows networks are going to be vulnerable to this flaw, which is very unique."


Microsoft's Toulouse said the company needed time to make sure it got the fix right, especially given how pervasive the vulnerability is in the software.


"We wanted to make absolutely sure we were doing as broad an investigation as possible," he said.


Windows users can download the patch for the vulnerability from http://www.microsoft.com/security.


WINDOWS UPDATE


"The obvious steps to take are to run Windows Update and install the patches to fix the vulnerabilities as soon as possible," said Craig Schmugar, a virus research manager at Network Associates Inc.'s (NYSE:NET - news) McAfee anti-virus unit.


The latest fixes for Microsoft's software are unrelated to the recent virus attacks called MyDoom and its variants, Schmugar said.


Microsoft also released a critical update a week ago, ahead of Tuesday's scheduled release, to fix a patch in its Explorer Web browser that could make PCs vulnerable to attackers.


In addition, Microsoft announced a mid-grade security warning for the latest version of its server products for networked computers.


Two years ago, the Redmond, Washington-based company pledged to make its software products more secure and reliable under an initiative, dubbed "Trustworthy Computing" by Chairman Bill Gates (news - web sites).





But computers running the company's software have been hit by several high-profile attacks since, such as the SQL Slammer, Nimda and SoBig attacks.

On Monday, a new worm called "Doomjuice," an offshoot of the MyDoom worm, emerged, which used personal computers compromised by the original MyDoom worm to attack and attempt to hobble parts of Microsoft's Web site, according to security experts.

The MyDoom worm, as well as its variant MyDoom.B, were designed to entice e-mail recipients to click open an attachment, which then installed malicious software on a personal computer. The worms instructed infected PCs to flood the Web sites of the SCO Group Inc. (Nasdaq:SCOX - news) and Microsoft in an effort to shut them down.

Sad thing is, eEye, the security company that finds all these Microsoft security holes probably knows about 20 of other vulns that they can't talk about because Microshit is trying to code a patch that doesn't break a million other things.

Friends don't let friends use Microsoft!
http://www.apple.com

Already downloaded it. :)

Got it last night.

I was sent an email by Windows Administrator regarding the critical windows update so I downloaded it and installed it on all my computers and servers. I'm fine! :thumbsup