[Previous entry: "Why buy free software?"] [Main Index] [Next entry: "New exploits"]

02/16/2004 Archived Entry: "Critical Windows patch"

Windows NT/2000/XP/2003 users: If you have not yet applied Microsoft's MS04-007 patch, do it now. This was last week's "critical" alert. Like last year's Blaster worm, you don't need to open an infected email; merely being connected to the Internet puts your computer at risk. No worms are exploiting this yet, but the Internet Storm Center is reporting an increase in probing activity that may be aimed at this flaw, and suggests that a worm is "probably only days away."

It may be that not all machines are at risk. The vulnerability is in the processing of ASN.1 data, and not all applications use this. But as I can't be sure which do and which don't, I advise all Windows users to get the update. (The vulnerability hasn't been reported for Windows 9x.)

According to eEye Digital Security (as cited by Gibson Research), there are three other unpatched vulnerabilities -- no details given, sensibly -- that have been known to Microsoft for almost six months.

Stay safe.

brad