Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Microsoft Alerts of Flaw in Windows Server, Rating it as ‘Critical’

Microsoft is warning via its security bulletin updated to MS08-001 that its new Windows Small Business Server is critically vulnerable to a flaw in Windows' networking program. The bug also affects operating systems Vista and Windows XP.

Supported versions of Windows Home Server and Windows Small Business Server 2003 are affected with the same code contained in Windows Server 2003. The bulletin rated the security risk to Windows Server 2003 as "important", which is the second top rating within the four-stage scoring system of Microsoft. But the software developer later rated it as "critical" for Windows Small Business Server and Windows Home Server.

According to Microsoft, the flaw in Windows Server 2003 is 'important' meaning that an attacker would find it more difficult to turn the flaw to his advantage on this operating software. However, security professionals are observing this particular vulnerability with interest as attackers could exploit it to launch attack with a worm that multiplies on its own.

However, Windows Home Server and Windows Small Business Server have by default Internet Group Management Protocol (IGMP) enabled, as a result, the operating systems are at greater risk to the vulnerability in question.

According to Microsoft, it is possible to exploit the vulnerability by delivering malicious data to unwitting users whose computers could be infected with malware or be under others' control. In just ten days that Microsoft released its initial patches, researchers produced proof of concept code, saying that the software company was wrong to consider it too difficult to design an attack code.

Although there has been no instance of exploitation of the flaw through online attacks, in the third week of January 2008, researchers at Immunity, the software vendor for penetration testing, provided a sample exploit for its customers. While that software could cause a system without patches to crash, the company is working on a code for allowing installation of unauthorized software onto a victim's system.

Owners of Windows Home Server have been provided the security patch via its update mechanism and Microsoft is strongly advising its customers to update in order to keep their systems secured.

Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails

» SPAMfighter News - 2/7/2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next