Friday, October 24, 2008

Comments on the news, this one's NOT overblown 

Run Windows Update.

Microsoft released a "Critical" security patch to fix a problem in which any computer running Windows file sharing can be completely taken over with no action on your part.

It's less of a worry if you're running Vista, and normal firewalling will stop the attack. But it's still a big concern.

When the news broke, I advised clients that before long there would be automated attack programs that unskilled attackers could use, and that attackers would use the new attack to spread infections after getting a toehold by other means.

Both have already happened. There's already a self-reproducing "worm" program taking advantage of the security weakness. It's being introduced behind people's firewalls by the usual sort of trickery, but then once it's on one machine it copies itself to the others on the network.

It's a little more complicated than that, but now you have the gist.

If you use a laptop on the road, make sure you've got a firewall program running on it and that it's set to block Windows file sharing, or turn off file sharing altogether in the Control Panel.


This page is powered by Blogger. Isn't yours?