|
 |
| Virus Warnings / Patches |
Risk |
Virus Name |
Date Discoverd |
|
|
|
Microsoft Release of Service Pack 2 Doesn't Go As Planned. Only a few hours after home users started securing their computers with an update for Windows XP, security experts found ways around it. Discoveries made by two security firms show that some holes have been left open.
BBC News reports, the bug Microsoft is looking into lets malicious programs hide as images that automatically install and then run when Windows is re-started.
"Given the significant amount of user action required to execute an attack, Microsoft does not consider this to be a high risk for customers," said Paul Randle, head of all things XP at Microsoft UK.
Smooth Sailing for SP2… So far. On the other hand, NetworkWorldFusion sees less reason for criticism of the latest XP service pack.
"We have seen fewer problems than expected and not anything major," says Russ Cooper, moderator of the NT BugTraq Web site and senior scientist for TruSecure. He says preliminary results of his online survey of more than 600 people show 43% of users plan to deploy the software in the next 30 days or less and 25% in the next three months, while 14% were undecided.
"If I am upset about anything it is the fact that Microsoft did make what I consider to be significant last-minute [code] changes in the final days and weeks without providing even those with extraordinary access [to source code] the ability to test their applications," says Jeff Altman, president of Secure Endpoints, a consulting firm in New York.
Does Your IT Admin Trust SP2? IT administrators and security experts who had a chance to install, run tests and evaluate the changes Windows XP Service Pack 2 makes to the operating system said last week the upgrade doesn't live up to the spirit of Microsoft's ‘Trustworthy Computing' campaign announced by Bill Gates in January 2002.
Geoff Shively, chief scientist at PivX Corp. a security research and software company, tells eWeek: "Most worms… are poorly written and tested in limited environments. On multiple occasions, we have seen fast-spreading worms fail due to errors in code or simple typos. Installing [Web] and SMTP services by default on Windows XP SP2 workstations could prove risky as malware authors could take advantage of this added functionality in creating more professional-grade threats."
New Flaw With Internet Explorer Affects XP SP2 Also. A recently discovered flaw in IE affects various versions of the browser, including the Windows XP SP2 release, leaving the potential of attack by hackers.
Security firm Secunia describes the flaw as "highly critical". They further recommend that IE users disable Active Scripting until a patch is issued.
WinNetMag.com suggests that Microsoft is downplaying the risks. "Given the significant amount of user action required to execute an attack, Microsoft does not consider this to be a high risk for customers," a Microsoft representative said, noting that the company was still investigating.
Campus Headache From XP SP2. Microsoft's decision to release a major upgrade for Windows in the same month that hundred of thousands of students are reporting to college campuses is causing major headaches, according to SecurityFocus.
"The timing is extremely unfortunate," said Anne Agee, deputy chief information officer at George Mason University. The Fairfax, Va. university is blocking
automatic installation of SP2 on all faculty and staff computers because the update interferes with other software currently in use.
"It wouldn't be so bad if we had gotten this more than a month ago, because at least then we would have had plenty of time to test it and make a decision
about how we want to correct for this," Agee said.
Alan Paller, research director at the SANS Institute in Bethesda, said the backlash from schools is somewhat justified.
"The idea that the technology people at these schools view this update as a threat to their operations is absolutely accurate, as most of these folks consider forced security upgrades a threat to [network] reliability and uptime," he said. "This is really a problem of Microsoft's own design -- not just because of its timing -- but also because they delivered such unsafe computers in the first place."
Enjoy!
Jeremy Muncy
+ The SecurityProNews Team
|
| About SecurityProNews |
 About SecurityProNews
SecurityProNews is updated in real time with vital internet security
alerts, news and in-depth articles for IT Managers. SecurityProNews
understands that IT Management Begins
With Security.
|
SecurityProNews is brought to you by:
|
|
|
|
|
|
,
Inc. 880 Corporate Drive, Lexington, KY 40503
