Security Flaw in Windows Leaves Millions at Risk

Wiz Feinberg · Post by **Wiz Feinberg** » 12 Aug 2006 11:10 am

Aug. 11, 2006 - - The Department of Homeland Security released a statement Wednesday advising Windows PC owners across the nation to update their computers or face an imminent potential attack from hackers.

"The Department of Homeland Security is recommending that Windows Operating Systems users apply Microsoft security patch MS06-040 as quickly as possible," the statement read. "This security patch is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an affected system."

Mike Murray, director of vulnerability research at the security firm nCircle, said the fact that DHS made this urgent plea is evidence that the threat is real.

"They realize that of all the vulnerabilities that have come out in the last year or two, this is definitely the most severe and the most likely to be attacked," he said.
<center>--------------------------------------------</center>
If you installed the Windows Updates released on August 8, 2006 you already got the patch for that vulnerability. If you do manual updates you are at risk. Be sure you are behind a firewall that blocks incoming TCP on Ports 139 and 445, until you can download and apply the MS patch. This exploit is similar to the MSBlast Worm of August 2003. It depends on getting into your computer over the wires, via open, unfirewalled, TCP file-sharing ports.
<center>---------------------------------------------</center>
See my FAQs about computer security and firewalls, at: www.wizcrafts.net/faqs.html and www.wizcrafts.net/ans/firewalls.html and www.wizcrafts.net/ans/securing_pcs.html

More details can be found here and here.
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices
[This message was edited by Wiz Feinberg on 13 August 2006 at 08:31 AM.]

Donny Hinson · Post by **Donny Hinson** » 13 Aug 2006 3:15 am

The only Windows update I've been constantly notified about in the past few months is KB905474. It says this is the "Windows Genuine Advantage Notification Tool", purportedly it shuts down your computer if your Windows software isn't "genuine and original".

Wiz Feinberg · Post by **Wiz Feinberg** » 13 Aug 2006 6:29 am

It says this is the "Windows Genuine Advantage Notification Tool", purportedly it shuts down your computer if your Windows software isn't "genuine and original".

It does nothing of the kind. If your copy of Windows XP is pirated you will receive popup notices about it when you login to your account and occasionally while you are using that identity, but it does not shut down your computer (at this point in time). Those notices that you have counterfit Windows software offer a couple of different solutions to make your copy legal.

I have an extensive article about WGA Notifications on my blog.

I posted a followup article in this blog entry.

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices