Newly discovered vulnerabilities in Microsoft Windows raise possibility of new attacks

11 September 2003

Three new vulnerabilities affecting Microsoft Windows were identified by Microsoft on 10 September 2003 in Microsoft Security Bulletin MS03-039. Systems affected by these vulnerabilities are:

We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.

Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.

The announcement from Microsoft reports three vulnerabilities that could allow a hacker to remotely take over an infected computer or to cause a denial of service. These vulnerabilities are similar to the one exploited by the W32/Msblast worms that wreaked havok on Windows users throughout August. The same ports are affected and the potential for damage is similar. It is therefore considered likely that a virus exploiting these vulnerabilities will appear in the near future.

Users should patch against this vulnerability by updating their systems:

  1. Go to the Windows Update page.

  2. Click on "Scan for updates" and wait while your computer scans for updates.
  3. Once critical updates have been found click on"Review and install updates":

  4. Make sure that security update KB824146 is on the list of selected updates.
  5. Click on the "Install Now" button.
  6. Review the Terms and Conditions and select "Accept".
Windows will now install all critical updates.

Microsoft has released a Security Bulletin MS03-039 describing these vulnerabilities and an end-user version detailing the bulletins main points. This Security Bulletin supersedes Security Bulletin MS03-026 and includes the fix for the security vulnerability discussed in MS03-026, as well as the three newly discovered vulnerabilities.

Detailed information on this issue and the patch can be found in Microsoft Knowledge Base Article 824146. More information can also be found in CERT Advisory CA-2003-23.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

2014 © CYREN · Privacy Statement