Newly discovered vulnerabilities in Microsoft Windows raise possibility of new attacks
Three new vulnerabilities affecting Microsoft Windows were identified by Microsoft on 10 September 2003 in Microsoft Security Bulletin MS03-039. Systems affected by these vulnerabilities are:
- Windows Server 2003
- Windows XP
- Windows 2000
- Windows NT 4
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.
Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.
The announcement from Microsoft reports three vulnerabilities that could allow a hacker to remotely take over an infected computer or to cause a denial of service. These vulnerabilities are similar to the one exploited by the W32/Msblast worms that wreaked havok on Windows users throughout August. The same ports are affected and the potential for damage is similar. It is therefore considered likely that a virus exploiting these vulnerabilities will appear in the near future.
Users should patch against this vulnerability by updating their systems:
- Go to the Windows Update page.
- Click on "Scan for updates" and wait while your computer scans for updates.
- Once critical updates have been found click on"Review and install updates":
- Make sure that security update KB824146 is on the list of selected updates.
- Click on the "Install Now" button.
- Review the Terms and Conditions and select "Accept".
Microsoft has released a Security Bulletin MS03-039 describing these vulnerabilities and an end-user version detailing the bulletins main points. This Security Bulletin supersedes Security Bulletin MS03-026 and includes the fix for the security vulnerability discussed in MS03-026, as well as the three newly discovered vulnerabilities.