NEW YORK - Microsoft Corp. issued an interim security update Friday to protect users of its nearly ubiquitous Internet Explorer browsers from a new technique for spreading viruses.
The update does not entirely fix the flaw that makes the spread possible, but it changes settings in Windows operating systems to disable hackers' ability to deliver malicious code with it.
The security measure came in response to last week's discovery of a computer virus designed to steal valuable information like passwords. Though its outbreak was mild, security experts said the technique for spreading it was novel and could be used to send spam or launch broad attacks to cripple the Internet.
Hackers had converted hundreds and possibly thousands of Web sites into virus transmitters by first hiding malicious code using a vulnerability with Microsoft's software for operating Web sites. A fix for it had been issued in April but was not universally applied.
Two other flaws in Microsoft products allowed hackers to direct Internet Explorer browsers to automatically run the virus when visiting an infected site.
Though one of those flaws remains unfixed, Friday's setting changes thwart any attack by prohibiting a Web application from writing files — such as the virus code — onto users' computers.
The U.S. Computer Emergency Readiness Team urged computer users to install the update, saying it would greatly increase protection. But the advisory warned other types of attack remain possible.
Stephen Toulouse, a security program manager at Microsoft, said the company still was working on a comprehensive patch to fix vulnerabilities with Internet Explorer, but the settings change should protect users from the immediate threat.
The software update covers Windows XP (news - web sites), Windows Server 2003 and Windows 2000 (news - web sites), and Microsoft was working on ones for older systems.
The update will also be included with a major Windows XP upgrade, called Service Pack 2, later this summer. Toulouse said the Service Pack will include additional protections.
After installing Friday's update, users should be able to lower their security settings from the "high" one initially recommended as a stopgap, he said.
Russ Cooper, a senior researcher at TruSecure Corp., welcomed Friday's update, but said it should have come sooner than a week.
"It would have taken a couple of hours to put it together as a package, and (the testing) process can take a day or two," Cooper said.
But Toulouse said that given the broad user base for Windows and Internet Explorer, even a problem affecting less than 1 percent of users potentially hurts millions of customers.
He said the settings could potentially affect legitimate applications used internally by Web developers and corporate networks, and special instructions were available to address those cases.
The update will be automatically installed if computers are set to receive it. It is also available at http://windowsupdate.microsoft.com.
Friday, July 02, 2004
Tuesday, June 29, 2004
Russian website spreading 'malicious' program shut down: Microsoft
WASHINGTON (AFP) - A Russian website that spread a "malicious" Internet (news - web sites) program has been shut down, software giant Microsoft said, adding that users of Internet Explorer are no longer at risk.
"Internet service providers and law enforcement, working together with Microsoft, identified the origination point of the attack in Russia and shut it down on Thursday," Microsoft said in a statement released late Saturday.
The Download.Ject program was not a virus or computer worm, Microsoft said, describing it as a "targeted manual attack by individuals or entities towards a specific server."
Unlike viruses that spread by e-mail, this infection was propagated simply by visiting an infected website, which can install a so-called trojan or keystroke logger that allows hackers access to the PCs, security experts said Friday.
Security (news - web sites) experts warned that the program could be used to steal financial information and e-mail passwords.
The company, owned by billionaire founder Bill Gates (news - web sites), said the program "exploited a vulnerability in Internet Explorer to deliver malicious code to visitors of an affected Web site."
"Working (news - web sites) with customers and partners worldwide, Microsoft is unaware of any widespread customer impact based on Download.Ject," said the company based in the northwestern state of Washington.
"The originating Web site of attack has been taken offline," Microsoft said.
"Internet Explorer customers are no longer at risk from that particular attack source as of Thursday evening."
Users of Microsoft's "IIS 5.0 Servers (news - web sites) that have not been updated with security update MS04-011 are susceptible to this attack," the company said.
Microsoft recommended that customers go to www.microsoft.com/protect to shield their personal computers from infection.
Microsoft said it is working with authorities and other companies to "bring those responsible for this criminal act to justice."
"Internet service providers and law enforcement, working together with Microsoft, identified the origination point of the attack in Russia and shut it down on Thursday," Microsoft said in a statement released late Saturday.
The Download.Ject program was not a virus or computer worm, Microsoft said, describing it as a "targeted manual attack by individuals or entities towards a specific server."
Unlike viruses that spread by e-mail, this infection was propagated simply by visiting an infected website, which can install a so-called trojan or keystroke logger that allows hackers access to the PCs, security experts said Friday.
Security (news - web sites) experts warned that the program could be used to steal financial information and e-mail passwords.
The company, owned by billionaire founder Bill Gates (news - web sites), said the program "exploited a vulnerability in Internet Explorer to deliver malicious code to visitors of an affected Web site."
"Working (news - web sites) with customers and partners worldwide, Microsoft is unaware of any widespread customer impact based on Download.Ject," said the company based in the northwestern state of Washington.
"The originating Web site of attack has been taken offline," Microsoft said.
"Internet Explorer customers are no longer at risk from that particular attack source as of Thursday evening."
Users of Microsoft's "IIS 5.0 Servers (news - web sites) that have not been updated with security update MS04-011 are susceptible to this attack," the company said.
Microsoft recommended that customers go to www.microsoft.com/protect to shield their personal computers from infection.
Microsoft said it is working with authorities and other companies to "bring those responsible for this criminal act to justice."
Subscribe to:
Posts (Atom)
