Skip to main content
BBC NEWS / TECHNOLOGY
Graphics VersionBBC Sport Home
News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia | UK | Business | Health | Science & Environment | Technology | Entertainment | Also in the news | Have Your Say |
Friday, 11 August 2006, 09:26 GMT 10:26 UK

Official warning on Windows bugs

Windows XP on laptop, Getty The US Department of Homeland Security has urged Windows users to install the latest patches from Microsoft as quickly as possible.

In particular it warned about one bug fixed in the latest batch of security updates that, if exploited, could put a PC under the control of an attacker.

Microsoft's recent update fixed 23 flaws found in Windows software.

Many of these bugs are known to malicious hackers and some are already actively exploited on the net.

Fast fix

Microsoft typically issues security updates for Windows and its associated programs on the second Tuesday of every month. In the August update, seven of the fixes were rated as "critical" - the highest rating.

The DHS was most concerned about the flaw identified in the MS06-040 security report. This identified a problem with the Windows server service that allows attackers to take over machines without users doing anything to help.

A worm written to exploit this bug "could enable an attacker to remotely take control of an affected system and install programs, view, change, or delete data, and create new accounts with full user rights," said the DHS in a statement. As well as overseeing efforts to combat terrorism the DHS also has a role in cybersecurity.

It said it expected the bug to be exploited within 24 hours of its existence becoming known.

Microsoft reported via its security blog that it had already seen a "limited" attack using this bug. It also said that there had been more than 100 million downloads of the MS06-040 fix since it was made available.

The server service bug is found in Windows 2000, XP and Windows Server 2003.

The vulnerabilities fixed by other patches are found in a variety of Windows programs including the Office software suite and the Internet Explorer browser.

One bug being patched is found in Microsoft's PowerPoint presentation software and an exploit code is known to be circulating online. Security experts said 11 other flaws were known to malicious hacking groups.

Users can get hold of the fixes via the Windows Update site or by using the update tool on Windows.


E-mail this to a friend
Related to this story:
How the internet transformed business (03 Aug 06 |  Business )
Mac users 'too smug' over security (16 Jan 06 |  Technology )
Poisoned PowerPoint attacks users (20 Jul 06 |  Technology )
Windows gets big security update (13 Jun 06 |  Technology )
Microsoft battles Word PC virus (25 May 06 |  Technology )
Tough task of Windows security (05 May 06 |  Click )
Firms slow to fix security flaws (18 Apr 06 |  Technology )

RELATED INTERNET LINKS
US Department of Homeland Security
DHS warning on Windows
Microsoft August security bulletin
Microsoft Security Bulletin MS06-040
Microsoft Windows Update
Microsoft Security Response Center blog
The BBC is not responsible for the content of external internet sites


SEARCH BBC NEWS: 
News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia | UK | Business | Health | Science & Environment | Technology | Entertainment | Also in the news | Have Your Say |

NewsWatch | Notes | Contact us | About BBC News | Profiles | History

^ Back to top | BBC Sport Home | BBC Homepage | Contact us | Help | ©