Major Internet Attack In The Offing?

The Department of Homeland Security issued a statement this week urging internet users to update their computers in the wake of information regarding a possibly imminent attck by hackers. Via ABC Tech News

"The Department of Homeland Security is recommending that Windows Operating Systems users apply Microsoft security patch MS06-040 as quickly as possible," the statement read. "This security patch is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an affected system."

Microsoft's security bulletin MS6-040, Microsoft noted "Microsoft has verified the published exploit code to work on Windows 2000 and Windows XP Service Pack 1," it said. However, independent security researchers seem to have verified that it can bring Windows XP SP2 and Windows Server 2003 to their knees with a denial-of-service (DoS) attack.

Mike Murray, director of vulnerability research at nCircle says "A worm on the scale of MSBlaster will hit in the next two weeks, and could hit in the next several hours". He added that "This threat is eminently wormable".

TechWeb.com published the following precautions for protection:

---- Identify PCs vulnerable to attack by running the free scanning tool offered by eEye Digital Security. The tool, which comes in two versions -- one capable of scanning 16 machines simultaneously, the other up to 256 computers -- can be downloaded free of charge from the eEye site.

---- Patch all vulnerable systems using Microsoft-based mechanisms -- including Windows Update and Windows Server Update Services (WSUS) -- or third-party patch managers such as Shavlik's HFNetChkPro, Patchlink's PatchLink Update, and BigFix Enterprise Suite Patch Management. Those manually downloading the patch will find it here.

---- If administrators or users are unable to patch, Microsoft recommended that they block TCP ports 139 and 445 at the firewall.

---- Additionally, Microsoft told users that they could defend unpatched systems by barring any unsolicited inbound traffic, or blocking the affected ports by applying Internet Protocol security (IPsec).

Ken Dunham, director of VeriSign iDefense's rapid response team, in an e-mail to TechWeb Friday afternoon, states "Hacker activity has been light for the MS06-040 exploitation to date,but will likely increase with the advent of this coming weekend. Networks should be diligent to patch all Internet facing computers for MS06-040 ASAP."

As always, this and other security updates can be downloaded and installed using Windows Update, or from the Microsoft Security Homepage.