Microsoft releases patch for Windows vulnerability

By Ed Taylor, Tribune January 6, 2006

Responding to pressure from computer users, Microsoft Corp. issued an official fix Thursday for a major vulnerability that potentially allowed attackers to take control of personal computers connected to the Internet.

Originally the software giant said it would not release the patch for the flaw in its Windows operating system until Tuesday as part of a regular monthly security update, saying it needed the time to adequately test the fix. But on Thursday Microsoft said it was issuing the patch five days early because testing had been completed sooner than expected.

"In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible," the company said in a statement.

The patch became available to Windows computer users at 3 p.m. Arizona time Thursday.

Security experts said Microsoft was smart to move quickly because of the potentially serious nature of the vulnerability.

"With all the heat they were getting, they obviously decided to move it up," said Ken Colburn, owner of Tempe-based Data Doctors Computer Services. "Its them responding to whats going on."

"With this kind of demand (for a patch), it would be prudent once it was tested for them to release it early," said Cindy Kim, spokeswoman for PatchLink Corp., a Scottsdalebased computer security firm.

The flaw allowed attackers to exploit a vulnerability in an element of Windows called Windows Meta File that is used to view images. Potentially they could gain access to personal computers if the user is tricked into viewing an image on a malicious Web site or within an e-mail attachment. Once inside a personal computer, the attacker could steal the computer users identity, install viruses or cause other problems.

PatchLinks testing indicated that the damage could be so severe that the operating system would have to be reinstalled from scratch, said Chris Andrew, vice president of security technology.

Data Doctors, PatchLink and other security firms were offering free temporary patches available through the Internet, but that became unnecessary Thursday when Microsoft released its permanent fix.

Microsoft said attacks appeared to have been limited and were mitigated prior to the release of the patch by the companys efforts to shut down malicious Web sites and by updates from anti-virus companies.

But Andrew said the events this week could be a precursor to more so-called "zero-day" threats, which involve hackers discovering operating system vulnerabilities and exploiting them before patches can be made available. The problem is becoming more serious because more information is available to hackers, and its taking longer for patches to become available, he said.

"In 2006 we will see a lot more zero-day attacks," he predicted.

Contact Ed Taylor by email, or phone (480) 898-6537

Crazy Atheist Libertarian
Crazy Atheist
Government Crimes
Government News
Religious Crimes
Religious News
Useless News!
Legal Library
Libertarians Talk
War Talk
Arizona Secular Humanists
Putz Cooks the ASH Book's
Cool Photos & Gif's
More cool Gif & JPEG images
Az Atheists United
HASHISH - Arizona
Messy Yard Criminals
Papers Please, the American Police State
Tempe Town Toilet
Tempe Town Lake
"David Dorn"    -    Hate Monger
"David Dorn" Government Snitch?
Free Kevin Walsh
U.S. Secret Service
Secret Service Political Prisoner
News about the Secret Service
Western Libertarian Alliance
Phoenix Copwatch