«
»

Internet Security: PC users on yellow alert awaiting Windows patch


Wednesday, January 4th, 2006

Province

NEW YORK — Microsoft Corp. plans to release a patch for a new security flaw at its next scheduled update release on Jan. 10, leaving users largely unprotected until then from a rapidly spreading computer-virus strain.

“Microsoft’s delay is inexcusable,” said Alan Paller, director of research at computer security group SANS Institute. “There’s no excuse other than incompetence and negligence.”

“It’s a problem that there’s no known solution from Microsoft,” said Alfred Huger, senior director of engineering at Symantec Corp.’s security response team.

SANS Institute, via its Internet Storm Center, has taken the unusual step of releasing its own patch for the problem until a Microsoft-approved fix is available.

The Internet Storm Center, which tracks viruses and other outbreaks on the web, increased the threat level to “yellow” — a warning that means a significant new threat is developing.

Microsoft said evaluation and testing affect the timing of security patches. “Creating security updates that effectively fix vulnerabilities is an extensive process. There are many factors that impact the length of time between the discovery of a vulnerability and the release of a security update,” Microsoft said.

“Quality is the gating factor,” said a Microsoft spokeswoman. The company views the issue as “serious,” but believes that “the scope of the attacks is not widespread,” she added.

The attack is the latest to hit Microsoft, despite redoubled efforts to respond to security threats. With more than 90 per cent of personal computers running Windows, it represents the biggest target for hackers.

The virus began spreading last week, as hackers took advantage of a previously unknown flaw in Windows Meta File code in what is known as a “zero-day attack.”

The bug was found in current server and desktop versions of Windows and is considered serious because it requires relatively minor user interaction to be unleashed. The virus is carried in picture files and can be triggered if an image is viewed in an e-mail or on an infected website. It is also being distributed through Instant Messenger.

© The Vancouver Province 2006

This entry was posted on Wednesday, January 4th, 2006 at 12:00 pm and is filed under Technology Related Articles. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.



Comments are closed.