Critical News: Security Patch

Please listen up! You don’t want to miss this important announcement!

Last Thursday (October 23, 2008), Microsoft released a critical Windows security patch, which is something they haven’t done since April 2007. And of course, it quickly started raising eyebrows in the technology community. The security patch fixes a vulnerability that allows a remote program to be run in Windows without any authentication. A worm that uses the hole in the Windows security to take over a computer has already been released on the Internet.

According to security experts, the worm, named “Gimmiv,” locates the security hole on a computer and executes a program that steals passwords. The code for the worm was released on a popular hacking Web site, which leads many to believe that the exploit will be modified and different versions of Gimmiv will be released on the Web.

On Friday (October 24, 2008), Symantec and McAfee, Inc. stated that they had only seen a small amount of attacks based on the exploit. However, Symantec said they discovered a 25 percent increase in network scans for computers that contain the vulnerability, which suggests the amount of attacks on this security hole may increase.

Windows 2000, XP, Vista and Server 2003 are all affected by this new vulnerability and it’s recommended that users of those operating systems turn on their Automatic Updates so that they can receive the security patch. (To do that, go to Start, Control Panel, Security Center, Automatic Updates). Stay safe out there!

~ Jack William