The Conficker worm shows why it’s so important to keep PCs up-to-date.
Source: Erik Larkin, PC World, Feb 2009
Think massive worm outbreaks are obsolete? Then say hello to the Conficker worm, aka Downadup. In January it slithered onto millions of computers unprotected by a critical patch that Microsoft had issued back in October.
The patch fixed a hole in the Windows Server service, most desktop and server versions of Windows use. Without it, a PC is vulnerable to attack by infected PCs across a network. A firewall can block external attacks of this sort, but business network firewalls generally offer little protection against threats from within the network. And businesses can be slow to patch company computers.
First double-check that you have the October patch noted above (available for Windows 2000, XP, Vista, Server 2003, and Server 2008) on both your home and work PCs, by running Windows Update. And be aware that a thumb drive or laptop you bring home from work can spread Conficker as well.
You also need to close a similar, newly discovered hole that exists in the Microsoft Server Message Block (SMB) protocol for file and printer sharing, which is critical for Windows 2000, XP, and Server 2003, and moderately important for Vista and Server 2008. Like the hole that the Conficker worm exploits, the SMB flaw lets an attacker launch a remote assault on a vulnerable computer and take complete control if successful. Again, a firewall can lower the risk, but be sure to get the patch via Windows Update or from Microsoft’s site (Security Bulletin MS09-001).
New QuickTime Fixes
Meanwhile, Apple has released QuickTime 7.6 to close seven serious flaws involving hacked movie files (including .avi and .mpeg types) and streaming video sites whose URLs open with rtsp://. Playing a tainted file or streaming video could relinquish control of your system to an attacker. You’ll need the update if you run QuickTime on Mac OS X, Windows XP, or Windows Vista; nab it and more info from an Apple support page.
If you’ve installed the optional QuickTime MPEG-2 Playback Component under Windows XP or Vista, you’ll need another high-priority Apple fix. Head to another Apple support page (link no longer works) to determine whether you have the QuickTime extra and, if so, which version it is. If it’s prior to version 18.104.22.168, get the free update to protect against malicious movie files.
Firefox 2 Antiphishing Is Gone
Finally, if you’re a Firefox 2 hold-out, be aware that the old browser’s built-in antiphishing protection is now kaput. Firefox 2 version 22.214.171.124 or later will show it as disabled, and even though it may still appear to be enabled if you’re using an older version, Google has cut off the data feed that told it which sites to block. Your best bet-by far-is to upgrade to Firefox 3, which supports active anti-phishing and delivers nifty features like the so-called ‘Awesome Bar’.
© 2007 PC World Communications