Microsoft Warns Of Serious New Flaws In Windows Software
Just moments before a top Microsoft Corp. (MSFT) executive told Congress about efforts to improve security, the company warned customers Wednesday of serious new flaws that leave its flagship Windows software vulnerable to Internet attacks.
Microsoft warned the Internet attacks could be remarkably similar to the Blaster virus that infected hundreds of millions of computers last month.
Microsoft urged customers to immediately apply a free repairing patch from its Web site,
www.microsoft.com. It cautioned that hackers could seize complete control over a victim's computer by attacking these flaws, which affect Windows technology that allows computers to communicate with others across a network.
Outside experts said the new flaws were nearly identical to problems that were exploited by the so-called Blaster infection, which spread last month with devastating damage. Computer users who applied an earlier patch in July to protect themselves still must install the new patch from Microsoft.
"They're as close as you can be without being the same," said Marc Maiffret, an executive at eEye Digital Security Inc. of Aliso Viejo, Calif., one of three research groups credited with discovering the new problems. "It's definitely a big oversight on Microsoft's part that they missed these."
The embarrassing disclosure by Microsoft came just moments before its senior security strategist, Phil Reitinger , told lawmakers on the House Government Reform technology subcommittee about the company's efforts to help consumers defend themselves against viruses and other Internet attacks.
"Microsoft is committed to continuing to strengthen our software to make it less vulnerable to attack," said Reitinger, a former deputy chief in the U.S. Justice Department's cybercrime division. Still, he acknowledged, "There is no such thing as completely secure software."
The July announcement from Microsoft about the earlier software flaw in the same Windows technology was deemed so serious it prompted separate warnings from the FBI and Department of Homeland Security. Roughly three weeks later, unidentified hackers unleashed the earliest version of the Blaster infection.
微软警告Windows软件又发现了严重漏洞
微软公司(Microsoft Corp., MSFT)周三警告其客户,其旗舰产品Windows软件又发现了新的漏洞,这使其很容易受到来自互联网的攻击,而微软一位高层管理人士此前刚刚向国会介绍了该公司改进产品安全性的努力。
微软警告说,就严重程度而言,新漏洞可能招致的网上攻击可以赶得上上月蠕虫病毒爆发所造成的危害,当时有数亿台电脑受到了这种病毒的感染。
微软敦促其客户迅速从微软网站(
www.microsoft.com)上下载免费的修补软件。微软提醒说,黑客可以通过攻击上述漏洞而全面控制受害人的电脑。
就在微软发布这一尴尬消息不久之前,该公司资深安全策略师Phil Reitinger对众议院一个科技委员会的议员表示,微软在努力帮助用户抵御电脑病毒和其他互联网的攻击。
曾任美国司法部(Justice Department)互联网犯罪部门副主管的Reitinger表示,微软致力于继续强加其软件的安全性,使之不容易受到攻击。但他也承认,世上不存在什么完全安全的软件。
微软7月份发布声明,警告Windows技术中存在软件漏洞,这一声明被认为十分严重,以致促使联邦调查局(FBI)和国土安全部(Department of Homeland Security)另外又发布了软件安全警告。此后大约过了3周,身份不明的黑客释放了最早一个版本的蠕虫(Blaster)病毒。
