Microsoft's latest security problem and Emergency Update

Page content

Is this a normal Windows update?

No, it is relatively rare for Microsoft to issue a security update outside of its normal monthly update process (which begins on the second Tuesday of each month). An ‘out of cycle’ update (or emergency patch as most media reports call it) only takes place when there is evidence that hackers are already aware of a security loophole and pose a serious risk of exploiting it.

What is the problem?

There is a newly-discovered bug in the Remote Control Procedure, a system used in Windows to allow somebody using one computer to carry out an activity on another machine through a network. There are plenty of legitimate uses for this, such as using a printer over a network. However, the bug means that in both Windows 2000 and Windows XP, a hacker could run code on a vulnerable machine without the user having to do anything to allow such access.

What are the security risks?

Several people, including both security experts and hackers, say they’ve found ways to exploit the loophole. There isn’t yet any evidence that hackers have successfully carried out new attacks, but it is a serious possibility.

The loophole has also made some existing viruses more effective. The most prominent one is known as ‘Gimmiv.A’ or ‘Spy-Agent.Da’. They search computers for passwords and other private data which can then be send back to those behind the virus.

Originally this virus was fairly limited because each variation of it must be written for a particular edition of a particular version of Windows in a particular language – if it doesn’t match, the virus is ineffective. However, the loophole means the virus can spread much more easily from machine to machine, making it far more likely it will find one it can infect successfully.

What do I need to do?

If you have Windows Update set to automatically download and install updates, you should now be protected. If you have chosen any of the manual options and you use Windows 2000 XP, it’s critical that you install the new update. You’ll then need to restart your machine before the update can take effect.

The incident also serves as an important reminder to make sure you have an effective firewall (which can limit or eliminate the vulnerabilities caused by the loophole) and strongly consider anti-virus software (which can help if a hacker does exploit the loophole).