Microsoft Flaw Could Affect Homeland Security

In July, Microsoft announced a "critical" flaw in several of its operating systems—including Windows XP—and now the U.S. Department of Homeland Security (DHS) is expressing worries about the vulnerabilities to cyber attacks.

Hackers got to work immediately upon learning of the flaw that also appeared in Windows 2000, Windows 98, Windows 98 Second Edition, Windows Me, Windows NT 4.0 Server and Windows Server 2003, with experts saying that the window of opportunity to place security patches on the flaws is quickly closing.

The Department of Homeland Security (DHS) itself, which recently signed a multi-million dollar contract that makes Microsoft its principal software provider, is now scrambling to make sure the patches are in place to protect its own vulnerable systems.

The agency ratcheted up the level of warning that Microsoft originally placed on the flaw, which creates a vulnerability in the Windows Remote Procedure Call (RPC) that could allow for code to be executed maliciously.
The Department of Homeland Security warned, "several working exploits are now in widespread distribution on the Internet." Agency alerts compared the potential exploit to the Code Red and Slammer viruses/worms.

An agency spokesman was quoted on InternetNews.com as saying the agency is watching the situation closely. "We're seeing an Internet-wide increase in probing that could be a search for vulnerable computers," said DHS’s David Wray. "It could be a precursor and it bears continued watching... It certainly could be serious. It could lead to the distribution of destructive, malicious code and it could cause considerable disruption."

Microsoft disclosed the flaw in July, as part of three new flaw disclosures—warnings No. 23, 24 and 25 this year. The critical flaw could allow a "buffer overrun," which Microsoft’s Web site describes as "an attack in which a malicious user exploits an unchecked buffer in a program and overwrites the program code with their own data. If the program code is overwritten with new executable code, the effect is to change the program's operation as dictated by the attacker. If overwritten with other data, the likely effect is to cause the program to crash."

The buffer overrun, found in the HTML converter in the Windows operating system, was the most serious of the reported flaws. Hackers could manipulate the vulnerability to spread the code through HTML in an e-mail or by developing a web page that causes the code to be automatically downloaded by visitors.

What makes the flaw particularly daunting is that it can be set in motion without the user doing anything to cause it. Microsoft posted a patch for the vulnerability on its Web site. Another difficult aspect is this flaw’s ability to affect both servers and desktop computers simultaneously.

"We're very concerned," Dan Ingevaldson, an engineering manager with Altanta-based Internet Security Systems, Inc., told IntnernetNews.com. "We think there's a risk here to the entire Internet."

You may like these other stories...

In the old days, we used to tape down receipts from our travels and submit them to accounts payable. But that was before remote employees who may live in a different city from the home office. And of course, there's all...
In 2011, electrical services and technology provider Parsons Electric in Minneapolis, Minn., decided to take its accounting to the cloud. Monica Ross, the company's director of strategic projects, talked with AWEB about...
Event Date: July 24, 2014, 2 pm ET In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the...

Upcoming CPE Webinars

Jul 16
Hand off work to others with finesse and success. Kristen Rampe, CPA will share how to ensure delegated work is properly handled from start to finish in this content-rich one hour webinar.
Jul 17
This webcast will cover the preparation of the statement of cash flows and focus on accounting and disclosure policies for other important issues described below.
Jul 23
We can’t deny a great divide exists between the expectations and workplace needs of Baby Boomers and Millennials. To create thriving organizational performance, we need to shift the way in which we groom future leaders.
Jul 24
In this presentation Excel expert David Ringstrom, CPA revisits the Excel feature you should be using, but probably aren't. The Table feature offers the ability to both boost the integrity of your spreadsheets, but reduce maintenance as well.