Critical flaw likely target for malware

An extremely critical security patch has been released by Microsoft. The flaw impacts Windows XP, Windows NT workstation and server, Windows 2000, and Windows 2003 Server. The 64-bit edition of Windows XP is also affected. The vulnerability allows a remote hacker to take complete control of the system.

Microsoft Security Bulletin MS04-007 provides details on the vulnerability and patch. However, it appears some folks have misinterpreted the bulletin, which describes it as an "ASN.1 vulnerability", to construe the impact to be more of a server concern. This is not the case. As the ASN.1 Information site so eloquently describes, "ASN.1 is a critical part of our daily lives; it's everywhere, but it works so well it's invisible!" The use of ASN is indeed broad - it is found in everything from Internet Explorer and Outlook, to eCommerce, wireless technologies, and a wide range of communications software from vendors throughout the world.

Marc Maiffret, Chief Hacking Officer for eEye Digital Security, the company that discovered and reported the flaw, clarifies the misconceptions, "If you're running, Windows NT 4.0, Windows 2000, Windows XP, or Windows 2003, you are 99.9999% positive to be vulnerable, regardless of what your configuration might be. Don't try to guess if you have any of the affected protocols or applications (lets not forget third party apps using the MS ASN library), just install the patch. Client side, server side, world wide."

With the patch and accompanying details now public, chances are exploit code will begin circulating soon. To get the patch, visit the Windows Update site without delay.