Attackers Exploit Bug in Windows 2000

Plus: New patches for Internet Explorer, Adobe Acrobat, and Adobe Reader.

Stuart J. Johnston is a contributing editor for PC World.

How quickly malware writers can take advantage of newly disclosed holes was dramatically illustrated this past summer when Zotob, Botzori, and other worms came out within a week or more of Microsoft's posting of a patch intended to block such attacks (click here to download it). This was the first major worm epidemic since Sasser about a year and a half ago.

These worms were particularly sneaky because they planted bots--programs meant to turn your PC into a "zombie" to participate in mass Net attacks like denial-of-service assaults or spam broadcasts. (For more information on bots, click here.)

The worm writers took advantage of a bug in Plug and Play, a portion of Windows that lets your computer recognize peripherals like cameras, external hard drives, or printers. The worm sends a network message that enters your PC unbidden over the Internet. Since the message is meant for the Plug and Play part of Windows, you don't have to click anything to be infected. And it causes that portion of the system to crash in such a way that an attacker's program can then gain access to your PC--and even your home network. Anything that you can do, it can do.

The hole is dangerous primarily to PCs running Windows 2000. Microsoft says that some Windows XP machines may also be at risk, though no attacks have yet been documented. You may be vulnerable if you're running XP Service Pack 1 and you have enabled Simple File Sharing by manually running the Network Setup Wizard and choosing the feature.

Since a widespread attack had not occurred for some time, it was easy to become lax about installing new security patches. But Zotob and its many variants have demonstrated that you're still vulnerable if you're behind, even by a day or two.

WIN2K Update

Microsoft has reissued Windows 2000 SP4 Update Rollup 1. Some users ran into problems after installing the original update: They couldn't restart their PCs or save Office files to a floppy. Microsoft says only a few users were affected, but millions have downloaded the update, partly on our say-so. For details on the hitches and the workarounds, click here.

Fix Internet Explorer With One Patch

Microsoft has released a new cumulative update for Internet Explorer 6 that blocks with a single patch three dangerous holes in the ubiquitous browser, including a new vulnerability in the way IE processes JPEG images. If you click a poisoned JPEG image in an e-mail or on a malicious Web site, your machine could be taken over by an attack program. The update includes all security fixes that have ever come out for IE 6. So if you haven't patched IE in a while, here's your chance to get fully up-to-date in one step. Get more information and the patch here.

In Brief: Adobe Fixes Flaws

Adobe has patched new holes in Acrobat and Reader that could let an attacker crash your PC, and possibly worse, if you click an envenomed PDF file. There are no telltale signs that a PDF is bad, and your antivirus program is unlikely to catch it. The problem is in one of the readers' core application plug-ins--Adobe isn't saying which one. Get the patch here.

Help for Windows Patching Problems

Microsoft now requires users to validate their copy of Windows via Windows Genuine Advantage before they can download patches. Though the change has been painless for most users, some have had problems getting WGA to validate their copies of Windows on brand-name PCs. For help from other users and Microsoft techs, click here.

Bugged?

Found A hardware or software bug? Tell us about it via e-mail at bugs@pcworld.com.