Microsoft officials announced their discovery of another security flaw yesterday, and Computing and Media Services officials are bracing themselves for another worm infiltration.

While Microsoft employees have already made a patch available on their Web site, Microsoft users’ history of ignoring new patches has CMS officials concerned that another round of worm problems are on the horizon.

‘This is just as bad a flaw as the Blaster worm,’ said Deborah Nosky, IT communications manager of CMS.

The security flaw affects all computers running Windows XP, Windows NT and Windows 2000.

‘With this vulnerability, whether it picks your system specifically or attacks many at a time in worm form, [someone or something] could basically take over your entire computer,’ said a Microsoft spokesman.

The company has released security updates since 1998, but only recently have the announcements inspired hackers to develop worms that can cause damage to unpatched computers.

At this point, a worm doesn’t exist for this flaw, and Nosky is unsure how long it would take for one to be developed. The security flaw which resulted in the MSBlaster worm was announced July 10, and the worm began appearing Aug. 10.

CMS officials hope that with the help of the temporary staff and the media, most students will patch their computer before a worm even develops.

‘But no one is interested until damage is done,’ Nosky said.

The patch is currently available at www.microsoft.com/protect, and Nosky hopes to have a link to a similar download available on the CMS Web site by tomorrow afternoon.

‘I’ve already started to put the new patch on computers,’ said Tim Minsterman, one of 25 temporary CMS employees hired to deal specifically with worm problems.

CMS will provide its on-site employees with a new CD containing the latest patch tomorrow, said John Ciccone, another temporary CMS employee, who has been stationed at South Campus.

‘I don’t think there is a real threat right now,’ Ciccone said. ‘There might be in a couple weeks.’

Nonetheless, Microsoft is stressing the importance of keeping up-to-date on patches.

‘We can’t stress enough to make sure you download the latest patches,’ said a Microsoft spokesman. ‘Then, no matter what comes out, you’ll be protected.’

Published on September 11, 2003 at 12:00 pm