Microsoft Withstands Denial of Service Attack

AUCKLAND, New Zealand - Saturday, August 16, 2003 - Microsoft New Zealand today confirmed that the denial of service attack on the http://www.windowsupdate.com has had minimal impact on New Zealand computers users.

It says credit for the lack of disruption must first go to local Internet Service Provider partners such as Xtra and IHUG who put all the necessary preparations in place to ensure that New Zealanders had a positive online experience this morning, when the first attacks occurred.

The denial of service attack was caused by a blaster worm virus which exploited a known vulnerability in Microsoft Windows operating system.

The worm caused infected Windows machines to repeatedly crash and then use infected machines to launch an attack on http://www.windowsupdate.com . This, in turn, tried to make the website to run slowly or be inaccessible to customers. This was prevented from occurring when Microsoft disabled the windowsupdate.com url, which was what the worm was designed to attack.

Microsoft says Microsoft Windows users who applied the security patch and/or subscribed to the Windows Update service also made a tremendous difference in ensuring that microsoft.com was able to withstand the denial of service attack.

Terry Allen, Enterprise and Partner Group Director for Microsoft New Zealand, estimates that over 80 million copies of patch have been downloaded worldwide since it was made available on July 16. He says this is a positive sign and it hopes that people will continue to take effective measures to protect themselves against virus attacks.

"While the blaster worm only attacks windowsupdate.com and does not cause any permanent damage to the computer, such as data deletion or damage to a hard drive, customers are still advised to take security maintenance for their computers seriously," says Allen. "Hackers are malicious people, and the next virus they make could have more detrimental impact on infected machines' data, so it pays to be vigilant about computer security." Allen urges computer users to take the necessary steps to get secure by applying the patch for this particular security vulnerability and stay secure through the free Windows Update service.

"Microsoft will also continue to develop new security processes to help minimise the number of successful attacks by hackers. The company will be shipping all future versions of the Microsoft Windows Operating System with the Internet Connection Firewall turned on by default," says Allen.

To find out more about computer safety, Microsoft Press Centre conducted an interview with Terry Allen

Press Centre: What has been the New Zealand impact from the Blaster Worm?

Terry Allen: "Microsoft has been fielding a steady flow of enquires during the week from people who want to find out how they can protect themselves. At this stage, it is difficult to quantify the number of people affected, however, we have physically spoken and helped over 12,000 people since Tuesday.

Since the denial of service attack was launched on midnight at Friday in New Zealand, the impact has been minimal. The additional security remedial measure appears to be working well. From the additional toll free phone customer support infrastructure, the wide availability of the security patches both online and on CDs to the application of the security patch by Windows customers and the support of the New Zealand internet Service Providers have all been instrumental in helping shield New Zealand customers from more significant disruption.

If people are concerned and need further information they can go to our security website on www.microsoft.com/security or call us on our toll free at our customer service centre 0800 800 004.

Press Centre: How is Microsoft being affected globally?

Terry Allen: "What we do know is that that our customer education campaign has been working really well. Over 80 million downloads of the patch have occurred in the past few weeks and this is a positive sign that people are taking effective measures to protect themselves against virus attacks. We're hoping this trend will continue as we face further challenges with malicious hackers."

Press Centre: Are you saying that we can expect more of this type of thing to come?

Terry Allen: You have to remember that internet technology for home users has only been available for a short period of time. Many people are still getting to know how to use their PC at home beyond email. We feel we have a role in trying to educate and help people in how to best protect themselves

from future viruses. It can be expected that as technology continues to evolve so will attempts by malicious hackers to disrupt the internet. Ideally the best thing that regular internet users can do is to go to http://www.microsoft.com/security and subscribe to the Microsoft security bulletin. This is basically an email newsletter that alerts people to go to the Microsoft website and click on a link that will download what we call a patch - a piece of computer code that fixes problems as they arise. People who subscribe to this newsletter will get routinely advised of when they should download patches.

About Microsoft

Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software - any time, any place and on any device.

#########

Microsoft is a registered trademark of Microsoft Corp. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

© Scoop Media