Microsoft extinguishes Windowsupdate.com website - attempts to sidestep Blaster worm attack, Sophos comments

August 15, 2003 Sophos Press Release

According to media reports Microsoft has confirmed that it has decided to kill off its Windowsupdate.com web address. The website was due to suffer a denial of service attack on 16 August by computers infected by the W32/Blaster-A worm.

Sean Sundwall, a spokesman for Microsoft said: "One strategy for cushioning the blow was to extinguish Windowsupdate.com. We have no plans to ever restore that to be an active site."

According to Microsoft, consumers can update their computers by visiting the web address http://windowsupdate.microsoft.com or the main Microsoft website page at http://www.microsoft.com where information is available on downloading patches as well as advice on setting up firewall protection.

"Users should not think this step means they no longer have to do anything about the Blaster worm," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "All computer users still have a responsibility to ensure this worm has no hiding place on their PCs. So, install the patch from Microsoft, ensure your firewall is properly configured, and confirm your anti-virus is up-to-date. Once that is done take this weekend considering how you can run your computer more securely in the future."

Sophos believes that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.asp. Other vendors offer similar services.