On Thursday last week, systems based around IIS 5.0 (Internet Information Services), a component of Microsoft’s Windows 2000 Server, were targeted by malicious code known as “Download.Ject.”
US law enforcement officials eventually identified the source of the attack as a Web server located in Russia which was promptly shut down.
Reacting to the threat, Microsoft released a configuration change to the Windows XP, Windows Server 2003, and Windows 2000 operating systems last Friday that now protects systems against the Download.Ject attack.
In addition to the configuration change, Microsoft says that it will be providing a series of security updates to Internet Explorer in coming weeks that will provide additional protection for its customers.
Later this summer, Microsoft will release Windows XP Service Pack 2, which will include the most up-to-date network, Web browsing and e-mail features designed to help protect against malicious attacks and reduce unwanted content and downloads. In addition, an update for versions of Internet Explorer will be released as well.
Information about DownloadJect and the security measures required to patch systems have been published on the Microsoft security site.