September 10, 2003
|
MSFT identified three vulnerabilities in Windows on Wednesday that could have a similar effect to that of the dreaded MSBlast worm of August.
By Michael Kanellos
The flaws, which affect Windows NT 4.0, Windows 2000, Windows XP and the 64-bit versions of Windows XP, are the latest in a string of critical weaknesses identified in Windows recently. The company has issued a patch that can be downloaded from its Web site.
The first two flaws are buffer overruns, which allow a hacker to take over a computer by swamping it with data.
The third is a denial-of-service flaw that affects a component known as the remote procedure call (RPC) process. The RPC process facilitates activities such as sharing files and allowing others to use a computer's printer. By sending too much data to the RPC process, an attacker can cause the system to grant full access to its resources. By using the flaws in tandem, a hacker could load unwanted programs onto computers through the buffer overrun flaws and then use the infected computers to launch a denial-of-service attack.
The MSBlast worm, also known as W32/Blaster and W32.Lovsan, exploited a similar vulnerability that allowed a group of unknown hackers to load data on computers worldwide in an attempt to knock out servers that run MSFT's update services.
"An attacker who successfully exploited either of the buffer overrun vulnerabilities could gain complete control over a remote computer," MSFT stated in a bulletin released Wednesday. "This would give the attacker the ability to take any action that they wanted on the system, including changing Web pages, reformatting the hard disk or adding new users to the local administrators group."
The bulletin released Wednesday, MS03-039, supersedes bulletin MS03-026, which in July first warned of the vulnerability MSBlast exploited. The vulnerability revealed Wednesday is similar in nature and in its potential for damage, but it affects the RPC function differently.
"It is a different vulnerability, but they have the same impact, and they affect the same ports," said Stephen Toulouse, security program manager at MSFT's Security Response Center. "In terms of impact, it is the same."
Ports are standardized software addresses that allow applications to exchange data. Firewalls routinely prevent illicit access to such services from the Internet by blocking the specific port used by a computer to offer those services.
MSFT is urging customers to apply the patch immediately. The company is also revisiting its overall security patching policy, Toulouse said. Now, patching is mostly left up to customers, a problem that has helped viruses spread.
Although the flaws were announced Wednesday, researchers at the CERT Coordination Center, a clearinghouse for information on Internet threats, said in August that they had detected the potential for a second denial-of-service flaw with the RPC process.
The actual flaw was first discovered by eEye security, NSFocus and Tenable Network Security.
Back to the Top
|
New Adobe Creative Suites