[ISN] Flaws set to spawn another Blaster

From: InfoSec News (isnat_private)
Date: Wed Sep 17 2003 - 01:21:36 PDT

  • Next message: InfoSec News: "[ISN] Security Gets Top-Level Attention"

    Ina Fried
    CNET News.com
    September 17, 2003
    Tools have been developed to exploit a recently announced Windows
    flaw, further increasing the likelihood that new viruses will emerge
    soon, a security firm has warned.
    Ken Dunham, an analyst at iDefense, said on Tuesday that it is "highly
    likely" that new worms or Trojan horses will emerge in the next few
    days. These bugs are expected to prey on computers that have not been
    updated with the latest security patch for Microsoft's operating
    "A new Blaster-like worm family could be created in a matter of hours
    or days, now that exploit source code has been posted in the
    underground," Dunham wrote in an email. "The new attack tool makes it
    trivial for any malicious actor to gain unauthorised root access to an
    unpatched computer."
    Experts advised people last week that a new virus was reasonably
    likely, given the fact that the recently discovered Windows
    vulnerabilities are similar to those that paved the way for the
    MSBlast worm.
    Microsoft is using the warning as a way to remind individuals and
    companies to install the patch that it made available when it sent out
    an alert about the latest flaw last Wednesday. Dunham echoed the
    software maker's advice.
    "Computers that have been patched for the... vulnerability thwart this
    attack," he said. "Unfortunately, a large number of computers remain
    Microsoft has seen the sample code identified by iDefense and is in
    the process of reviewing it, according to Amy Carroll, director of
    product management in a Microsoft security unit.
    "It's another reminder of the need to patch," she said. "That message
    is getting out."
    Carroll noted that in the first five days since Microsoft announced
    the latest vulnerabilities, 63 percent more people downloaded the
    patch for them than did in the same period for the vulnerability that
    led to MSBlast.
    Carroll also encouraged individual Windows customers to make sure they
    are using a firewall and antivirus software.
    Even as Microsoft explores longer-term ways of improving security, the
    company is trying to make more modest, but immediate improvements to
    its software, Carroll said. For example, the company has added to its
    Web site a tool that, with a user's permission, checks to see if
    Windows is set to automatically download and install new patches and
    whether firewall software is turned on.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Sep 17 2003 - 04:00:56 PDT