[ISN] Son of MSBlast on the way?

From: InfoSec News (isn@private)
Date: Fri Oct 24 2003 - 00:34:39 PDT

  • Next message: InfoSec News: "[ISN] Secunia Weekly Summary"

    http://news.com.com/2100-7355_3-5095935.html
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    October 23, 2003
    
    A program that exploits a software vulnerability Microsoft recently 
    described could spell trouble for companies that haven't quickly 
    patched their system, security experts said this week. 
    
    Released on a security mailing list earlier this week, the program 
    takes advantage of a flaw in Microsoft's Messenger Service to cause 
    Windows-based computers to crash. The vulnerability affects almost 
    every current Microsoft Windows system, leaving security experts 
    concerned that independent hackers will quickly find a way to take 
    control of a large number of computers by exploiting the flaw. 
    
    "I think we are going to see a repeat of the (MSBlast worm)," said 
    Vincent Weafer, senior director of Symantec's antivirus research 
    center, referring to the program that spread across the Internet in 
    August. The program used a similarly widespread Windows flaw to break 
    through computers' security. "It took three weeks (for hackers) to 
    figure out a working worm in that case." 
    
    Programs that illustrate how to take advantage of such holes are known 
    as "exploit code" and are seemingly being developed faster, coming out 
    soon after the first notification of a flaw, a recent study by 
    Symantec found. 
    
    This isn't the first time the Windows Messenger feature has been the 
    source of users' pain. Not to be confused with Microsoft's instant 
    messaging services, the Messenger feature allows Windows applications 
    to communicate and send data among themselves. The feature has already 
    been exploited by some spammers to send messages directly to users' 
    desktops. 
    
    The flaw that led to the MSBlast worm affected another Windows 
    service, known as the distributed component object model (DCOM), which 
    allows components of the operating system to communicate. The software 
    is a fundamental piece of the operating system, so the flaw affected 
    all versions of Windows. 
    
    Microsoft announced the latest flaw a week ago as one of several 
    security problems it highlighted in its first monthly security update. 
    At the time, the software giant said all the flaws could be exploited 
    to create a worm. "All of the five critical (vulnerabilities) are, of 
    course, critical, so that means they are wormable," Jeff Jones, senior 
    director of Microsoft's security business unit, said last week. 
    
    On Monday, a researcher released source code to a security mailing 
    list, showing how to crash a computer using the flaw. Because the 
    issue affects so many computers, companies should patch the issue 
    quickly, said Craig Schmugar, virus research engineer for Network 
    Associates.
    
    "The greater the number of vulnerable systems out there, the greater 
    the concern," he said. "We definitely take the demo code seriously." 
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Oct 24 2003 - 03:10:04 PDT