News
News
11/17/2003
06:16 PM
50%
50%

Hackers Already Exploiting Microsoft Vulnerabilities

Security experts say the exploits that have surfaced so far aren't ready to use as a platform for a worm--but that could change quickly.

Hackers are beginning to successfully develop software that can be used to attack systems vulnerable to security holes Microsoft disclosed last week.

Less than 24 hours after Microsoft published its monthly roundup of security patches on Nov. 11, exploit code, a small app that can be used to attack a software vulnerability, began to surface on security mailing lists.

It began when exploit code that works against the "Windows Workstation Service" flaw revealed in Security Bulletin MS03-049 was posted to the Bugtraq mailing list. And during this past weekend more samples of exploit code were posted to various security mailing lists.

The flaw being targeted is the buffer-overflow vulnerability within the Windows Workstation Service; according to Microsoft's MS03-049 advisory, a remote attacker could gain complete control of an unpatched system.

On Nov. 11, the CERT Coordination Center, based out of the Software Engineering Institute at Carnegie Mellon University, issued an advisory that warns that worms aimed at this vulnerability are a possibility.

Dan Ingevaldson, director of X-Force, which conducts Internet security research at Internet Security Systems Inc., says the exploits that have surfaced so far are bug-ridden and not ready for someone to use as the platform for a worm.

That could change quickly. "One of the exploit writers put comments inside their code asking more help and how they could make the exploit more effective," he says.

It's common, security experts say, for software exploits to be tweaked and improved by hackers and security researchers over days and weeks until they're perfected. Ingevaldson is confident a new worm will surface soon. "While it's easy to predict that exploit code will appear in a matter of days and that it will be quickly improved, the actual release date of a worm is tough to predict," he says.

The release of the Blaster and Nachi worms followed the same pattern of vulnerability, quickly improved exploit code, and finally the actual worms, Ingevaldson says.

If a worm does hit, Windows 2000 users won't be hit as hard as users of Windows XP, he says, because Windows 2000 isn't exploitable by an anonymous or "null session" so any attacks, whether by a hacker or a worm, could come only from systems with the proper access rights.

Microsoft is urging customers to patch the vulnerabilities revealed in the Nov. 11 security bulletins. More information is available on its site.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.