Companies are prepping to re-patch Windows systems to prevent a Microsoft vulnerability and the high likelihood of a second Blaster-like worm that could target the new security flaw.
Businesses have barely had a chance to catch their breaths following the frantic Blaster-related patching of security vulnerabilities in their Windows desktops and servers--not to mention fending off worm attacks. Now they're prepping to patch those very same systems again to prevent a similar Microsoft vulnerability and the high likelihood of a second Blaster-like worm that could target the new vulnerabilities Microsoft disclosed on Wednesday.
"We're going to have to patch again, we don't have any choice on this," says Gene Fredriksen, VP of information security at Raymond James & Associates. He's readying his "patch swat team" to get the job done as quickly as possible.
The flaws Microsoft unveiled in Security Bulletin MS03-039 are remarkably similar to the security problems addressed by Security Bulletin MS03-026 released in mid-July. Blaster used that vulnerability to infect tens of thousands of unpatched systems in early August.
The three serious vulnerabilities disclosed Wednesday, in conjunction with a Windows patch, affect Microsoft's RPC DCOM (Remote Procedure Call Distributed Component Object Model) and may be exploited, according to Microsoft, remotely through communication port 135 and others. For more information and links to the patch, see Microsoft's MS03-039 security bulletin.
Microsoft says customers should patch all affected systems immediately. The vulnerabilities affect Windows NT 4 Workstation, Windows NT Server 4.0, NT Server 4.0 Terminal Server Edition, Windows 2000, Windows XP, and Windows Server 2003.
Dan Ingevaldson, team lead with the security research group X-Force at Internet Security Systems Inc. says an active exploit--software that makes it easier to attack a security hole--is already available on the Internet and could be used to launch denial-of-service attacks against at-risk systems. Ingevaldson also warns that a virus or worm for attacking vulnerable systems could be created easily. "I would say that there is a high probability that we will see a new worm as a result of this vulnerability," says Ingevaldson. But he adds that since many companies have closed port 135 (a port Blaster used to infect systems) the worm may have a hard time spreading. "I hope that there is some residual protection out there as a result of companies protecting themselves from Blaster. That may be the only potential good news right now."
"We want to get the word out that people need to patch this one," says Jeff Jones, Microsoft's senior director for trustworthy computing security. Outside researchers and Microsoft's own internal reviews discovered the new flaws after the Blaster infection, he said.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.