News
News
9/11/2003
11:59 AM
50%
50%

Security Pros Get Ready For Blaster II

Companies are prepping to re-patch Windows systems to prevent a Microsoft vulnerability and the high likelihood of a second Blaster-like worm that could target the new security flaw.

Businesses have barely had a chance to catch their breaths following the frantic Blaster-related patching of security vulnerabilities in their Windows desktops and servers--not to mention fending off worm attacks. Now they're prepping to patch those very same systems again to prevent a similar Microsoft vulnerability and the high likelihood of a second Blaster-like worm that could target the new vulnerabilities Microsoft disclosed on Wednesday.

"We're going to have to patch again, we don't have any choice on this," says Gene Fredriksen, VP of information security at Raymond James & Associates. He's readying his "patch swat team" to get the job done as quickly as possible.

The flaws Microsoft unveiled in Security Bulletin MS03-039 are remarkably similar to the security problems addressed by Security Bulletin MS03-026 released in mid-July. Blaster used that vulnerability to infect tens of thousands of unpatched systems in early August.

The three serious vulnerabilities disclosed Wednesday, in conjunction with a Windows patch, affect Microsoft's RPC DCOM (Remote Procedure Call Distributed Component Object Model) and may be exploited, according to Microsoft, remotely through communication port 135 and others. For more information and links to the patch, see Microsoft's MS03-039 security bulletin.

Microsoft says customers should patch all affected systems immediately. The vulnerabilities affect Windows NT 4 Workstation, Windows NT Server 4.0, NT Server 4.0 Terminal Server Edition, Windows 2000, Windows XP, and Windows Server 2003.

Dan Ingevaldson, team lead with the security research group X-Force at Internet Security Systems Inc. says an active exploit--software that makes it easier to attack a security hole--is already available on the Internet and could be used to launch denial-of-service attacks against at-risk systems. Ingevaldson also warns that a virus or worm for attacking vulnerable systems could be created easily. "I would say that there is a high probability that we will see a new worm as a result of this vulnerability," says Ingevaldson. But he adds that since many companies have closed port 135 (a port Blaster used to infect systems) the worm may have a hard time spreading. "I hope that there is some residual protection out there as a result of companies protecting themselves from Blaster. That may be the only potential good news right now."

"We want to get the word out that people need to patch this one," says Jeff Jones, Microsoft's senior director for trustworthy computing security. Outside researchers and Microsoft's own internal reviews discovered the new flaws after the Blaster infection, he said.

"The pressure is on us now," Fredriksen says.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.