Security Pros Get Ready For Blaster II - InformationWeek
11:59 AM
Moving UEBA Beyond the Ground Floor
Sep 20, 2017
This webinar will provide the details you need about UEBA so you can make the decisions on how bes ...Read More>>

Security Pros Get Ready For Blaster II

Companies are prepping to re-patch Windows systems to prevent a Microsoft vulnerability and the high likelihood of a second Blaster-like worm that could target the new security flaw.

Businesses have barely had a chance to catch their breaths following the frantic Blaster-related patching of security vulnerabilities in their Windows desktops and servers--not to mention fending off worm attacks. Now they're prepping to patch those very same systems again to prevent a similar Microsoft vulnerability and the high likelihood of a second Blaster-like worm that could target the new vulnerabilities Microsoft disclosed on Wednesday.

"We're going to have to patch again, we don't have any choice on this," says Gene Fredriksen, VP of information security at Raymond James & Associates. He's readying his "patch swat team" to get the job done as quickly as possible.

The flaws Microsoft unveiled in Security Bulletin MS03-039 are remarkably similar to the security problems addressed by Security Bulletin MS03-026 released in mid-July. Blaster used that vulnerability to infect tens of thousands of unpatched systems in early August.

The three serious vulnerabilities disclosed Wednesday, in conjunction with a Windows patch, affect Microsoft's RPC DCOM (Remote Procedure Call Distributed Component Object Model) and may be exploited, according to Microsoft, remotely through communication port 135 and others. For more information and links to the patch, see Microsoft's MS03-039 security bulletin.

Microsoft says customers should patch all affected systems immediately. The vulnerabilities affect Windows NT 4 Workstation, Windows NT Server 4.0, NT Server 4.0 Terminal Server Edition, Windows 2000, Windows XP, and Windows Server 2003.

Dan Ingevaldson, team lead with the security research group X-Force at Internet Security Systems Inc. says an active exploit--software that makes it easier to attack a security hole--is already available on the Internet and could be used to launch denial-of-service attacks against at-risk systems. Ingevaldson also warns that a virus or worm for attacking vulnerable systems could be created easily. "I would say that there is a high probability that we will see a new worm as a result of this vulnerability," says Ingevaldson. But he adds that since many companies have closed port 135 (a port Blaster used to infect systems) the worm may have a hard time spreading. "I hope that there is some residual protection out there as a result of companies protecting themselves from Blaster. That may be the only potential good news right now."

"We want to get the word out that people need to patch this one," says Jeff Jones, Microsoft's senior director for trustworthy computing security. Outside researchers and Microsoft's own internal reviews discovered the new flaws after the Blaster infection, he said.

"The pressure is on us now," Fredriksen says.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll