01:55 PM

Windows 2000 Bug Could Mean Repeat Of Zotob

One of the nine bulletins Microsoft released Tuesday morning patches a vulnerability that could end up producing a very destructive worm.

One of the nine bulletins Microsoft released Tuesday morning patches a vulnerability that could end up producing a worm equal to August's Zotob, or even the earlier, and far more destructive Sasser or MSBlast, said a researcher from the security firm that discovered the bug.

"This one should be considered critical, and remotely wormable," said Marc Maiffret, the chief hacking officer at eEye Digital Security, the security company credited with the discovery.

"It's very similar to the vulnerabilities that ended up exploited by the Sasser worm or the MSBlast worm, or the Plug and Play vulnerability that led to Zotob. It's the same type of thing," said Maiffret.

The vulnerability, one of four in Microsoft's MSo5-051 bulletin, can be exploited without any user interaction, is contained within a Windows 2000 service that's enabled by default, and according to Maiffret, is "not technically challenging" to exploit.

August 2005's Zotob worm, which brought down some enterprise networks, also used a vulnerability in an enabled-by-default service in Windows 2000 to wreak havoc.

The bug is in the Microsoft Distributed Transaction Coordinator (MSDTC), a distributed transaction facility for Microsoft Windows, used by developers for such processes as updating data that resides in two more applications.

Microsoft was concerned enough about the bug to rate it "Critical," the highest warning ranking in its four-step scale, and to recommend "that Windows 2000 customer apply the update immediately."

Maiffret said that eEye had submitted several other bugs to Microsoft which were patched Tuesday. Unlike most security researchers, however, eEye tracks the time that's passed since it notified Microsoft, and posts the number of days for each vulnerability it uncovers.

The longest-running Microsoft bug, which was submitted to the Redmond, Wash.-based giant 196 days ago, was not included in the fixes offered up Tuesday. The flaw found in Windows 2000's MSDTC was first filed and acknowledged by Microsoft 95 days ago, on July 8.

"We have a good working relationship with Microsoft," said Maiffret. "We may disagree on a lot of things, especially how long it takes them to come up with a patch, but we agree on the most important thing, which is keeping customers protected."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.