News
News
10/11/2005
01:55 PM
Connect Directly
RSS
E-Mail
50%
50%

Windows 2000 Bug Could Mean Repeat Of Zotob

One of the nine bulletins Microsoft released Tuesday morning patches a vulnerability that could end up producing a very destructive worm.

One of the nine bulletins Microsoft released Tuesday morning patches a vulnerability that could end up producing a worm equal to August's Zotob, or even the earlier, and far more destructive Sasser or MSBlast, said a researcher from the security firm that discovered the bug.

"This one should be considered critical, and remotely wormable," said Marc Maiffret, the chief hacking officer at eEye Digital Security, the security company credited with the discovery.

"It's very similar to the vulnerabilities that ended up exploited by the Sasser worm or the MSBlast worm, or the Plug and Play vulnerability that led to Zotob. It's the same type of thing," said Maiffret.

The vulnerability, one of four in Microsoft's MSo5-051 bulletin, can be exploited without any user interaction, is contained within a Windows 2000 service that's enabled by default, and according to Maiffret, is "not technically challenging" to exploit.

August 2005's Zotob worm, which brought down some enterprise networks, also used a vulnerability in an enabled-by-default service in Windows 2000 to wreak havoc.

The bug is in the Microsoft Distributed Transaction Coordinator (MSDTC), a distributed transaction facility for Microsoft Windows, used by developers for such processes as updating data that resides in two more applications.

Microsoft was concerned enough about the bug to rate it "Critical," the highest warning ranking in its four-step scale, and to recommend "that Windows 2000 customer apply the update immediately."

Maiffret said that eEye had submitted several other bugs to Microsoft which were patched Tuesday. Unlike most security researchers, however, eEye tracks the time that's passed since it notified Microsoft, and posts the number of days for each vulnerability it uncovers.

The longest-running Microsoft bug, which was submitted to the Redmond, Wash.-based giant 196 days ago, was not included in the fixes offered up Tuesday. The flaw found in Windows 2000's MSDTC was first filed and acknowledged by Microsoft 95 days ago, on July 8.

"We have a good working relationship with Microsoft," said Maiffret. "We may disagree on a lot of things, especially how long it takes them to come up with a patch, but we agree on the most important thing, which is keeping customers protected."

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.