Hackers Already Exploiting Microsoft Vulnerabilities - InformationWeek

Hackers Already Exploiting Microsoft Vulnerabilities

Security experts say the exploits that have surfaced so far aren't ready to use as a platform for a worm--but that could change quickly.

Hackers are beginning to successfully develop software that can be used to attack systems vulnerable to security holes Microsoft disclosed last week.

Less than 24 hours after Microsoft published its monthly roundup of security patches on Nov. 11, exploit code, a small app that can be used to attack a software vulnerability, began to surface on security mailing lists.

It began when exploit code that works against the "Windows Workstation Service" flaw revealed in Security Bulletin MS03-049 was posted to the Bugtraq mailing list. And during this past weekend more samples of exploit code were posted to various security mailing lists.

The flaw being targeted is the buffer-overflow vulnerability within the Windows Workstation Service; according to Microsoft's MS03-049 advisory, a remote attacker could gain complete control of an unpatched system.

On Nov. 11, the CERT Coordination Center, based out of the Software Engineering Institute at Carnegie Mellon University, issued an advisory that warns that worms aimed at this vulnerability are a possibility.

Dan Ingevaldson, director of X-Force, which conducts Internet security research at Internet Security Systems Inc., says the exploits that have surfaced so far are bug-ridden and not ready for someone to use as the platform for a worm.

That could change quickly. "One of the exploit writers put comments inside their code asking more help and how they could make the exploit more effective," he says.

It's common, security experts say, for software exploits to be tweaked and improved by hackers and security researchers over days and weeks until they're perfected. Ingevaldson is confident a new worm will surface soon. "While it's easy to predict that exploit code will appear in a matter of days and that it will be quickly improved, the actual release date of a worm is tough to predict," he says.

The release of the Blaster and Nachi worms followed the same pattern of vulnerability, quickly improved exploit code, and finally the actual worms, Ingevaldson says.

If a worm does hit, Windows 2000 users won't be hit as hard as users of Windows XP, he says, because Windows 2000 isn't exploitable by an anonymous or "null session" so any attacks, whether by a hacker or a worm, could come only from systems with the proper access rights.

Microsoft is urging customers to patch the vulnerabilities revealed in the Nov. 11 security bulletins. More information is available on its site.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
TaylorMade IT Spin-Off Taps Cloud Database
Jessica Davis, Senior Editor, Enterprise Apps,  2/15/2019
2019: The Year IT Makes a Comeback
Guest Commentary, Guest Commentary,  2/18/2019
Myth or Matter: Is There a DevOps Talent Shortage?
Joao-Pierre S. Ruth, Senior Writer,  2/14/2019
Register for InformationWeek Newsletters
Current Issue
Security and Privacy vs. Innovation: The Great Balancing Act
This InformationWeek IT Trend Report will help you better understand and address the growing challenge of balancing the need for innovation with the real-world threats and regulations.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll