Hackers Already Exploiting Microsoft Vulnerabilities - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Hackers Already Exploiting Microsoft Vulnerabilities

Security experts say the exploits that have surfaced so far aren't ready to use as a platform for a worm--but that could change quickly.

Hackers are beginning to successfully develop software that can be used to attack systems vulnerable to security holes Microsoft disclosed last week.

Less than 24 hours after Microsoft published its monthly roundup of security patches on Nov. 11, exploit code, a small app that can be used to attack a software vulnerability, began to surface on security mailing lists.

It began when exploit code that works against the "Windows Workstation Service" flaw revealed in Security Bulletin MS03-049 was posted to the Bugtraq mailing list. And during this past weekend more samples of exploit code were posted to various security mailing lists.

The flaw being targeted is the buffer-overflow vulnerability within the Windows Workstation Service; according to Microsoft's MS03-049 advisory, a remote attacker could gain complete control of an unpatched system.

On Nov. 11, the CERT Coordination Center, based out of the Software Engineering Institute at Carnegie Mellon University, issued an advisory that warns that worms aimed at this vulnerability are a possibility.

Dan Ingevaldson, director of X-Force, which conducts Internet security research at Internet Security Systems Inc., says the exploits that have surfaced so far are bug-ridden and not ready for someone to use as the platform for a worm.

That could change quickly. "One of the exploit writers put comments inside their code asking more help and how they could make the exploit more effective," he says.

It's common, security experts say, for software exploits to be tweaked and improved by hackers and security researchers over days and weeks until they're perfected. Ingevaldson is confident a new worm will surface soon. "While it's easy to predict that exploit code will appear in a matter of days and that it will be quickly improved, the actual release date of a worm is tough to predict," he says.

The release of the Blaster and Nachi worms followed the same pattern of vulnerability, quickly improved exploit code, and finally the actual worms, Ingevaldson says.

If a worm does hit, Windows 2000 users won't be hit as hard as users of Windows XP, he says, because Windows 2000 isn't exploitable by an anonymous or "null session" so any attacks, whether by a hacker or a worm, could come only from systems with the proper access rights.

Microsoft is urging customers to patch the vulnerabilities revealed in the Nov. 11 security bulletins. More information is available on its site.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
8 AI Trends in Today's Big Enterprise
Jessica Davis, Senior Editor, Enterprise Apps,  9/11/2019
IT Careers: 10 Places to Look for Great Developers
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/4/2019
Cloud 2.0: A New Era for Public Cloud
Crystal Bedell, Technology Writer,  9/1/2019
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll