Hackers Already Exploiting Microsoft Vulnerabilities - InformationWeek
06:16 PM

Hackers Already Exploiting Microsoft Vulnerabilities

Security experts say the exploits that have surfaced so far aren't ready to use as a platform for a worm--but that could change quickly.

Hackers are beginning to successfully develop software that can be used to attack systems vulnerable to security holes Microsoft disclosed last week.

Less than 24 hours after Microsoft published its monthly roundup of security patches on Nov. 11, exploit code, a small app that can be used to attack a software vulnerability, began to surface on security mailing lists.

It began when exploit code that works against the "Windows Workstation Service" flaw revealed in Security Bulletin MS03-049 was posted to the Bugtraq mailing list. And during this past weekend more samples of exploit code were posted to various security mailing lists.

The flaw being targeted is the buffer-overflow vulnerability within the Windows Workstation Service; according to Microsoft's MS03-049 advisory, a remote attacker could gain complete control of an unpatched system.

On Nov. 11, the CERT Coordination Center, based out of the Software Engineering Institute at Carnegie Mellon University, issued an advisory that warns that worms aimed at this vulnerability are a possibility.

Dan Ingevaldson, director of X-Force, which conducts Internet security research at Internet Security Systems Inc., says the exploits that have surfaced so far are bug-ridden and not ready for someone to use as the platform for a worm.

That could change quickly. "One of the exploit writers put comments inside their code asking more help and how they could make the exploit more effective," he says.

It's common, security experts say, for software exploits to be tweaked and improved by hackers and security researchers over days and weeks until they're perfected. Ingevaldson is confident a new worm will surface soon. "While it's easy to predict that exploit code will appear in a matter of days and that it will be quickly improved, the actual release date of a worm is tough to predict," he says.

The release of the Blaster and Nachi worms followed the same pattern of vulnerability, quickly improved exploit code, and finally the actual worms, Ingevaldson says.

If a worm does hit, Windows 2000 users won't be hit as hard as users of Windows XP, he says, because Windows 2000 isn't exploitable by an anonymous or "null session" so any attacks, whether by a hacker or a worm, could come only from systems with the proper access rights.

Microsoft is urging customers to patch the vulnerabilities revealed in the Nov. 11 security bulletins. More information is available on its site.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll