Microsoft: DoS Bug Affects Most Windows Versions - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
05:40 PM

Microsoft: DoS Bug Affects Most Windows Versions

The bug might be used by an attacker to take over a target PC, says Symantec, although Microsoft disagrees.

A bug in Windows that went public last week may be worse than originally thought, Microsoft confirmed Saturday in a weekend advisory. One security analyst fears that the vulnerability -- which for now looks limited to a denial-of-service attack -- may soon be found to cause more severe problems for Windows users.

According to the Security Advisory posted Saturday, the bug in Windows Remote Desktop Service affects not just Windows XP SP2, as originally thought, but all the supported editions of Windows, including Windows 2000, Windows XP SP1, Windows XP Professional x64, Windows Server 2003, Windows Server 2003 SP1, and Windows Server x64.

Since May, Microsoft has had the advisory service in place to warn users of confirmed vulnerabilities before a patch is available, and if possible, provide advice on how to contain or prevent an exploit.

Microsoft downplayed the danger posed by the flaw.

"Our initial investigation has revealed that a denial of service vulnerability exists that could allow an attacker to send a specially crafted Remote Desktop Protocol (RDP) request to an affected system," said the alert. "Our investigation has determined that this is limited to a denial of service, and therefore an attacker could not use this vulnerability to take complete control of a system."

Alfred Huger, the vice president of engineering for Symantecs security response team, isn't so sure.

"It's not yet clear if this has a buffer overflow potential," said Huger. Oftentimes, a denial-of-service (DoS) vulnerability that lets an attack crash a system can be finessed into causing a buffer overflow, the typical method that hackers use to gain complete control over a PC and load their own malicious code onto the box.

"If I had to guess," said Huger, "I'd guess that that's how it will turn out."

In the advisory, Microsoft repeated that Remote Desktop Service is disabled by default in all versions of Windows except Windows Media Center, which is based on Windows XP.

"But it's enabled on a lot of corporate computers," countered Huger, "so IT staffs can access machines remotely to fix problems. Some of the more aggressive ISPs also enable it with their help software."

While Microsoft said that the bug was significant enough to justify an update to Windows, it stopped short of promising a patch before the next scheduled round of August 9.

In the meantime, it recommended that users disable Remote Desktop and/or block port 3389 at the firewall. That port is the one used by Remote Desktop.

Not coincidentally, SANS' Internet Storm Center detected several spikes in scanning for post 3389 starting July 6, with an even larger number of systems scanned on July 13. Hackers may be looking for vulnerable machines, said the Storm Center.

Microsoft, however, continues to say that no exploit has been seen in public spaces, although the original discoverer of the vulnerability claims to have a working exploit.

"It's a kernel vulnerability," said Huger, "so it will be difficult to exploit reliably. But he [the original discoverer] found the vulnerability with a commonly-used tool, so if he can find it, so can others.

"I dont think it will turn it into a large-scale worm, but then, some kernel vulnerabilities have ended up as just that, like the Witty worm."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Augmented Analytics Drives Next Wave of AI, Machine Learning, BI
Jessica Davis, Senior Editor, Enterprise Apps,  3/19/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll