Companies are prepping to re-patch Windows systems to prevent a Microsoft vulnerability and the high likelihood of a second Blaster-like worm that could target the new security flaw.
Businesses have barely had a chance to catch their breaths following the frantic Blaster-related patching of security vulnerabilities in their Windows desktops and servers--not to mention fending off worm attacks. Now they're prepping to patch those very same systems again to prevent a similar Microsoft vulnerability and the high likelihood of a second Blaster-like worm that could target the new vulnerabilities Microsoft disclosed on Wednesday.
"We're going to have to patch again, we don't have any choice on this," says Gene Fredriksen, VP of information security at Raymond James & Associates. He's readying his "patch swat team" to get the job done as quickly as possible.
The flaws Microsoft unveiled in Security Bulletin MS03-039 are remarkably similar to the security problems addressed by Security Bulletin MS03-026 released in mid-July. Blaster used that vulnerability to infect tens of thousands of unpatched systems in early August.
The three serious vulnerabilities disclosed Wednesday, in conjunction with a Windows patch, affect Microsoft's RPC DCOM (Remote Procedure Call Distributed Component Object Model) and may be exploited, according to Microsoft, remotely through communication port 135 and others. For more information and links to the patch, see Microsoft's MS03-039 security bulletin.
Microsoft says customers should patch all affected systems immediately. The vulnerabilities affect Windows NT 4 Workstation, Windows NT Server 4.0, NT Server 4.0 Terminal Server Edition, Windows 2000, Windows XP, and Windows Server 2003.
Dan Ingevaldson, team lead with the security research group X-Force at Internet Security Systems Inc. says an active exploit--software that makes it easier to attack a security hole--is already available on the Internet and could be used to launch denial-of-service attacks against at-risk systems. Ingevaldson also warns that a virus or worm for attacking vulnerable systems could be created easily. "I would say that there is a high probability that we will see a new worm as a result of this vulnerability," says Ingevaldson. But he adds that since many companies have closed port 135 (a port Blaster used to infect systems) the worm may have a hard time spreading. "I hope that there is some residual protection out there as a result of companies protecting themselves from Blaster. That may be the only potential good news right now."
"We want to get the word out that people need to patch this one," says Jeff Jones, Microsoft's senior director for trustworthy computing security. Outside researchers and Microsoft's own internal reviews discovered the new flaws after the Blaster infection, he said.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.