Windows 2000 Bug Could Mean Repeat Of Zotob - InformationWeek
01:55 PM

Windows 2000 Bug Could Mean Repeat Of Zotob

One of the nine bulletins Microsoft released Tuesday morning patches a vulnerability that could end up producing a very destructive worm.

One of the nine bulletins Microsoft released Tuesday morning patches a vulnerability that could end up producing a worm equal to August's Zotob, or even the earlier, and far more destructive Sasser or MSBlast, said a researcher from the security firm that discovered the bug.

"This one should be considered critical, and remotely wormable," said Marc Maiffret, the chief hacking officer at eEye Digital Security, the security company credited with the discovery.

"It's very similar to the vulnerabilities that ended up exploited by the Sasser worm or the MSBlast worm, or the Plug and Play vulnerability that led to Zotob. It's the same type of thing," said Maiffret.

The vulnerability, one of four in Microsoft's MSo5-051 bulletin, can be exploited without any user interaction, is contained within a Windows 2000 service that's enabled by default, and according to Maiffret, is "not technically challenging" to exploit.

August 2005's Zotob worm, which brought down some enterprise networks, also used a vulnerability in an enabled-by-default service in Windows 2000 to wreak havoc.

The bug is in the Microsoft Distributed Transaction Coordinator (MSDTC), a distributed transaction facility for Microsoft Windows, used by developers for such processes as updating data that resides in two more applications.

Microsoft was concerned enough about the bug to rate it "Critical," the highest warning ranking in its four-step scale, and to recommend "that Windows 2000 customer apply the update immediately."

Maiffret said that eEye had submitted several other bugs to Microsoft which were patched Tuesday. Unlike most security researchers, however, eEye tracks the time that's passed since it notified Microsoft, and posts the number of days for each vulnerability it uncovers.

The longest-running Microsoft bug, which was submitted to the Redmond, Wash.-based giant 196 days ago, was not included in the fixes offered up Tuesday. The flaw found in Windows 2000's MSDTC was first filed and acknowledged by Microsoft 95 days ago, on July 8.

"We have a good working relationship with Microsoft," said Maiffret. "We may disagree on a lot of things, especially how long it takes them to come up with a patch, but we agree on the most important thing, which is keeping customers protected."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll