Armenian Knowledge Base  

Go Back   Armenian Knowledge Base > Technical sections > Software > Software Security
Register

Reply
 
LinkBack Thread Tools
Old 19.10.2005, 17:27   #1
Moderator
 
acid's Avatar
 
Join Date: 09 2001
Location: South Korea, Gumi
Posts: 7,699
Downloads: 102
Uploads: 34
Blog Entries: 16
Reputation: 561 | 6
Default Exploit code raises Windows worm alarm

Computer code has already been written to take advantage of Windows flaws that were disclosed Tuesday, a sign that a worm attack could be near.

Exploit code exists for four of the 14 vulnerabilities for which Microsoft provided fixes this week, experts said Thursday. One of the exploits was written for a flaw which Microsoft tagged as "critical." The bug lies in a Windows component for transaction processing called the Microsoft Distributed Transaction Coordinator, or MSDTC.

"When we start to see exploits surfacing, we know there will shortly be malicious code," said Alfred Huger, a senior director at Symantec Security Response. "We expect at least the MSDTC vulnerability to be used in a worm in the short term."

After Microsoft released vulnerability information, the exploit code was written within 24 hours, noticeably quicker than the average time it takes for an exploit to appear, Huger said. "Over the last two years on average it has been between four and 5.8 days for an exploit to come out after a vulnerability was released," he said.

When Microsoft released its patches on Tuesday, experts had already warned that the MSDTC flaw could spawn an attack similar to the Zotob worm that wreaked havoc two months ago. Microsoft urged users of older operating systems, specifically Windows 2000 and Windows XP before Service Pack 2, to prioritize the update that fixes the flaw, which is addressed in security bulletin MS05-051.

The MSDTC exploit isn't publicly available, but experts predict a public exploit is not far off. The code was created by security vendor Immunity for users of its penetration testing product. Immunity also crafted exploits for a flaw that involves plug-and-play in Windows (MS05-047) and a bug in a component that supports Novell NetWare networks (MS05-046).

Furthermore, code that exploits a flaw in Microsoft's Windows FTP client (MS05-045) is available publicly on the Internet, said Michael Sutton, director at security intelligence company iDefense, a part of VeriSign.

"Patching is very urgent," Sutton said. "We expect public exploit code to become available, especially for the MSDTC issue."



Microsoft is aware of Immunity's exploit code, but has not seen any attacks that use the code, a company representative said. "Microsoft is actively monitoring this situation," the representative said in an e-mailed statement.

Symantec's Huger predicts a worm exploiting the MSDTC flaw will surface in the next several days. It is unknown how hard the worm will hit. "There are so many variables involved with that, it is tough to say," he said.

http://news.com.com/Exploit+code+raises+Windows+worm+alarm/2100-1002_3-5894971.html?tag=nl
Reply With Quote
Old 19.10.2005, 19:17   #2
Banned
 
Forever Child's Avatar
 
Join Date: 10 2001
Location: ...осень колибри
Age: 37
Posts: 7,487
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Default

будем молиться.
Reply With Quote
Old 19.10.2005, 19:25   #3
Banned
 
Forever Child's Avatar
 
Join Date: 10 2001
Location: ...осень колибри
Age: 37
Posts: 7,487
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Default

только что проверил свой antivir (www.free-av.com) на предмет апдейта. кажется они уже среагировали.

Last edited by Forever Child; 11.02.2006 at 22:04.
Reply With Quote
Sponsored Links
Reply

Thread Tools


На правах рекламы:
реклама

All times are GMT. The time now is 10:56.


Powered by vBulletin® Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.