Article

Exploit code lurks following new Windows patches

Joan Goodchild, News Writer

Just a day after Microsoft released multiple security patches, rumors were already swirling about an exploit code for one of the flaws.

    Requires Free Membership to View

For more information

This article originally appeared on our sister site, SearchWin2000.com.
The code targets one of nine problems that Microsoft addressed in its patch release this month. Vulnerabilities with Microsoft Distributed Transaction Coordinator (MSDTC) service and COM+ service is one of three patches deemed critical by the company.

Microsoft said the security issue in MSDTC could allow remote control and privilege escalation by attackers on several operating systems, including Windows XP with SP1 and SP2 and several versions of Windows Server including Windows 2000 Server with SP 4 and Windows Server 2003. By Wednesday, the SANS Institute Web site, which is a popular site for users to swap information, had posted a warning about the rumored code.

"The impact of this vulnerability is similar to the plug-and-play vulnerability exploited by Zotob," said Neel Mehta, the lead researcher with Internet Security System Inc.'s X-force team in Atlanta.

Just days after Microsoft released several critical patches last August, several bot worms began attacking unpatched systems using an exploit code. Mehta said users are not anxious for a repeat. "Most of the users I'm talking to are taking this seriously," he said.

Despite the exploit rumors, administrators were not alarmed. Robert Hawkins, who installs security patches for Landata Systems Inc., in Houston, said he had already applied all of the patches, but said it can take up to seven days for the fix to be effective.

Hawkins was confident his patch for the MSDTC problem would be working by Friday and was not concerned about getting hit by a worm in the meantime. "We've never been bitten before," he said.

Gary Boy, IT manager for Installed Building Products, Columbus, Ohio, echoed Hawkins opinion about the dangers of exploit codes. Boy had not yet addressed the latest fixes and said it was not a high priority. "We get to patches when we get to them," Boy said.

Boy did acknowledge that Microsoft's patch release in August was given immediate attention. "We got a heads up that it was going to be pretty nasty," he said. "We pushed that one out immediately. "

Mehta said that hackers don't yet have their hands on the exploit code but he expected it would become public within a few days. He said currently only customers using Immunity Inc's Canvas software had access to the code.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: