Exploit code lurks following new Windows patches

Windows IT managers work to apply critical fixes before exploit code that may have Zotob-like effects can harm vulnerable systems.

This Content Component encountered an error

Just a day after Microsoft released multiple security patches, rumors were already swirling about an exploit code for one of the flaws.

For more information

This article originally appeared on our sister site, SearchWin2000.com.
The code targets one of nine problems that Microsoft addressed in its patch release this month. Vulnerabilities with Microsoft Distributed Transaction Coordinator (MSDTC) service and COM+ service is one of three patches deemed critical by the company.

Microsoft said the security issue in MSDTC could allow remote control and privilege escalation by attackers on several operating systems, including Windows XP with SP1 and SP2 and several versions of Windows Server including Windows 2000 Server with SP 4 and Windows Server 2003. By Wednesday, the SANS Institute Web site, which is a popular site for users to swap information, had posted a warning about the rumored code.

"The impact of this vulnerability is similar to the plug-and-play vulnerability exploited by Zotob," said Neel Mehta, the lead researcher with Internet Security System Inc.'s X-force team in Atlanta.

Just days after Microsoft released several critical patches last August, several bot worms began attacking unpatched systems using an exploit code. Mehta said users are not anxious for a repeat. "Most of the users I'm talking to are taking this seriously," he said.

Despite the exploit rumors, administrators were not alarmed. Robert Hawkins, who installs security patches for Landata Systems Inc., in Houston, said he had already applied all of the patches, but said it can take up to seven days for the fix to be effective.

Hawkins was confident his patch for the MSDTC problem would be working by Friday and was not concerned about getting hit by a worm in the meantime. "We've never been bitten before," he said.

Gary Boy, IT manager for Installed Building Products, Columbus, Ohio, echoed Hawkins opinion about the dangers of exploit codes. Boy had not yet addressed the latest fixes and said it was not a high priority. "We get to patches when we get to them," Boy said.

Boy did acknowledge that Microsoft's patch release in August was given immediate attention. "We got a heads up that it was going to be pretty nasty," he said. "We pushed that one out immediately. "

Mehta said that hackers don't yet have their hands on the exploit code but he expected it would become public within a few days. He said currently only customers using Immunity Inc's Canvas software had access to the code.

Dig deeper on Security patch management and Windows Patch Tuesday news

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close