Exploit code lurks following new Windows patches

By Joan Goodchild, News Writer 14 Oct 2005 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Just a day after Microsoft released multiple security patches, rumors were already swirling about an exploit code for one of the flaws.

For more information This article originally appeared on our sister site, SearchWin2000.com.

The code targets one of nine problems that Microsoft addressed in its patch release this month. Vulnerabilities with Microsoft Distributed Transaction Coordinator (MSDTC) service and COM+ service is one of three patches deemed critical by the company.

Microsoft said the security issue in MSDTC could allow remote control and privilege escalation by attackers on several operating systems, including Windows XP with SP1 and SP2 and several versions of Windows Server including Windows 2000 Server with SP 4 and Windows Server 2003. By Wednesday, the SANS Institute Web site, which is a popular site for users to swap information, had posted a warning about the rumored code.

"The impact of this vulnerability is similar to the plug-and-play vulnerability exploited by Zotob," said Neel Mehta, the lead researcher with Internet Security System Inc.'s X-force team in Atlanta.

Just days after Microsoft released several critical patches last August, several bot worms began attacking unpatched systems using an exploit code. Mehta said users are not anxious for a repeat. "Most of the users I'm talking to are taking this seriously," he said.

Despite the exploit rumors, administrators were not alarmed. Robert Hawkins, who installs security patches for Landata Systems Inc., in Houston, said he had already applied all of the patches, but said it can take up to seven days for the fix to be effective.

Hawkins was confident his patch for the MSDTC problem would be working by Friday and was not concerned about getting hit by a worm in the meantime. "We've never been bitten before," he said.

Gary Boy, IT manager for Installed Building Products, Columbus, Ohio, echoed Hawkins opinion about the dangers of exploit codes. Boy had not yet addressed the latest fixes and said it was not a high priority. "We get to patches when we get to them," Boy said.

Boy did acknowledge that Microsoft's patch release in August was given immediate attention. "We got a heads up that it was going to be pretty nasty," he said. "We pushed that one out immediately. "

Mehta said that hackers don't yet have their hands on the exploit code but he expected it would become public within a few days. He said currently only customers using Immunity Inc's Canvas software had access to the code.

Tags: Security Patch Management,  Software Development Methodology,  Vulnerability Risk Assessment,  Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw Firefox update addresses several security flaws Software Development Methodology nCircle statistics show rising Web application vulnerabilities Common PCI questions: Web application firewalls or source code review? Juniper pulls ATM hacking presentation from Black Hat V.i Labs integrates Google maps to track software piracy Software Piracy pandemic needs government role, better vendor antipiracy plans Software piracy losses total $53 billion, study finds Google study backs browser silent auto update feature Secure software development starts before coding begins Security budget issues to resonate at RSA Conference Twitter worm attack highlights social network flaws Vulnerability Risk Assessment Are Web application penetration tests still important? McAfee to acquire Solidcore Systems for whitelisting The Pipe Dream of No More Free Bugs Vulnerability test methods for application security assessments Free HP SWFScan tool detects Adobe Flash flaws PCI QSA assurance program penalizes assessors Information security book excerpts and reviews New York drafts language demanding secure code Security experts identify 25 dangerous coding errors Microsoft Windows XML flaw exploits test desktop antimalware Vulnerability Risk Assessment Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary