Exploit code lurks following new Windows patches

By Joan Goodchild, News Writer 14 Oct 2005 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Just a day after Microsoft released multiple security patches, rumors were already swirling about an exploit code for one of the flaws.

For more information This article originally appeared on our sister site, SearchWin2000.com.

The code targets one of nine problems that Microsoft addressed in its patch release this month. Vulnerabilities with Microsoft Distributed Transaction Coordinator (MSDTC) service and COM+ service is one of three patches deemed critical by the company.

Microsoft said the security issue in MSDTC could allow remote control and privilege escalation by attackers on several operating systems, including Windows XP with SP1 and SP2 and several versions of Windows Server including Windows 2000 Server with SP 4 and Windows Server 2003. By Wednesday, the SANS Institute Web site, which is a popular site for users to swap information, had posted a warning about the rumored code.

"The impact of this vulnerability is similar to the plug-and-play vulnerability exploited by Zotob," said Neel Mehta, the lead researcher with Internet Security System Inc.'s X-force team in Atlanta.

Just days after Microsoft released several critical patches last August, several bot worms began attacking unpatched systems using an exploit code. Mehta said users are not anxious for a repeat. "Most of the users I'm talking to are taking this seriously," he said.

Despite the exploit rumors, administrators were not alarmed. Robert Hawkins, who installs security patches for Landata Systems Inc., in Houston, said he had already applied all of the patches, but said it can take up to seven days for the fix to be effective.

Hawkins was confident his patch for the MSDTC problem would be working by Friday and was not concerned about getting hit by a worm in the meantime. "We've never been bitten before," he said.

Gary Boy, IT manager for Installed Building Products, Columbus, Ohio, echoed Hawkins opinion about the dangers of exploit codes. Boy had not yet addressed the latest fixes and said it was not a high priority. "We get to patches when we get to them," Boy said.

Boy did acknowledge that Microsoft's patch release in August was given immediate attention. "We got a heads up that it was going to be pretty nasty," he said. "We pushed that one out immediately. "

Mehta said that hackers don't yet have their hands on the exploit code but he expected it would become public within a few days. He said currently only customers using Immunity Inc's Canvas software had access to the code.

Tags: Security Patch Management,  Software Development Methodology,  Vulnerability Risk Assessment,  Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Microsoft gives Internet Explorer a major security overhaul Information security book excerpts and reviews What patch management metrics does Project Quant use? Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Software Development Methodology Information security book excerpts and reviews Software piracy group offers cash to whistleblowers Quiz: How to build secure applications How to detect software tampering Developers Need Help with Security Errors Does an EULA make it truly illegal to decompile software? SQL injection continues to trouble firms, lead to breaches IBM acquires Ounce Labs for source code analysis Microsoft issues emergency Active Template Library updates Software security threats and employee awareness training Vulnerability Risk Assessment Information security book excerpts and reviews What patch management metrics does Project Quant use? Screencast: How to launch an OpenVAS scan Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat Newest malware threats Are Web application penetration tests still important? PCI compliance requirement 6: Systems and applications Vulnerability Risk Assessment Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary