Home > Security News > ASN.1 exploit code circulating; universal shellcode only a matter of time
Security News:
EMAIL THIS LICENSING & REPRINTS

ASN.1 exploit code circulating; universal shellcode only a matter of time

By Shawna McAlearney, News Writer
16 Feb 2004 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Exploit code targeting at least one component of the Microsoft Windows ASN.1 flaw is circulating. Experts recommend applying the patch before it's too late.

"This exploit appears to work only against Windows 2000 Professional," said Marc Sachs, director of the SANS Internet Storm Center. "Windows XP is built from the same code base, and it may very well work against that as well."

Users should bear in mind that it wasn't long after the first exploit code for RPC-DCOM appeared that a universal shellcode for almost all Windows platforms came out, according to an advisory on the SANS Web site.

"This is the same [type of] prediction," Sachs said. "It's easy to build a worm around."

Microsoft last week released a patch for the pervasive flaw that can be used on all supported Windows operating systems.

The software giant was alerted to the vulnerability six months ago. Microsoft says it took quite a while to get the patch through its quality assurance process because the company had to make sure the fix wouldn't break other applications.

The denial-of-service exploit surfaced Saturday. It uses port 445, 139 and 135, which are open file shares. According to SANS, the exploit kills lsass.exe, fires an error message to the screen, and reboots the affected machine after about one minute. While this is just a DOS exploit, more serious exploits may follow.

"The widespread distribution of this new exploit code has significantly increased the threat level for ASN.1 possible attacks," said Ken Dunham, director of malicious code at Reston, Va.-based iDefense Inc., in a statement. "This new exploit code serves as a template for attackers who want to gain remote access to vulnerable computers, infect them with Trojans, or create a bot or worm."

Sachs said that normal firewall practices should protect systems from attacks coming from the Internet that use this particular exploit. Experts recommend applying the patch immediately.

On the brighter side, Sachs said, the release of Microsoft source code late last week may divert some interest from the ASN.1 flaw.

"If ASN.1 was the only thing on the plate, it would get more focus," Sachs said. "This divides the Microsoft bug-hunting force."



Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts