September 10, 2003 5:16 PM PDT

New Windows virus may hit soon

Related Stories

Windows flaws allow PC takeover

September 10, 2003

MSBlast echoes across the Net

August 15, 2003
It?s going to be another patch race.


Reader Resources
Patch wizard
Apply the patch now

A virus or worm that exploits newly revealed vulnerabilities in the current versions of Windows could emerge fairly soon, security experts say, in part because the vulnerabilities are very similar to the flaws exploited by the MSBlast worm.

?This is essentially the same type of vulnerability,? said Alfred Huger, senior director of engineering at Symantec Security Response. ?We?re likely to see them (new viruses) in the near future.?

Code that exploits the vulnerability is already being exchanged among researchers, he said. A new virus could come out in the next few days, he added, if not sooner.

Robin Matlock, vice president of marketing at Network Associates, speculated that an exploit might take a few weeks. Still, ?the gap between vulnerabilities and exploits is shrinking dramatically,? she said.

Microsoft has already issued a patch and a scanning tool that ensures that systems are patched. The company and a host of security companies are urging businesses and consumers to apply the new software as soon as possible.

Both the patch and new scanning tool are necessary, according to Microsoft. If people download the new patch but have the old scanning tool, that tool will state that the PC has not been repaired, a Microsoft representative said.

A damaging outbreak could well hinge on how quickly people and institutions move to inoculate their PCs against potential attacks. Often, businesses and consumers can be slow to patch systems. A patch for the vulnerability that the MSBlast worm, also known as Blaster, exploited was available for three weeks before the first virus hit. Some businesses and several consumers had not applied the patch by then.


News.commentary
Patch priorities
Patching security vulnerabilities
is a major headache. Forrester
offers guidelines for tackling
this ever more important job.


Keeping up with viruses is also a difficult, time-consuming job. ?It is just impossible,? said Matlock. Symantec President John Schwarz testified on Wednesday in front of a congressional subcommittee on technology that approximately 450 new viruses are reported every month. On the other hand, the recent round of virus attacks is fresh in people?s minds, which may prompt them to act fast. The new vulnerability affects Windows NT 4.0, Windows 2000, Windows Server 2003 and Windows XP, including the 64-bit versions of Windows XP.

?The advantage we have here is that Blaster came out just a little while ago,? Huger said.

There are three new vulnerabilities. Two allow hackers to launch a buffer overflow attack. With a buffer overflow, hackers can take control of a computer and implant unwanted programs.

The third is a denial-of-service flaw that affects a component known as the remote procedure call (RPC) process. The RPC process facilitates activities such as sharing files and allowing others to use a computer's printer. By sending too much data to the RPC process, an attacker can cause the system to grant full access to its resources.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.