Exploit code has been published that could take advantage of flaws in Windows XP SP1 and Windows 2000 SP4, according to a warning issued Thursday by Microsoft.
Although the exploit code could be used to launch a denial-of-service attack in machines running XP SP1 and Windows 2000 with all service pack versions, the threat is only moderately severe, said Steve Manzuik, a product manager at security research company eEye Digital Security.
"On a scale of 10, it would be about a 4 or 5 on severity," said Manzuik. "All it will do is crash some machines and not crash others."
The exploit code could allow an attacker to launch a remote denial-of-service attack on Windows 2000 machines using all service pack versions, but would require a user authentication on Windows XP SP1 computers, Manzuik said.
The exploit poses only a moderate risk because it requires a user to log on for Windows XP, and in the case of Windows 2000, the attacker would have to get remote access to the Remote Procedure Call (RPC) port. That port is often behind a firewall, making it difficult to penetrate remotely, Manzuik noted.
Microsoft has yet to develop a security patch for this exploit, but it recommended that users enable their firewalls and download security updates, according to its security advisory.
"While working on an exploit for MS05-047, I came across a condition where a specially crafted request to upnp-getdevicelist would cause services.exe to consume memory to a point where the target machines virtual memory gets exhausted. This exploit is not similar to the MS05-047 exploit I published earlier," Thomas noted in his posting.
The October patch did not lead to the vulnerability in Windows, a Microsoft representative said, adding that Microsoft encourages people to "apply the MS05-047 update and all recent security updates released by Microsoft."
Microsoft, however, reiterated its concerns over security researchers who publish details on how to exploit vulnerabilities before the software vendor has had time to create a patch.
"Microsoft is concerned that this new report of a vulnerability in Windows 2000 SP4 and Windows XP SP1 was not disclosed responsibly, potentially putting computer users at risk," the company said. "We continue to encourage responsible disclosure of vulnerabilities."
Some security researchers, however, note that Microsoft has been known to take at least 200 days or more to issue a security patch, once the company has been notified of a problem.
Quote: "Microsoft has yet to develop a security patch for this exploit, but it recommended that users enable their firewalls and download security updates, according to its security advisory."
When the linux software (ie not kernel) flaws were discovered everyone was quick to say how secure windows was in comparison. Those flaws had patches available. Here, on the other hand, no patch is available.
Although I'm by no means a Windowz zealot, this isn't anything to get all worked up over. The article mentioned the conditions an attacker would have to overcome in order to exploit this vulnerability.
I only use Win2K for my machines at home, and I have everything sitting behind a cable modem router with firewall. In addition, I have the RPC service disabled. (In fact, disabling the RPC service probably explains why I've never had a virus on my machine.)
Alas, SONY BMG's illicit DRM and it's uncloaking update pack, represent a far bigger threat. with over 568,000 windoze computers currently infected worldwide, with viruii and trojans targeting online game cheats using cloaking ware to hide cheat programs, end users with still cloaked files, and finally user who used the decloak/DRM reinstaller package supplied courtesy of F4i. Oh well, live and learn!
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
"Microsoft has yet to develop a security patch for this exploit, but it recommended that users enable their firewalls and download security updates, according to its security advisory."
When the linux software (ie not kernel) flaws were discovered everyone was quick to say how secure windows was in comparison. Those flaws had patches available. Here, on the other hand, no patch is available.
Nice.
I only use Win2K for my machines at home, and I have everything sitting behind a cable modem router with firewall. In addition, I have the RPC service disabled. (In fact, disabling the RPC service probably explains why I've never had a virus on my machine.)