Computer code has already been written to take advantage of Windows flaws that were disclosed Tuesday, a sign that a worm attack could be near.
Exploit code exists for four of the 14 vulnerabilities for which Microsoft provided fixes this week, experts said Thursday. One of the exploits was written for a flaw which Microsoft tagged as "critical." The bug lies in a Windows component for transaction processing called the Microsoft Distributed Transaction Coordinator, or MSDTC.
"When we start to see exploits surfacing, we know there will shortly be malicious code," said Alfred Huger, a senior director at Symantec Security Response. "We expect at least the MSDTC vulnerability to be used in a worm in the short term."
After Microsoft released vulnerability information, the exploit code was written within 24 hours, noticeably quicker than the average time it takes for an exploit to appear, Huger said. "Over the last two years on average it has been between four and 5.8 days for an exploit to come out after a vulnerability was released," he said.
When Microsoft released its patches on Tuesday, experts had already warned that the MSDTC flaw could spawn an attack similar to the Zotob worm that wreaked havoc two months ago. Microsoft urged users of older operating systems, specifically Windows 2000 and Windows XP before Service Pack 2, to prioritize the update that fixes the flaw, which is addressed in security bulletin MS05-051.
The MSDTC exploit isn't publicly available, but experts predict a public exploit is not far off. The code was created by security vendor Immunity for users of its penetration testing product. Immunity also crafted exploits for a flaw that involves plug-and-play in Windows (MS05-047) and a bug in a component that supports Novell NetWare networks (MS05-046).
Furthermore, code that exploits a flaw in Microsoft's Windows FTP client (MS05-045) is available publicly on the Internet, said Michael Sutton, director at security intelligence company iDefense, a part of VeriSign.
"Patching is very urgent," Sutton said. "We expect public exploit code to become available, especially for the MSDTC issue."
Microsoft is aware of Immunity's exploit code, but has not seen any attacks that use the code, a company representative said. "Microsoft is actively monitoring this situation," the representative said in an e-mailed statement.
Symantec's Huger predicts a worm exploiting the MSDTC flaw will surface in the next several days. It is unknown how hard the worm will hit. "There are so many variables involved with that, it is tough to say," he said.
I hope this worm hits hard, more specificly, hits Microsoft hard. When there are coders out there that write exploits.. what do you expect to happen when you publicly announce that you have a vulnerability in a specific part of an OS. Why don't they wise up, say they have a vulnerability, release the patch, but don't say what it is. Make the coders work for the exploit they wish to write. It's just that simple.
Most companies only install patches that they are told are important and that they believe may affect them. If you don't tell what the problem is and stress the severity of it, many companies will simply opt not to install the patch.
Likewise once the patch is released a hacker can compare the original unpatched code to the patched code and figure out exactly how to write an exploit of any patched software that fixes an exploitable problem.
I hope this worm hits hard, more specificly, hits Microsoft hard. When there are coders out there that write exploits.. what do you expect to happen when you publicly announce that you have a vulnerability in a specific part of an OS. Why don't they wise up, say they have a vulnerability, release the patch, but don't say what it is. Make the coders work for the exploit they wish to write. It's just that simple.
Most companies only install patches that they are told are important and that they believe may affect them. If you don't tell what the problem is and stress the severity of it, many companies will simply opt not to install the patch.
Likewise once the patch is released a hacker can compare the original unpatched code to the patched code and figure out exactly how to write an exploit of any patched software that fixes an exploitable problem.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Likewise once the patch is released a hacker can compare the original unpatched code to the patched code and figure out exactly how to write an exploit of any patched software that fixes an exploitable problem.
Likewise once the patch is released a hacker can compare the original unpatched code to the patched code and figure out exactly how to write an exploit of any patched software that fixes an exploitable problem.