Get Smart about Business Spending
- Related Stories
-
Microsoft plugs Windows worm holes
October 11, 2005 -
Windows worms knocking out computers
August 16, 2005
Exploit code exists for four of the 14 vulnerabilities for which Microsoft provided fixes this week, experts said Thursday. One of the exploits was written for a flaw which Microsoft tagged as "critical." The bug lies in a Windows component for transaction processing called the Microsoft Distributed Transaction Coordinator, or MSDTC.
"When we start to see exploits surfacing, we know there will shortly be malicious code," said Alfred Huger, a senior director at Symantec Security Response. "We expect at least the MSDTC vulnerability to be used in a worm in the short term."
After Microsoft released vulnerability information, the exploit code was written within 24 hours, noticeably quicker than the average time it takes for an exploit to appear, Huger said. "Over the last two years on average it has been between four and 5.8 days for an exploit to come out after a vulnerability was released," he said.
When Microsoft released its patches on Tuesday, experts had already warned that the MSDTC flaw could spawn an attack similar to the Zotob worm that wreaked havoc two months ago. Microsoft urged users of older operating systems, specifically Windows 2000 and Windows XP before Service Pack 2, to prioritize the update that fixes the flaw, which is addressed in security bulletin MS05-051.
The MSDTC exploit isn't publicly available, but experts predict a public exploit is not far off. The code was created by security vendor Immunity for users of its penetration testing product. Immunity also crafted exploits for a flaw that involves plug-and-play in Windows (MS05-047) and a bug in a component that supports Novell NetWare networks (MS05-046).
Furthermore, code that exploits a flaw in Microsoft's Windows FTP client (MS05-045) is available publicly on the Internet, said Michael Sutton, director at security intelligence company iDefense, a part of VeriSign.
"Patching is very urgent," Sutton said. "We expect public exploit code to become available, especially for the MSDTC issue."
Microsoft is aware of Immunity's exploit code, but has not seen any attacks that use the code, a company representative said. "Microsoft is actively monitoring this situation," the representative said in an e-mailed statement.
Symantec's Huger predicts a worm exploiting the MSDTC flaw will surface in the next several days. It is unknown how hard the worm will hit. "There are so many variables involved with that, it is tough to say," he said.
See more CNET content tagged:
exploit, flaw, expert, worm, vulnerability
Likewise once the patch is released a hacker can compare the original unpatched code to the patched code and figure out exactly how to write an exploit of any patched software that fixes an exploitable problem.
- Hope it hits hard
- by October 13, 2005 3:50 PM PDT
- I hope this worm hits hard, more specificly, hits Microsoft hard. When there are coders out there that write exploits.. what do you expect to happen when you publicly announce that you have a vulnerability in a specific part of an OS. Why don't they wise up, say they have a vulnerability, release the patch, but don't say what it is. Make the coders work for the exploit they wish to write. It's just that simple.
- Reply to this comment
-
-
- Unreasonable expectations
- by aabcdefghij987654321 October 14, 2005 6:28 AM PDT
- Most companies only install patches that they are told are important and that they believe may affect them. If you don't tell what the problem is and stress the severity of it, many companies will simply opt not to install the patch.
-
-
(4 Comments)Likewise once the patch is released a hacker can compare the original unpatched code to the patched code and figure out exactly how to write an exploit of any patched software that fixes an exploitable problem.