 
|
|
In partnership with:
09 July 2006 Worm attack predicted for Microsoft server service vulnerabilityExperts at security vendors Symantec and ISS have identified a newly announced Microsoft vulnerability as a sweet spot for malcode authors. The US CERT has also confirmed that it has received reports that the vulnerability — Microsoft Server Service (MS06-040) — is being exploited. Symantec Security Response rates the server service vulnerability to be the most critical of the dozen security bulletins issued by Microsoft on 9 August. It is a buffer overflow vulnerability in the ‘Server’ service, and could be exploited by remote anonymous users. The vulnerability can be exploited via an RPC message over TCP ports 139 and 445. Symantec rates the possibility for a widespread worm leveraging this vulnerability as ‘high’. All Windows 2000, XP, and Server 2003 systems are affected, and cross operating system exploits are possible. The Microsoft Server Service provides basic Windows networking services such as file and printer sharing. Through the flaw announced by Microsoft today, it is vulnerable to remote code execution. Meanwhile ISS’s X-Force research team predicts that the hole could soon be used by attackers to create an internet worm. ISS advises organisations to place priority on patching the Microsoft Server Service,” said Gunter Ollmann, director of ISS X-Force. “Because the service runs by default on Windows machines, and a successful compromise of an affected version leaves the attacker in complete control of the targeted host, this type of vulnerability is traditionally a common vector for worm exploitation.” Christopher Budd, a security program manager with Microsoft's security response centre confirmed, in a press report that the attack code for this flaw has been used in "one or two" attacks, and it could possibly be exploited in a widespread way. Links Microsoft http://www.microsoft.com/technet/security/Bulletin/MS06-040.mspx US-CERT http://www.us-cert.gov/cas/techalerts/TA06-220A.html
|
|